enterprise security poc final report... · web viewconduct the planning and architecture design...

Modern IT Enterprise Security PoC

Customer Name

Prepared by

[Type Author Email Here][Type Author Position Here]

Contributors[Type contributors here]

Report

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Report, Windows 10 Enterprise Security Integration Workshop, Version 1, Final Prepared by

ii

Revision and sign-off sheet

Change recordTable 1: change record

Date Author Version Change reference

ReviewersTable 2: reviewers

Name Version approved Position Date

Report, Modern IT Enterprise Security PoC, Version 1703, Final Prepared by

Page iii

Table of contents1 Executive Summary...................................................................................12 Company Information................................................................................23 Contacts.....................................................................................................3

3.1 Customer Representatives........................................................................................33.2 Microsoft Representatives.........................................................................................3

4 Modern IT Enterprise Security PoC Security Strategy................................44.1 Customer Environment..............................................................................................54.2 Current Security Implementation..............................................................................64.3 Key Risks of Current State.........................................................................................7

5 Recommended Features and Services.......................................................85.1 Cloud Identity............................................................................................................85.2 Overall Recommendations........................................................................................85.3 Recommendations in Detail.....................................................................................10

Appendix: [TEXT]...........................................................................................12Appendix: Windows 10 Enterprise Pilot Overview.........................................13

Report Modern IT Enterprise Security PoC, Version 1703, Final Prepared by

iv

TablesTable 1: change record.............................................................................................. iiiTable 2: reviewers..................................................................................................... iiiTable 3: template description....................................................................................vi


v

About this TemplateTable 3: template description

Template Description Audience Solutions

Essential Offers

Advanced Offers

Captures the business objectives, maps the Solution, and provides the next steps. Written for business decision maker and handed off to IT. Land and expand

External Not required

Required Not required

============================================================Important: This document contains guidance text. Remove it before finalizing this document and presenting it to a customer.============================================================Each section in this document contains visible guidance, which is indicated by pink text on a gray background. This information is intended to provide instructions about how the section should be written. One or more examples of the type of content that should appear in each section is provided. The content in this template should be overwritten with relevant information about the Offering that is the subject of this document.Before you release this document, you must do the following:

Remove the comments and revisions.o Use the Inspect Document feature in Microsoft Office 2016. Click the

File tab, click Check for Issues, and then click Inspect Document. In the Document Inspector dialog box, select the content to check for, and then click Inspect. Be sure to clear the Document Properties and Personal Information check box.

Remove and replace visible guidance text.o Select guidance text that is visible in the document and delete it.

Replace it with relevant content about the Offering or solution that is the subject of this document.

Confirm that the document properties are correct.o Because fields in the document rely on properties for their data, you

should not use Inspect Document to remove Document Properties.o Click the File tab in Office 2016, and then click Show All Properties

in the lower-right corner. To edit properties, click Properties, and then


vi

click Advanced Properties. On the Summary tab, you can edit properties such as Author and Company.

Update the fields in the document.o As the final step, confirm that you have updated all the fields in your

document. Updating fields sets the page numbers in your tables of contents, figures, or tables. Press Ctrl+A to select all text in the document, and then press the F9 key to update the fields.

o It is a good practice to know which sections of the document contain fields. In most cases, to view the fields in a document, click File > Options > Advanced, scroll down to Show document content, and in the Field shading drop-down box, click Always. Delete all comments in pink.

Update the Table of Contents and Tables and Figures sections.o Right click in the body of the Table of Contents (or the Tables or the

Figures section), select Update Field, click Update entire table, and then click OK.

Edit all Headers.o Select the page with the header that needs updating. On the Insert

tab, click Header, select Edit Header, update the text, and then click Close Header and Footer on the tab.

Save the document as a PDF for delivery to the customer.o Select the File tab, click Save As, in Save as type select PDF, and

then click OK. Delete through this line.


vii

1 Executive SummaryThe purpose of this section is to summarize your overall assessment and recommendations as detailed within the remainder of this document. This section should be completed after you have written the content for your sections. To start this section, provide a brief opening statement regarding where your customer is and why they are performing this assessment. An example follows.The Modern IT Enterprise Security Proof of Concept (PoC) provides a path to becoming a secure modern enterprise through strategic investments in both digital transformation and security enhancements.Additionally, this PoC drives planning to upgrade corporate workstations and cloud services to the latest Windows operating systems and cloud services, including Microsoft 365 E5 that contains the most complex security features of the platforms. The Modern IT Enterprise Security PoC will provide an enhanced opportunity to evaluate the functionality, user experience, and deployment of these features to prevent, detect, and respond to cyber attacks, protect intellectual property (IP), and maintain a competitive advantage in the marketplace.

