x

AgileAscend: Microsoft Security Implementation

Zero Trust Architecture

Zero Trust Architecture (ZTA) is no longer a buzz-word, but a proven strategy mandated by the federal government, and adopted across industries. Agile IT has been implementing ZTA best practices since prior to NIST guidance and have continued to refine our practices as new guidance is issued. For this purpose, we model our approach on the GSA’s newest eight-pillar model which consists of:
• Identity
• Devices
• Data
• Network
• Application
• Infrastructure
• Visibility and Analytics
• Orchestration and Automation

Why Azure
Zero Trust Identity Security

Identity – The Center of Security

With hybrid and remote workspace now the norm, protecting your users identities is often the most critical step in defending your environment. Agile IT’s proven method leverages Microsoft tools including Azure Active Directory and Microsoft Defender for identity to enforce:

  • Multifactor Authentication and Conditional Access – Explicitly validate trust of users and endpoints requesting access to your resources. This helps build a de facto security perimeter around these modern resources with modern controls and provides simple consistent policy enforcement across them.
  • SSL and SAML – Juggling passwords leads to simple and/or repeated passwords. By establishing a single trusted source for identity across all of your applications you simplify your user’s day to day work and greatly enhance security.
  • Azure Privileged Information Management – Least privileged access with just-in-time (JIT) and Just-Enough-Access (JEA)

Devices

Bring Your Own Device policies can simplify life for your users, but can be a nightmare to understand the security behind it. Agile IT deploys Microsoft Endpoint Manager and Defender for Endpoint to protect mobile devices, workstations, and servers.

  • Mobile Device Management (MDM) and Mobile Application Management (MAM) – Agile IT gives you the option to manage corporate owned devices, or protect your data on employee owned devices.
  • Microsoft Endpoint Manager – Cross-platform Unified Endpoint Management (UEM) across Windows, Linux, Mac, iOS, and Android.
Zero Trust Device Security
Zero Trust Data Security

Data Protection

From intellectual property theft to ransomware, data is the number one target in your environment, no matter what your business is. Agile IT establishes strong data loss prevention across your environment, SaaS applications, and 3rd party clouds with Microsoft Information Protection and Defender for Cloud.

  • Data Loss Prevention (DLP) – Achieve granular access control to your most valuable information, making it easy to revoke access to your information even when it leaves your environment.
  • Governance – Meet stringent industry controls with Compliance Manager, Data Governance, and Advanced eDiscovery

Network Security

As more users work from home, coffee shops, and on the road, traditional network protections have changed greatly. In many cases, defending endpoints, identity, and data is sufficient to protect most critical resources. The network layer can be used to enable granular controls but should be guided by a zero trust policy engine rather than static policies at the perimeter.

  • Passive Monitoring – Monitor network traffic for anomalous behavior with Microsoft Defender while enabling automatic response with Azure Sentinel
Zero Trust Network Security
Zero Trust Infrastructure Security

Infrastructure

The entirety of your technology environment must be protected, This includes IoT like medical devices and manufacturing equipment, SaaS applications like SalesForce and your own development environments. Aggressively monitoring and repairing out of date and vulnerable systems is critical.

Isolate and Retire – Identify out-of-date and vulnerable hardware and software and isolate or retire platforms that can not be updated.
Identify your Biggest Risks – AgileMAX can help you employ Secure Score in Microsoft Defender for Cloud to understand where technical investments will have the most impact.

Visibility and Analytics

Even if every part of your environment keeps logs, you are left in a reactive state if you only consult them after an incident. Having a central location to monitor your environment lets you act on intelligence rather than react to incidents.

  • Log Analytics Workspace – Agile IT can help you connect every piece of your environment for log ingestion into Log Analytics Workspace, both preventing attackers from destroying logs, but also giving you 100% visibility into threats
  • Microsoft Defender – Microsoft Defender’s many flavors bring threat analytics directly where you can see them and act on them with NO 3rd party agents.
Zero Trust Security Visibility
Zero Trust Security Automation

Orchestration and Automation

Without intelligent automation and orchestration there are two states of monitoring: Alert fatigue and missed alerts. Agile It can enable Azure Sentinel, Microsoft’s cloud native Security Orchestration, Automation & Response (SOAR) solution in your environment and help you in establishing playbooks to intelligently and automatically respond to alerts.

  • eXtended Detection and Response – Agile It can combine the Security Incident & Event Management (SIEM) functionality of Sentinel with the advanced threat hunting capabilities of Microsoft Defender.
  • A true 24/7/365 Security Operations Center – Use your own SOC team with Agile IT Security Onboarding or employ AgileMAX as a true cloud Managed Security Service Provider (MSSP).

Microsoft Security Onboarding

Zero Trust, Zero Risk, Zero Downtime. Schedule a call with a cloud solutions advisor to find out how you can leverage your existing Microsoft licensing to reduce your attack surface, increase response time, and remove the threat posed by third-party security and management solutions like Solarwinds and Kaseya.

Agile IT is a four time Microsoft Cloud Partner of the Year and one of the top 100 cloud computing solution providers in the world. And hold 15+ Gold Microsoft Competencies – including a Gold competency in Security. We have been a trusted advisor for our customers since 2006.


Recent Agile IT Articles

Learn More Today

Have questions or want to learn more about the services and solutions Agile IT has to offer?

Schedule a call with us today!

Schedule a Call
or

Request a Quote