This is an onsite requirement in Qatar and the provided configuration requirements are high level and can be considered a working draft.
Requirements and analysis
Solution design (High level / Low level)
Build / Deploy & Configure
Testing and fixes
Handover including knowledge transfer sessions
Onsite presence will be required for conducting workshops, implementation and handover.
Software product(s) and configuration
Windows Server 2016/2019: Active Directory domain and Enhanced Security Administrative Environment (ESAE) / Just Enough Administration (JEA) configuration.
Privileged access workstation design & implementation
LAPS solution for workstations (100) and servers (50)
Microsoft Systems Center Configuration Manager (SCCM): Application deployment, configuration compliance and software update management.
Microsoft BitLocker Administration and Monitoring (MBAM)
Features to be implemented: Secure Boot, Device Guard, Credential Guard, Role and Delegation model, Remote Credential Guard and Group policy.
Hardening of domain controllers, application servers and workstations
Active Directory Rights Management (ADRMS) implementation, configuration and certificate or smartcard based authentication integration
Scope will include integrate with solutions such as Symantec Information Centric Tagging, RSA and existing PKI or AD infrastructure services
The said solution should be designed with an architecture that provides ability to scale to meet demand.
Best practices for security zoning, performance tuning, high availability, threat protection should be implemented.
- Software Configuration