Managed Red Tenant
Administrative users and their devices are prime targets for attackers. Cybercriminals exploit lateral movement to identify vulnerabilities in your infrastructure and compromise administrative endpoints. With Managed Red Tenant, you establish a robust and scalable environment that provides optimal protection for your privileged identities and access.
Protection Against Lateral Movement and Privilege Escalation
Ransomware attackers target highly privileged users and endpoints to cause maximum damage and demand ransom. Exploiting vulnerabilities within the infrastructure, they infiltrate administrative endpoints and move laterally through the organization. In many companies, users with extensive privileges work on unsecured devices, leaving the door wide open for attackers. By utilizing separate administrative devices and a dedicated admin infrastructure ("Red Tenant"), the risk of ransomware attacks can be significantly reduced.
Maximum Protection for Administrative Access
The Managed Red Tenant combines our extensive experience in managed services with proven blueprints in the areas of workplace, Azure, and security.
The result: An isolated, fully cloud-based environment that effectively protects administrative users and endpoints – even in target environments with multiple Microsoft Entra tenants and Active Directory domains.
Our solution relies on native, cloud-based identity and security features from Microsoft and strictly adheres to Zero Trust principles.
Managed PAW for critical roles and a scalable cloud solution for all admins
Securing administrative clients is essential for an effective security strategy when it comes to privileged access. Regular devices should not be used for this purpose. We enforce strict policies to ensure the security and compliance of these endpoints. Based on the Microsoft Enterprise Access Model (EAM), we separate and evaluate privileged permissions according to defined administrative levels – forming the foundation for the use of an admin workstation.
- For highly critical roles with Control Plane access, such as the Global Administrator, we implement the "Clean Keyboard" approach by using a Privileged Admin Workstation (PAW) with dedicated hardware.
- For additional administrative roles, such as managing workloads in Microsoft Azure, we provide a scalable solution through Virtual Access Workstations (VAW). These are built on a secure and customized Azure Virtual Desktop (AVD) infrastructure within the Red Tenant.
Key Components of Managed Red Tenant
Architecture of Managed Red Tenant
