📄️ 001: Design Conditional Access posture
Overview
📄️ 002: Stop buying or building Active Directory dependent apps
Overview
📄️ 003: Discover and triage modern apps
Overview
📄️ 004: Discover and triage legacy apps
Overview
📄️ 005: Rollout CA with MFA controls
Overview
📄️ 006: Rollout CA with device controls
Overview
📄️ 007: Rollout CA with risk controls
Overview
📄️ 008: Rollout CA for External Identities
Overview
📄️ 009: Migrate VPN auth to Entra
Overview
📄️ 010: Enable on-prem remote access for web apps without VPN
Overview
📄️ 011: Rollout governance for app assignments
Overview
📄️ 012: Define app infra server management strategy
Overview
📄️ 013: Deploy Entra Domain Services
Overview
📄️ 014: Remove app infra servers from AD
Overview
📄️ 015: Define and rollout VDI strategy
Overview
📄️ 016: Migrate print servers to cloud
Overview
📄️ 017: Migrate SSO for employee federated apps
Overview
📄️ 018: Migrate SSO for employee WAM apps
Overview
📄️ 019: Decommission WAM servers
Overview
📄️ 020: Migrate SSO for External Identities federated apps
Overview
📄️ 021: Migrate SSO for external ids (WAM & others)
Overview
📄️ 022: Stop issuing on-prem accounts for new external users
Overview
📄️ 023: Start provisioning cloud apps via Entra app provisioning
Overview
📄️ 024: Migrate on-prem external ids & workflows to Entra External ID
Overview
📄️ 025: Decommission on-prem external user systems
Overview
📄️ 026: Rollout governance for External IDs
Overview
📄️ 027: Migrate existing SaaS app provisioning to Entra
Overview
📄️ 028: Migrate HR provisioning flow to Entra
Overview
📄️ 029: Migrate joiner/mover/leaver workflows to Entra
Overview
📄️ 030: Migrate existing on-prem app provisioning to Entra
Overview
📄️ 031: Rollout Authenticator App (MFA, SSPR, Passwordless)
Overview
📄️ 032: Migrate on-prem MFA systems
Overview
📄️ 033: Migrate self-service password reset
Overview
📄️ 034: Develop credential (incl. Passwordless) strategy
Overview
📄️ 035: Deploy Password Protection
Overview
📄️ 036: Turn on Password Hash Sync
Overview
📄️ 037: Migrate to Password Hash Sync authentication
Overview
📄️ 038: Decommission on-prem federation servers
Overview
📄️ 039: Rollout Windows Hello for Business
Overview
📄️ 040: Rollout FIDO2
Overview
📄️ 041: Rollout Authenticator Passwordless
Overview
📄️ 042: Drive passwordless usage
Overview
📄️ 043: Migrate to modern tools for collab (OneDrive, Teams, SharePoint)
Overview
📄️ 044: Migrate distributions lists to Microsoft 365 Teams & Groups
Overview
📄️ 045: Use cloud groups for new cloud app authorization
Overview
📄️ 046: Enable group writeback
Overview
📄️ 047: Rollout governance for groups
Overview
📄️ 048: Migrate group management workflows
Overview
📄️ 049: Enable user writeback
Overview
📄️ 050: Change provisioning flow of existing users to AAD
Overview
📄️ 051: Decommission on-prem IDM system
Overview
📄️ 052: Remove password as credential
Overview
📄️ 053: Change provisioning flow of existing groups to Entra
Overview
📄️ 054: Deploy Entra hybrid join
Overview
📄️ 055: Define Entra join strategy
Overview
📄️ 056: Rollout Entra join for new workstations
Overview
📄️ 057: Rollout AutoPilot
Overview
📄️ 058: Remove DJ Windows clients from Active Directory
Overview
📄️ 059: Deploy macOS Identity management
Overview
📄️ 060: Deploy macOS SSO Extension
Overview
📄️ 061: Define policy & use least privileged roles
Overview
📄️ 062: Use cloud-only privileged accounts
Overview
📄️ 063: Rollout PIM for Tier-Zero roles
Overview
📄️ 064: Discover & remediate existing over-privileged Workload Identities
Overview
📄️ 065: Lock down Entra tenant config
Overview
📄️ 066: Rollout Access Reviews for cloud privileged accounts & groups
Overview
📄️ 067: Plan privileged accounts lifecycle (JML)
Overview
📄️ 068: Rollout PIM for remaining roles
Overview
📄️ 069: Discover & analyze privileged usage for Workfload Identities (eg scripts)
Overview
📄️ 070: Rollout strong auth credentials for Workload Identities
Overview
📄️ 071: Rollout Conditional Access for Workload Identities
Overview
📄️ 072: Enforce authentication with strong creds for all privileged accounts
Overview
📄️ 073: Deploy Cloud Privileged Access Workstations
Overview
📄️ 074: Integrate all Entra logs into SIEM
Overview
📄️ 075: Develop security playbooks based on Entra logs
Overview
📄️ 076: Remediate risk signals from Identity Protection & MDI
Overview
📄️ 077: Implement monitoring for Entra Connect Sync
Overview
📄️ 078: Remediate Entra Connect Health alerts
Overview
📄️ 079: Implement monitoring for hybrid connectors
Overview
📄️ 080: Discover existing privileged roles
Overview
📄️ 081: Discover & remediate existing over privileged accounts
Overview