ICAM and Zero Trust with with Microsoft Azure

ICAM enables the right individual to access the right resource, at the right time, for the right reason.

Federal agencies must also comply with new requirements as they upgrade their ICAM requirements as they move to the cloud. Oxford Computer Group (OCG) partnered with Microsoft and Saviynt to build and provide the solution for an effective ICAM program that meets the criteria for a robust Zero Trust security solution.

Microsoft via Azure Active Directory provides the foundational Identity & Access Management (IAM) layer natively integrated with Azure Government Cloud to meet the appropriate compliance requirements. Saviynt natively integrates with AD to provide Identity Governance and Administration (IGA). OCG provides implementation services from discovery to deployment.

Why Choose Oxford Computer Group?

For nearly 20 years, we have specialized in Microsoft identity, security, and governance solutions. We have an excellent track record, having won the Microsoft Partner of the Year award eight times and been Saviynt’s Impact Partner of the Year twice. In 2023, we were named a finalist for the MISA (Microsoft Intelligent Security Association) Zero Trust Champion award.

We design and develop innovative solutions focused on delivering business value. We assess architectures and processes, and make recommendations designed to support strategic objectives. To accelerate deployment, we use our proven methodology, best practices, and a unique library of code developed during 1000+ projects.

Zero Trust Mindset

Assume that you have already been breached and that all access requests are hostile. This requires continually evaluating access requests to ensure they are valid.

Single Identity Repository

Leverage a single, enterprise-wide identity repository for access across your on-premises and multi-vendor cloud environments. This enables a comprehensive set of access controls across all users and a single view of user entitlements and activities. Organizations that already have Microsoft 365 should leverage Azure Active Directory (Azure AD) as the single identity repository. All enterprises (including federal agencies) should embrace Microsoft’s Hybrid approach leveraging Azure AD as the single identity repository in the cloud

Least Privilege

Microsoft 365 and Saviynt provide the governance tools, including conditional access and Privileged Identity Management (PIM), to properly enforce and manage the principles of least privilege.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication should be used by anyone with access to your applications or data. MFA doesn’t always have to be via a phone or token but could leverage Windows Hello to ensure a better user experience

Risk-Based Analytics

Leveraging the single identity repository to perform risk-based identity analytics will enable organizations to focus security, compliance and management efforts on the identities that pose the most risk to the organization. Risk-based analytics will also allow for streamlining processes to improve the user experience and allow administrators to quickly identify security signals such as risky user sign-ins - all while reducing costs.

Conditional Access

Leverage Conditional Access policies based on risk-based analytics to limit access. For instance, users with a managed device would get access in accordance with their entitlements, but an unmanaged device may get read-only access. Users coming from abnormal locations may have their access limited or require an additional factor to authenticate.

Download the full solution brief here.