Managed Landing Zone
Intility offers Managed Azure Landing Zone as the basic level of management in Azure. An Azure Landing Zone consists of an Azure environment with one or more subscriptions, and is based on a set of strategies and processes for key areas such as security, networking, cost optimization/billing, development, identity and access management, and scaling. These guidelines and processes apply to all subscriptions, regardless of the underlying platform.
Intility ensures that Managed Azure Landing Zone is delivered to customers at a Tenant and Subscription level, and in this way, Tenant Management and Subscription Management will be a part of the Intility Managed Landing Zone offering.
Azure Tenant Management
The services consist of:
Internal user administration and guest users from third parties/partners.
Role administration and user assignment to subscriptions and resource groups.
Operation of service users and application registration.
Integration between Active Directory and Azure resources.
Opportunities:
Privileged identity management, auditing, etc.
Multi-factor Authentication (MFA)
Conditional access and multi-level MFA
Other customized integration with Azure AD (AAD)
Management Groups
With a Managed Azure Landing Zone, Intility develop Management Groups in accordance with the Microsoft Cloud Adoption Framework (CAF). The Management Group structure is illustrated below:
Azure Subscription Management
As part of the Managed Azure Landing Zone, subscription management is included, where the customer itself chooses which subscriptions this applies to.
On the other hand, an Unmanaged Subscriptions come with zero involvement by Intility. Such subscriptions are useful for sandbox and lab environments. Unmanaged Subscriptions are not recommended for companies without a firm grasp of the scope and complexity of Azure management, regardless of the use case. On this tier, the customer assumes full responsibility for all aspects of the Subscription.
At the time of writing, the Managed Subscription includes the following specific services and capabilities:
Activation of Microsoft policies.
Activation of Defender for Cloud Security Posture Management and Defender for Resource Manager.
Centralized activity logging to Intility SOC.
247/365 security incident response from Intility SOC.
Cloud Documentation; a comprehensive revision of security.
Cost reporting with optimization suggestions in Intility Insight.
Possibility for Managed Azure Direct Link with Intility's standard for security and configuration.
Possibility for "Application Management".
As a service under continuous development, changes and improvements will occur.
If the customer wants a security report and review of their environment, review of their policies with suggestions for improvement and recommendations, as well as a review of consumption costs in Azure with recommendations for cost optimization and savings, Intility offers this as a consultant service.
Application management in Azure (Optional)
Intility provides application management in Azure as an end-to-end service for applications and workloads running in Azure.
Application Management includes 24/7/365 support, application monitoring and automatic error correction, change management, client management, and coordination of third parties, continuous risk mitigation, and the establishment and maintenance of detailed documentation. A common data model for tools, monitoring and documentation ensures that compatibility overviews, log data, monitoring data, product data and knowledge articles can be used for predictive analysis and continuous improvement across the companies on the platform. This ensures stability, guaranteed availability, and high performance for the Customer's applications.
Responsibility Model
To clarify the responsibility between Intility, customer, and Microsoft, the two levels of mangament is illustrated below.
Security Operations Center
Intility Security Operations Center (SOC) is a specialized department with dedicated resources that exclusively works to identify and reduce risks of unauthorized access and to protect the underlying platform.
SOC is central to Intilitys operational and technical work to ensure confidentiality, integrity and availability of the information that Intility manages.
SOC monitors and acts on security incidents 24/7/365 and works closely with security vendors to mitigate incidents, notify involved parties and coordinate error correction work.