Business Challenge:
A large global assurance, testing, inspection and certification customer are seeking to consolidate the identity and access management controls within Active Directory and Entra ID in order to improve security, incident response times and to centralise the management, compliance and policy enforcement of the company’s core mandatory controls.
In addition the company are also keen to reduce future integration costs associated with mergers and acquisitions.
Key observations following an initial audit and discovery phase
- The need to collapse and reduce the total number of existing AD forests, trusts and child domains.
- The distributed nature of the AD (80 AD domains globally) presents significant administrative and ownership challenges.
- Existing AD contains over 1,000 group policies which provides a poor user experience due to policy processing time.
- Due to the distributed nature of the existing AD environment there is currently no Active Directory disaster recovery strategy beyond the standard back up of AD itself.
- The current AD environment has not been designed to support modern secure privileged access and therefore the environment is vulnerable to escalation of privilege attacks.
The greatest security improvement that can be achieved by collapsing as many forests as possible into a single forest. Not only does this consolidation make a positive impact on the security posture of the organisation, but it also often reduces total management costs by eliminating the more complex, distributed multi-forest environment.
Active Directory (AD) migration projects can be challenging and complex. Such projects involve the migration of users, groups, computers, and applications from one AD domain or forest to another. Careful planning and execution can help your migration team complete a successful AD migration, with minimal disruption to end users and while optimizing IT resources.
With the adoption of hybrid and in many cases fully remote workers traditional identity and access management solutions such as on premise Active Directory are no longer the most appropriate solution. A more modern approach would be adopt either a Hybrid or fully cloud based identity and access solution such as Microsoft Entra ID. Users and endpoints can be migrated over to Entra ID to increase security, end-user management and with the adoption of modern SSO and authentication solutions end-users can seamlessly access both SAAS and on-premise applications.