•


Page 1

2 Company InformationThe company information section outlines previous engagements with the customer. You can also add Microsoft Premier engagements as well. The following provides an overview of Modern IT Enterprise Security PoC within the context of the engagement with <Delivery Org>.Table 1: Previous Engagements

Name Location Date Industry Employees HQ


Page 2

3 ContactsThe requirements section can include required environmental aspects and operational requirements for the deployed Solution.

The Modern IT Enterprise Security PoC is conducted with the following participants from the Customer Representative and Microsoft.

3.1 Customer RepresentativesThe following individuals are key participants in the Modern IT Enterprise Security PoC.Table 2: Project Participants

Name Role Email Phone Number

3.2 <Delivery Org> RepresentativesThe following individuals are the key participants in the Modern IT Enterprise Security PoC.Table 3: Project Participants

Name Role Email Phone Number


Page 3

4 Modern IT Enterprise Security PoC Security Strategy

The Modern IT Enterprise Security PoC is an important step in establishing a strategy for a secure modern enterprise involving security enhancements across several strategic areas. To increase the resiliency to the constant cyber attacks of the modern world, the Modern IT Enterprise Security PoC helps you target the following pillars of a modern enterprise with enhanced security:

Identity - Embrace identity as the primary security perimeter and protect the identity systems, administrators, and credentials as top priorities.

Apps and Data - Align the security investments with business priorities, including identifying and securing communications, data, and applications.

Infrastructure – Operate on a modern platform, and use cloud intelligence to detect and remediate both vulnerabilities and attacks.

Devices - Access assets from trusted devices with hardware security assurances, great user experience, and world-class threat detection.

The Modern IT Enterprise Security PoC is designed to validate the features and services to deploy by looking at security implementation holistically using the Secure Modern Enterprise framework to protect, detect, and respond to the most advanced cyber attacks on-premises and in the cloud.


Page 4

4.1 Customer EnvironmentThis section will include the customer environment, collected from pre-engagement questionnaires and during the workshop. This table shows the customer environment for current deployment.

Items Status

Client Operating System version Windows 7 Enterprise and Windows 8 Enterprise

System Center Configuration version 2012

MDM (Intune) Not yet

Total number of Windows clients Windows 7 Enterprise: 20000Windows 8 Enterprise: 100

Active Directory version 2012 R2

Azure Active Directory For Office 365 onlyMFA enabled

Windows 10 License Windows 10 E3

Office 365 License Office 365 E3

Microsoft Enterprise Mobility + Security License

EMS E3


Page 5

4.2 Current Security ImplementationThis section includes current security implementations, related to Windows client and cloud services. Include the security features deployed.

Feature Status

Windows Update Deployed through SCCM

BitLocker MBAM deployed

Anti-Virus Software 3rd party software

DMZ Firewall 3rd party software

IDS (Intrusion Detection System) 3rd party software


Page 6

4.3 Key Risks of Current State This section should summarize key risks in the customer’s security posture based on information collected during the engagement.

During this engagement, the following observations were made from discussion with key security personnel.

Risks Content

Unable to meet security requirements to the Cloud

Unable to meet the security requirement that protects employees and their productivity in the cloud. There is no program or full assurance to securing business transformation where the company gives the end users more choices of workspace and devices in a people-centric environment.

Current State has difficulty supporting an enterprise-wide initiative on modern devices

Difficult to support the future state of Security Architecture (i.e. protection access), defined in your organization, allowing users to “access anywhere” with a single unique identity while protecting the user “identity anywhere”.

Difficult to implement cyber security capability

With reactive and on-the-spot technologies, struggling to implement a rapid and more comprehensive detection and response capability in the organization, from email threat detection, internal attack detection, and protecting users from abusing the corporate resources on-premises and cloud.

Add detail and commentary that can help the customer understand these risks.


Page 7

5 Recommended Features and ServicesThe purpose of this section is to summarize the recommended Features and Services for the customer. Update them and help make sure it is consistent throughout this document.

5.1 Cloud Identity Cloud computing is a strategic investment for enterprises considering enterprise mobility and other business scenarios that can utilize the capabilities of cloud services. Cloud services are also underpinned by an identity strategy – specifically a hybrid identity solution.Enterprise Mobility + Security (EMS) is a comprehensive cloud solution to support the consumerization of IT, Bring-Your-Own-Device (BYOD) and Software-as-a-Service (SaaS) initiatives. It provides a cost-effective way to acquire the following cloud services:Microsoft cloud services can allow the following scenarios when using Windows 10 as the client operating system for cloud services:Consultant: Edit this list to indicate the scenarios that the customer is interested in pursuing.

Azure Active Directory join Use of Azure Active Directory credential that is synchronized and may/may

not be federated with the on-premises Active Directory Modern Device Management for Windows 10 devices

5.2 Overall RecommendationsUpdate this section. Key Findings: Windows 10 is planned to deploy using existing Windows 10 Enterprise E3 License. Consider the following feature in-place of 3rd party products. Recommendation: Suggested to deploy the following features through Windows 10 Pilot:

X64 on New Machine.

