https://store-images.s-microsoft.com/image/apps.63518.dd823999-f8e4-4364-bce7-1630fef1b02c.6c454edf-9b3b-4e75-894c-6bdad973d9da.034565b8-d9fc-4a45-b84b-e09972be8ed0

Azure Active Directory Premium: 8-days implementation

PROJECT INFORMATICA SRL

Pricing €5,760

Increase Microsoft 365 security by implementing Azure MFA and Conditional Access solutions available on the Microsoft 365 platform

The goal is to increase Microsoft 365 security by implementing Azure MFA and Conditional Access solutions available on the Microsoft 365 platform. In addition, a communication campaign will be built to promote and sensitize users on the issue as well as the activation of two-factor verification.

Multi-factor authentication is a process where,when signing in to Microsoft 365,the user is asked to provide an additional form of authentication, such as entering a code on their mobile phone or scanning their fingerprint.

With Azure AD Multi-Factor Authentication, you can use the following additional forms of verification:

  • App Microsoft Authenticator
  • Token hardware OATH
  • sms
  • Voice call

For more granular controls, you can use Conditional Access features to define events or applications that require multi-factor authentication. These policies can allow regular sign-in events when the user is on the corporate network or a registered device but requires other verification factors when the user is remote or on a personal device.

Conditional Access capabilities allow you to control access on cloud or on-premise applications, based on certain conditions defined by the IT department.

You can control access to cloud apps based on the user's network location. The location condition is commonly used to block access from countries or regions where traffic to your organization shouldn't be coming from.

Organizations that have Microsoft Intune can use the information returned by devices to identify devices that meet compliance requirements, such as:

  1. Request to unlock a PIN;
  2. Request device encryption;
  3. Requiring a minimum or maximum version of the operating system;
  4. The request for a device is not jailbroken or rooted.

Conditional Access is one of the essential features of the Zero Trust model.

Instead of thinking that everything behind the corporate firewall is secure, the Zero Trust model assumes a breach and verifies every request as if it came from an open network. Regardless of where the request comes from or what resource it accesses, Zero Trust teaches us to never trust and always verify. Before granting access, each request is fully authenticated, authorized, and encrypted. The principles of micro-segmentation and less privileged access are applied to minimize lateral movements. Advanced intelligence and analytics are used to detect and respond to anomalies in real time.

Azure Active Directory Application Proxy enables secure remote access to on-premises web applications. After a single sign-on (SSO) to Azure AD, users can access both cloud and on-premises applications through an external URL or web portal. Application Proxy installs a connector on Windows Server and does not require you to open incoming connections through the firewall. Using Azure AD-based authentication, you can use features such as conditional access and MFA.

Project Constraints:

  • Virtual Machine Windows Server 2016/2019: Minimum requirements vCPUs 2, RAM 8 Gb (Recommended 2 VMs for configuration Azure AD Application Proxy connector in high availability).
  • Administrative accounts (Global Admin and Domain Admin) for configuring Azure AD Application Proxy;
  • Access to infrastructure to perform tasks remotely;
  • SSL certificate for publishing custom domain services.

Project Assumptions:

  • The customer is already in possession or will purchase the necessary licenses to implement the Virtual Machines and necessary;

Description of the planned activities:

  • Checks on on-premises infrastructure and Azure AD services;
  • Install Azure AD Application Proxy Connector;
  • Publish 2 on-premises web apps with Azure AD based pre-authentication;
  • IT Admins training and documentation.

Organizations that have an Azure Active Directory Premium license can take advantage of the Self-Service Password Reset.

This feature makes it easier for end users to reset their password even outside the corporate network, without intervention by the system administrator or help desk.

The identity verification methods useful to complete the password reset process are as follows:

  • App Authenticator via one-time code or push notification;
  • Email;
  • Phone number;
  • Security questions.

Here are the activities that will be carried out:

  • Checks on Active Directory and Azure Active Directory;
  • Azure AD Connect checks;
  • Password Reset configuration in Azure AD;
  • Password Writeback configuration in Azure AD Connect;
  • Creation of security group and pilot on 5 identities;
  • IT department training.

At a glance

https://store-images.s-microsoft.com/image/apps.25016.dd823999-f8e4-4364-bce7-1630fef1b02c.f75fd00f-3cf9-4222-9c7b-7a0355d58d50.66bc4af3-dc94-4f61-be62-bceb0a808c1e
https://store-images.s-microsoft.com/image/apps.1627.dd823999-f8e4-4364-bce7-1630fef1b02c.f75fd00f-3cf9-4222-9c7b-7a0355d58d50.023eb5e5-1989-4dda-939a-8656577ee367
https://store-images.s-microsoft.com/image/apps.14320.dd823999-f8e4-4364-bce7-1630fef1b02c.f75fd00f-3cf9-4222-9c7b-7a0355d58d50.0fbf5ff1-54d1-48cd-b6fd-5caf6669cf11
https://store-images.s-microsoft.com/image/apps.25377.dd823999-f8e4-4364-bce7-1630fef1b02c.f75fd00f-3cf9-4222-9c7b-7a0355d58d50.543e387c-e3da-4fd0-8faa-d402ca3d933e