Remote Work Management with Azure
Business Problem
Like any government organization, the Georgia OST was looking at several challenges that were only amplified by the COVID-19 situation. At a high level, the business challenges were:
Employees going remote and operating from outside their on-premises network Rising budget cuts A need for heightened security posture owing to the nature of sensitivity and confidentiality of business operations
Solution
The principal objective of the engagement for FyrSoft was to:
Assess and analyze the security posture of customer’s current Azure environment Configure features that enable better management and enhanced security of the customer’s remote work environment As part of the scope, FyrSoft leveraged:
Microsoft Surface devices – as modern endpoint devices to facilitate better device management & monitoring Azure AD – for identity management
Multifactor Authentication (MFA) with conditional access – to enable user login contingent on predefined conditions
Windows Hello for Business – for strong, two-factor authentication
Microsoft Intune – for device compliance policies and secure access to data
Device configuration profiles – to enable automatic device configurations through Microsoft Autopilot feature Azure Sentinel – for reporting that in turn contributes to better decision-making
Outcome
Commissioning Microsoft Surface devices as endpoint devices for remote employees for better modern device management practices Assessing customer’s existing security policies, configurations, and settings on Azure such as Multifactor Authentication, Microsoft Intune Device Compliance, etc.
Designing a solution by juxtaposing customer’s existing policies with Microsoft recommended practices and settings Implementing the designed solution by closely working with the customer
Testing the implemented solution by creating test groups to verify the new policies for Microsoft Intune, Multifactor Authentication, while enabling FIDO2 security key login access with Windows Hello for Business
Configuring Autopilot for newly procured Microsoft Surface devices to ensure that users need little to zero assistance in enrolling their devices on Microsoft Intune