TPM 2.0 provides enhanced hardware-based, security-related functions.


Page 8

UEFI 2.3.1 or better uses security features such as Secure Boot and factory encrypted drives that help prevent untrusted code from running before the operating system is loaded.

Secure Boot verifies Windows bootloader integrity to make sure that no malicious operating system can start before Windows.

BitLocker protects data when a device is lost or stolen using full disk encryption; provides single sign-on and protection from cold boot attacks; it’s easy to deploy and manageable.

Windows Hello is an enterprise-grade biometric and companion device login, supporting fingerprint, facial, and iris-based recognition.

Credential Guard uses virtualization-based security to isolate the user's derived credentials and protects user access tokens in a hardware-isolated container.

Device Guard locks down devices so that only fully trusted apps are run.

Windows Information Protection delivers user-friendly corporate/personal; file-level data separation and containment; app control, and leak protection. It helps prevent users from leaking sensitive information from business documents and websites by accidentally copying and pasting to unauthorized locations such as personal documents or even public websites.

SmartScreen provides IP & other reputation services.

Key Findings: There is no cyber security capability on Windows 10 client. Recommendation: Suggested to consider upgrading to Windows 10 E5 license to deploy.

Windows Defender Advanced Threat Protection (ATP) has built threat intelligence in Windows 10, and is a behavior-based attack detection to help detect, investigate, and respond to targeted and advanced attacks on the network to facilitate forensic investigation and mitigation.

Key Findings: There is no cyber security capability on Office 365 environment. Recommendation: Suggested to consider upgrading to E5 license to deploy


Page 9

Office 365 Advanced Threat Protection is a cloud-based email filtering service that helps protect against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard your organization from harmful links in real-time. The rich reporting and URL trace capabilities give admins insight into the kind of attacks happening in your organization.

Advanced Security Management provides enhanced visibility and control.

Key Findings: The customer would like to learn more about Enterprise Mobility + Security (EMS) features.

Recommendation: Suggested to consider having another workshop or hands-on experiences on EMS including

Azure Information Protection provides encryption for all files and storage locations; cloud-based file tracking and intelligent classification, and encryption for files shared inside and outside specified organizations.

Azure Active Directory Premium provides single sign-on to cloud and on-premises applications, as well as enhanced risk-based identity protection with alerts, analysis, and remediation.

5.3 Recommendations in DetailUpdate this table from Closeout PPT.Windows 10

Observations Deployment and Benefit

No security foundation and baseline on Windows OS

DIY:

Windows 10 Security Guidance Overview

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-security-baselines

Windows 10 Security Baseline

https://go.microsoft.com/fwlink/?linkid=831663

Enterprise Mobility + Security


Page 10

https://go.microsoft.com/fwlink/?linkid=831663




[Text] [Text]

Office 365 Security


[Text] [Text]

Windows 10


[Text] [Text]



[Text] [Text]

Office 365 Security


[Text] [Text]

Windows 10


[Text] [Text]



[Text] [Text]

Office 365 Security


[Text] [Text]


Page 11

Appendix: [TEXT]Add the Datasheet of each Services we recommend here.


Page 12

Appendix: Windows 10 Enterprise Pilot Overview

The Windows 10 Enterprise Pilot is an engagement that can help you deliver Windows 10 Enterprise capabilities. This is a structured approach to rapidly deploy the Windows 10 operating system in a production-ready pilot deployment for up to 500 desktops, laptops, or tablets. In this engagement, Microsoft will collaborate with your IT organization to:

• Conduct the planning and architecture design workshops• Create Windows 10 reference images to support new and existing devices• Configure in-place upgrades, lite-touch installations, or zero-touch

deployments• Prepare your environment for Windows as a Service

This pilot will utilize the existing infrastructure resources, where possible, to provide a platform for current technical capabilities. The Windows 10 Enterprise Pilot follows a four-step approach.

This effective method to pilot current technology empowers IT to land updated technology and begin to recognize value rapidly. The Windows 10 Enterprise Pilot includes the following capabilities:

Image creation. Platform Delivery by using in-place upgrades, lite-touch installations, or zero-

touch deployments. Applications can be delivered through local installs or can be streamed in. Servicing of workstation through quality updates, features updates, and

delivery optimization. Security foundations—Windows security features that don’t require an

additional infrastructure or license, including:


Page 13

o BitLocker and BitLocker To Goo Credential Guardo User Account Controlo Defendero SmartScreen

The Windows Security Baseline from the Security Compliance Manager settings.

Scoping of additional security capabilities such as Windows Defender ATP, Windows Information Protection, and Hello for Business.


Page 14

enterprise security poc final report... · web viewconduct the planning and architecture design...

Documents