Secure Identities and Access Workshop Delivery Guide 4 July 2022
Define security strategy related to identity
Download 1.16 Mb.
|
- Navigate this page:
- Engagement scope
- Out of scope
- Customer requirements
| Define security strategy related to identity
Provide the customer with a documented security strategy related to identity for their security teams and stakeholders. Engagement effortImportant Treat the standard scope and timeline as a template to use for guidance when creating your own offering based on this toolkit. You must adjust the scope and timeline, so they match. The tables below provide high-level estimates of the effort for activities of the engagement, as outlined in section 3 Engagement phases. The numbers provided are to be considered as indicative and can change as a result of customizing the delivery schedule and/or the individual activities.
The typical delivery effort for the Secure Identities and Access Workshop engagement is estimated to be ~24 hours when using the example schedule and scope provided in this guide, excluding time necessary for preparations. The estimates also do not include time for optional (external) Project/Engagement management resources. If an (external) project/engagement manager is required, additional hours should be added accordingly. Engagement scopeIn scopeThe standard scope of the engagement includes: Guided exploration of Microsoft Secure Score and a discussion of recommended improvement actions related to the “Identity” category. Configuration and use of engagement tools, either Azure Active Directory Connect Health agent or “AD FS to Azure AD application migration scripts”, to discover applications accessed with authentication conducted through AD FS servers. If the customer is using Okta, installation and use of Identity Transporter Tool against customer’s Okta tenant to discover applications accessed with authentication conducted through Okta. Use of Azure AD Cloud App Discovery by a one-time manual upload of logs from a single on-premises perimeter security device such as a firewall or proxy server to create a snapshot Cloud Discover report of cloud applications utilized by users in the customer organization. Analysis of logs and reports with discovered applications utilized by users in the customer organization, leading to prioritization of these applications for migration of their authentication through Azure Active Directory. Design and planning session resulting in design decisions and leading to the development of high-level deployment plans for: Azure AD Application Management Identity Fundamentals Self-Service Password Reset Multi-Factor Authentication Conditional Access Passwordless authentication Endpoint Compliance Presentations, demos and discussions as described in section 3.4 Workshop Day. Out of scopeThe standard scope of the engagement excludes: Exploration of Microsoft Secure Score beyond the “Identity” category. Configuration of tools beyond the guidance provided in this document. Automatic upload of firewall or proxy server logs to Microsoft Cloud App Security (through Log Collector) or obtaining information based on integration of Microsoft Cloud App Security with Microsoft Defender for Endpoint. Design and planning sessions on topics beyond what is described in this document. Presentations, demos, and discussions beyond what is described in section 3.4 Workshop Day. Successful delivery of the engagement is dependent on the customer's involvement in all aspects of the engagement. The customer must ensure that accurate and complete information is provided in a timely fashion as needed, that appropriate resources are committed, and that any activities are completed in a timely and effective manner. NOTE: This section describes the customer requirements applicable to the overall engagement. Additional requirements specific to the activities will be outlined in the individual sections below. The customer will need to perform the tasks, provide the resources, and take ownership of the following activities: The customer will need to provide adequate access to the necessary personnel needed to successfully complete the engagement, including: A customer project manager responsible for the overall coordination and for scheduling logistics. IT object owners for identity and security during all phases of the assessment. An Executive Sponsor. The customer will provide the following to the resource delivering the workshop: Access to any relevant documentation. Network connectivity, adequate workspace, parking permits, building access, and appropriate identification badges within the first day of project the onsite workshop. Appropriate-sized room with whiteboard and projector for knowledge transfer sessions or access to remote working and collaborating tooling in order to perform the work remotely. Download 1.16 Mb. Share with your friends:
|