March 31, 2026March 31, 2026 Red Tenant intro Study of Red Tenant From pure interest I started to study the thing called Red Tenant. What it is and why it is called Red Tenant. Red Tenant is not a Microsoft related product name. There are companies which provide Managed Red Tenant -service but my interest is to clarify for myself what is needed to build the red one without selling it outside. Maybe later…. In practice, a “Red Tenant” usually means an isolated admin control plane. The common components are: a dedicated Entra tenant for admin identities, separate admin accounts from normal user accounts, hardened admin devices/PAWs, strict Conditional Access, just-in-time role activation through Microsoft Entra Privileged Identity Management, monitoring/auditing for privileged actions, and controlled ways to manage production tenants or on-premise Active Directory without letting compromise in the normal estate spread into the admin estate. Thought red tenant is not a Microsoft product I’ll will write it as it would be used with Microsoft products. This might go south but at least I have tried. Here’s some architecture mockup. I’ll explain later what is included in each layer. Core Identity layer Device layer Access policy layer Elevation and governance layer Monitoring and response layer Hybrid and Multi-tenant connections Here was a very short intro to the Red tenant. I’ll be back soon. Jussi Metso Author is a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Mediaxfacebooklinkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe SECURITY #entraid #security #governance #management
SECURITY Microsoft Cloud Attack and Defense Bootcamp September 9, 2024September 9, 2024 A comprehensive 4-week bootcamp provides students with foundational concepts, essential security tools and techniques, and instruction in attacking and defending Azure and Microsoft 365 environments. Read More
AI Microsoft Security Copilot – Can your SOC live without it? December 3, 2023December 3, 2023 Table of Contents Microsoft is bringing Copilot also for the Security field called Security Copilot…. Read More
AI AI LLM attacks & how Microsoft Security products will help to reduce the Attack Surface November 24, 2024November 24, 2024 This post is the first part of my presentation which I held at Microsoft AI Summit Finland last October. In that presentation I handled topics like LLM attacks, risks, their prevention and mitigations. Also Azure related AI security topics. Read More