Managed Red Tenant

Administrative users and their devices are prime targets for attackers. Cybercriminals exploit lateral movement to identify vulnerabilities in your infrastructure and compromise administrative endpoints. With Managed Red Tenant, you establish a robust and scalable environment that provides optimal protection for your privileged identities and access.

Cut Off Lateral Movement Paths

Managed Red Tenant

Administrative users and their devices are prime targets for attackers. Cybercriminals exploit lateral movement to identify vulnerabilities in your infrastructure and compromise administrative endpoints. With Managed Red Tenant, you establish a robust and scalable environment that provides optimal protection for your privileged identities and access.

Managed Red Tenant

Ransomware attackers target highly privileged users and endpoints to cause maximum damage and demand ransom. Exploiting vulnerabilities within the infrastructure, they infiltrate administrative endpoints and move laterally through the organization. In many companies, users with extensive privileges work on unsecured devices, leaving the door wide open for attackers. By utilizing separate administrative devices and a dedicated admin infrastructure ("Red Tenant"), the risk of ransomware attacks can be significantly reduced.

Illustration of a blue key entering a yellow keyhole, symbolizing security or access control

The Managed Red Tenant combines our extensive experience in managed services with proven blueprints across Workplace, Azure, and Security.

The result: an isolated, fully cloud-based environment that effectively protects administrative users and endpoints – even in target environments with multiple Microsoft Entra tenants and Active Directory domains.

Our solution leverages native, cloud-based Microsoft identity and security features, strictly adhering to Zero Trust principles.
Illustration of a blue key entering a yellow keyhole, symbolizing security or access control
Illustration of three yellow figures behind a blue cloud, symbolizing cloud-based collaboration or cloud services for teams

Securing administrative clients is essential for an effective security strategy when it comes to privileged access. Regular devices should not be used for this purpose. We enforce strict policies to ensure the security and compliance of these endpoints. Based on the Microsoft Enterprise Access Model (EAM), we separate and evaluate privileged permissions according to defined administrative levels – forming the foundation for the use of an admin workstation.
Illustration of three yellow figures behind a blue cloud, symbolizing cloud-based collaboration or cloud services for teams
  • For highly critical roles with Control Plane access, such as the Global Administrator, we implement the "Clean Keyboard" approach by using a Privileged Admin Workstation (PAW) with dedicated hardware.
  • For additional administrative roles, such as managing workloads in Microsoft Azure, we provide a scalable solution through Virtual Access Workstations (VAW). These are built on a secure and customized Azure Virtual Desktop (AVD) infrastructure within the Red Tenant.

Diagram of the Red Tenant Architecture
Gain exclusive access to our innovative Managed Red Tenant solution. Be among the first to stay informed about our latest developments.
The Red Tenant will significantly enhance the security posture of the infrastructure of our customers, taking it to an entirely new level. And as always, you can expect it to be simple, automated, and convenient.
Jan Geisbauer Security Lead