Secure Identities and Access Workshop Delivery Guide 4 July 2022


Define security strategy related to identity



Download 1.16 Mb.
Page8/37
Date08.08.2023
Size1.16 Mb.
#61825
1   ...   4   5   6   7   8   9   10   11   ...   37
Secure Identities and Access
Define security strategy related to identity
Provide the customer with a documented security strategy related to identity for their security teams and stakeholders.



  1. Engagement effort


Important
Treat the standard scope and timeline as a template to use for guidance when creating your own offering based on this toolkit. You must adjust the scope and timeline, so they match.
The tables below provide high-level estimates of the effort for activities of the engagement, as outlined in section 3 Engagement phases.
The numbers provided are to be considered as indicative and can change as a result of customizing the delivery schedule and/or the individual activities.




Week 1 – Pre-engagement

Preparation

Delivery







Pre-engagement Call

1 Hrs

1,5 Hrs







Prepare and send Identity Workshop Questionnaire

1 Hrs

0 Hrs







Week 2 – Engagement Setup and Reporting

Preparation

Delivery







Kick-off Meeting

1 Hrs

1 Hrs







Business Value Presentation

1 Hrs

1 Hrs







Microsoft Secure Score Overview

0,5 Hrs

0,5 Hrs







Run Microsoft Secure Score for Identity Security Posture assessment

1 Hrs

1 Hrs







Application Discovery Presentation

0,5 Hrs

0,5 Hrs







Application Discovery Setup

1 Hrs

1 Hrs







Application Discovery Reporting and discussion

1 Hrs

2 Hrs







Week 3 – Design and Planning

Preparation

Delivery







Azure AD Application Management

1 Hrs

2 Hrs







Identity Fundamentals

1 Hrs

2 Hrs







Self-Service Password Recovery (SSPR)

1 Hrs

1 Hrs







Multifactor Authentication (MFA)

1 Hrs

1 Hrs







Conditional Access (CA)

1 Hrs

2 Hrs







Passwordless (optional)

1 Hrs

1 Hrs







Endpoint Compliance (optional)

1 Hrs

2 Hrs







Week 4 – Workshop Day

Preparation

Delivery







Customer Value Conversation

1 Hrs

1 Hrs







Demo (optional)

1 Hrs

2 Hrs







Key results, recommendations, and next steps

1 Hrs

2 Hrs

+







18 Hrs

25 Hrs



The typical delivery effort for the Secure Identities and Access Workshop engagement is estimated to be ~24 hours when using the example schedule and scope provided in this guide, excluding time necessary for preparations. The estimates also do not include time for optional (external) Project/Engagement management resources. If an (external) project/engagement manager is required, additional hours should be added accordingly.


  1. Engagement scope

In scope


The standard scope of the engagement includes:

  • Guided exploration of Microsoft Secure Score and a discussion of recommended improvement actions related to the “Identity” category.

  • Configuration and use of engagement tools, either Azure Active Directory Connect Health agent or “AD FS to Azure AD application migration scripts”, to discover applications accessed with authentication conducted through AD FS servers.

  • If the customer is using Okta, installation and use of Identity Transporter Tool against customer’s Okta tenant to discover applications accessed with authentication conducted through Okta.

  • Use of Azure AD Cloud App Discovery by a one-time manual upload of logs from a single on-premises perimeter security device such as a firewall or proxy server to create a snapshot Cloud Discover report of cloud applications utilized by users in the customer organization.

  • Analysis of logs and reports with discovered applications utilized by users in the customer organization, leading to prioritization of these applications for migration of their authentication through Azure Active Directory.

  • Design and planning session resulting in design decisions and leading to the development of high-level deployment plans for:

    • Azure AD Application Management

    • Identity Fundamentals

    • Self-Service Password Reset

    • Multi-Factor Authentication

    • Conditional Access

    • Passwordless authentication

    • Endpoint Compliance

  • Presentations, demos and discussions as described in section 3.4 Workshop Day.

Out of scope


The standard scope of the engagement excludes:

  • Exploration of Microsoft Secure Score beyond the “Identity” category.

  • Configuration of tools beyond the guidance provided in this document.

  • Automatic upload of firewall or proxy server logs to Microsoft Cloud App Security (through Log Collector) or obtaining information based on integration of Microsoft Cloud App Security with Microsoft Defender for Endpoint.

  • Design and planning sessions on topics beyond what is described in this document.

  • Presentations, demos, and discussions beyond what is described in section 3.4 Workshop Day.
  1. Customer requirements


Successful delivery of the engagement is dependent on the customer's involvement in all aspects of the engagement. The customer must ensure that accurate and complete information is provided in a timely fashion as needed, that appropriate resources are committed, and that any activities are completed in a timely and effective manner.
NOTE: This section describes the customer requirements applicable to the overall engagement. Additional requirements specific to the activities will be outlined in the individual sections below.
The customer will need to perform the tasks, provide the resources, and take ownership of the following activities:

  • The customer will need to provide adequate access to the necessary personnel needed to successfully complete the engagement, including:

    1. A customer project manager responsible for the overall coordination and for scheduling logistics.

    2. IT object owners for identity and security during all phases of the assessment.

    3. An Executive Sponsor.

  • The customer will provide the following to the resource delivering the workshop:

  • Access to any relevant documentation.

  • Network connectivity, adequate workspace, parking permits, building access, and appropriate identification badges within the first day of project the onsite workshop.

  • Appropriate-sized room with whiteboard and projector for knowledge transfer sessions or access to remote working and collaborating tooling in order to perform the work remotely.



  1. Download 1.16 Mb.

    Share with your friends:
1   ...   4   5   6   7   8   9   10   11   ...   37




The database is protected by copyright ©ininet.org 2024
send message

    Main page