Microsoft Entra
Zero Trust
FastTrack provides comprehensive guidance on implementing Zero Trust security principles. The Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. This approach ensures robust security across your networks, applications, and environment. FastTrack accomplishes this by focusing on identity, devices, applications, data, infrastructure, and networks. With FastTrack, you can confidently advance your Zero Trust security journey and protect your digital assets effectively.
With Microsoft Entra, you can implement Zero Trust principles by ensuring strong authentication and access policies. This includes enforcing least privileged access with granular permissions and controls, managing access to secure resources, and minimizing the blast radius of potential attacks. By integrating with Microsoft Entra ID, you can create secure Zero Trust solutions that protect your organization's identity and access management.
Identity integration
FastTrack provides remote guidance for:
- Preparing on-premises Active Directory Identities for synchronization to Microsoft Entra ID including installing and configuring Microsoft Entra Connect (single or multi-forest) and licensing (including group-based licensing).
- Creating cloud identities including bulk import and licensing including using group-based licensing.
- Choosing and enabling the correct authentication method in Microsoft Entra Connect for your cloud journey, password hash sync, pass-through authentication, or Active Directory Federation Services (AD FS).
- Choosing and enabling a more convenient authentication experience for your users with passwordless authentication using Fast Identity Online (FIDO2), Microsoft Authenticator app, or Windows Hello for Business cloud trust.
- Providing planning documentation for Windows Hello for Business hybrid key or certificate trust.
- Migrating authentication from AD FS to Microsoft Entra ID using password hash sync or Pass-through Authentication.
- Migrating preintegrated software-as-a-service (SaaS) apps (Microsoft Entra app gallery) from AD FS to Microsoft Entra ID for single sign-on (SSO).
- Enabling SaaS app integrations with SSO from the Microsoft Entra app gallery.
- Enabling automatic user provisioning for preintegrated SaaS apps as listed in the app integration tutorial list (limited to Microsoft Entra app gallery and outbound provisioning only).
- Enabling security defaults to secure your Identities for nonpremium Microsoft Entra customers.
- Configuring Microsoft Entra join.
- Configuring Microsoft Entra hybrid join.
Microsoft Entra ID P1
FastTrack provides remote guidance to enable secure access to apps and to protect identities from security threats.
This guidance includes:
- Multifactor authentication (MFA) (cloud only).
- Self-service password reset (SSPR).
- Conditional Access.
- Self-service group management.
- Dynamic group membership.
- Business-to-business (B2B) collaboration between Microsoft Entra tenants.
- Setup of a multitenant organization in Microsoft 365 admin center.
- B2B direct connect.
- Cross-tenant synchronization.
- Cross-tenant access.
- Password protection.
- Application Proxy for on-premises web apps.
- Connect Health.
- Company branding.
- Managing collections in My Apps.
- Role-based access control (RBAC) for built-in administrative roles.
- Administrative units.
- Built-in monitoring and reporting capabilities.
- Terms of use.
Microsoft Entra ID P2 (included in Microsoft 365 E5)
FastTrack provides remote guidance to enable secure access to apps and to protect identities from security threats.
This guidance includes:
- Identity Protection.
- Risk-based Conditional Access.
- Privileged Identity Management (PIM).
- Basic entitlement management.
- Access reviews.
Microsoft Entra ID Governance
FastTrack provides remote guidance for:
- Deploying Privileged Identity Management (PIM) (also included in Microsoft Entra ID P2).
- Deploying entitlement management.
- Configuring access reviews.
- Configuring automatic user provisioning to on-premises Active Directory or Microsoft Entra ID for Workday HCM or SAP SuccessFactors through tutorial assistance.
- Configuring attribute writeback from Microsoft Entra ID to Workday HCM or SAP SuccessFactors through tutorial assistance.
- Deploying lifecycle workflow built-in tasks and templates including use of custom security attributes to scope a workflow.
Out of scope
- Any API related configuration or customization.
- Any configuration inside of Workday HCM or SAP SuccessFactors portals.
- Configuring advanced attribute mappings.
- Custom expression mapping for provisioning or writeback.
- Data remediation for manual human resource (HR) data.
- Lifecycle workflow custom task extensions and APIs.
- Azure Logic Apps customization or integration.
Microsoft Entra Global Secure Access
Global Secure Access configuration
FastTrack provides remote guidance for:
- Activating Global Secure Access in the tenant.
- Enabling traffic forwarding profiles for Microsoft Entra Internet Access, Microsoft Entra Private Access, and Microsoft traffic.
- Enabling source IP restoration.
- Installing the Global Secure Access client on Windows 10/11, macOS, iOS, and Android clients.
Microsoft Entra Internet Access for Microsoft Services (included in Microsoft Entra ID P1)
FastTrack provides remote guidance for:
- Enabling Global Secure Access signaling for Conditional Access.
- Enabling universal tenant restrictions including blocking access for all external identities and applications.
- Configuring compliant network access.
- Configuring applicable Conditional Access policies.
Microsoft Entra Internet Access
FastTrack provides remote guidance for:
- Creating and applying web filtering policies.
- Applying web filtering policies to security profiles.
- Creating Conditional Access policies that apply to Microsoft Entra Internet Access.
Microsoft Entra Private Access
FastTrack provides remote guidance for:
- Installing and configuring connectors.
- Publishing applications.
- Creating Conditional Access policies that apply to Microsoft Entra Private Access.
Out of scope
- Network device, virtual local area network (VLAN) configuration, and internal network routing for Microsoft Entra Internet Access and Microsoft Entra Private Access.
- Remote network connectivity.
- Third-party security information and event management (SIEM) integration.
Source environment expectations
The on-premises Active Directory and its environment are prepared for Microsoft Entra, including remediation of identified issues that prevent integration with Microsoft Entra ID and other in-scope features.
Note
For customers provisioned with Security Compute Units (SCUs), FastTrack provides a walkthrough of the embedded Microsoft Copilot in Microsoft Entra experiences within the scope covered in this topic.
Microsoft advanced deployment guides
Microsoft provides customers with technology and guidance to assist with deploying your Microsoft 365, Microsoft Viva, and security services. We encourage our customers to start their deployment journey with these offerings.
For non-IT admins, see Microsoft 365 Setup.