The Design and Planning phase includes multiple design and planning sessions covering different aspects of the identity landscape, including providing authentication to first- and third-party applications through cloud identities natively, or using the Azure AD Application proxy or third-party providers.
These sessions should bring the delivery organization and customer to agreement on some design decisions on topics that will be consolidated in the Key results, recommendations, and next steps presentation.
The Design and Planning phase includes the following activities:
Azure AD Application Management (SHA and SSO) - Use this activity of the Secure Identities and Access Workshop with the customer to discuss the pain points and danger of having multiple identities across different applications, the relative ease of migrating certain applications based on the report created earlier, and the My Apps portal. You will also cover other options for legacy applications such as Azure AD Application Proxy or third-party solutions integrated with Azure AD to achieve true single sign-on. This is the focus point for this workshop, the remaining design and planning activities must serve to achieve this goal and/or enhance security for application’s access.
Identity Fundamentals – Use this activity of the Secure Identities and Access Workshop to discuss topics such as legacy protocols, AD FS, cloud or hybrid identity, and to define potential changes with the customer.
Self-Service Password Reset (SSPR) – Use this activity of the Secure Identities and Access Workshop to discuss SSPR with the customer, highlighting the cost savings and security increases they can achieve from implementing this service. Gather the design decisions.
Multifactor Authentication (MFA) – Use this activity of the Secure Identities and Access Workshop to work together with the customer to analyze their current identity security and MFA usage to prepare for the next session where you will define the roadmap to potentially implement MFA and Conditional Access. Gather the design decisions.
Conditional Access (CA) - Use this activity of the Secure Identities and Access Workshop to discuss conditional access capabilities with the customer and their willingness to implement this capability, including potential implications for conditions on users, locations, devices, and even risk. Gather the design decisions.
Passwordless (optional) - Use this optional activity of the Secure Identities and Access Workshop to discuss passwordless authentication capabilities with the customer and their willingness to implement this capability. Gather the design decisions.
Endpoint Compliance (optional) - Use this optional activity of the Secure Identities and Access Workshop to discuss how Microsoft Endpoint Manager and Azure AD can help you to protect your applications and resources by only allowing access from trusted and compliant devices.
The Design and Planning phase is delivered in week 3 of the Secure Identities and Access Workshop engagement.
More details about the Design and Planning phase can be found in section 11 Design and Planning of this document.