Skip to content
Jussi Metso
Jussi Metso

It’s all about The Cloud and The Security

  • Posts
  • About the blog
  • Activity
  • Connect!
  • Privacy Policy
Jussi Metso

It’s all about The Cloud and The Security

March 31, 2026March 31, 2026

Red Tenant intro

Study of Red Tenant

From pure interest I started to study the thing called Red Tenant. What it is and why it is called Red Tenant.

Red Tenant is not a Microsoft related product name. There are companies which provide Managed Red Tenant -service but my interest is to clarify for myself what is needed to build the red one without selling it outside. Maybe later….

In practice, a “Red Tenant” usually means an isolated admin control plane. The common components are: a dedicated Entra tenant for admin identities, separate admin accounts from normal user accounts, hardened admin devices/PAWs, strict Conditional Access, just-in-time role activation through Microsoft Entra Privileged Identity Management, monitoring/auditing for privileged actions, and controlled ways to manage production tenants or on-premise Active Directory without letting compromise in the normal estate spread into the admin estate.

Thought red tenant is not a Microsoft product I’ll will write it as it would be used with Microsoft products.

This might go south but at least I have tried. Here’s some architecture mockup. I’ll explain later what is included in each layer.

  1. Core
  2. Identity layer
  3. Device layer
  4. Access policy layer
  5. Elevation and governance layer
  6. Monitoring and response layer
  7. Hybrid and Multi-tenant connections

Here was a very short intro to the Red tenant. I’ll be back soon. 

Picture of Jussi Metso
Jussi Metso

Author is a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future.

Share on Social Media
xfacebooklinkedinwhatsapp

Discover more from Jussi Metso

Subscribe to get the latest posts sent to your email.

SECURITY #entraid #security #governance #management

Post navigation

Previous post
Next post

Related Posts

SECURITY

Microsoft Cloud Attack and Defense Bootcamp

September 9, 2024September 9, 2024

A comprehensive 4-week bootcamp provides students with foundational concepts, essential security tools and techniques, and instruction in attacking and defending Azure and Microsoft 365 environments.

Read More
AI

Microsoft Security Copilot – Can your SOC live without it?

December 3, 2023December 3, 2023

Table of Contents Microsoft is bringing Copilot also for the Security field called Security Copilot….

Read More
AI

AI LLM attacks & how Microsoft Security products will help to reduce the Attack Surface

November 24, 2024November 24, 2024

This post is the first part of my presentation which I held at Microsoft AI Summit Finland last October. In that presentation I handled topics like LLM attacks, risks, their prevention and mitigations. Also Azure related AI security topics.

Read More

Link to my MVP profile:

Join our Security User Group:

Subscribe my blog to get updates!

Join 42 other subscribers

Recent Posts

  • Enabling Cloud Security in Defender portal
  • Red Tenant intro
  • Understanding Microsoft Zero Trust Assessment Tool
  • Book review of Microsoft Security Copilot for Security Operations
  • Book review of The Azure Cloud Native Architecture Mapbook – 2nd Edition

Top posts:

Defender for Cloud – Part 10: Cloud Workload protection (CWP)
NextGen Defender for Cloud: Phase 1 - public preview
Microsoft Sentinel Data lake (preview)
Defender for Cloud - Part 6: Attack Path Analysis
Defender for Cloud – Part 5: Security Alerts

Categories

Tags

#architecture #azure #bookreview #cloudsecurity #defenderforcloud #defenderforstorage #defenderxdr #entraid #security #governance #management #malwarescan #mdcseries #securitycopilot #sentinel #siem #soc

Archives

Visits on my site

24,370 hits

©2022-2026 Jussi Metso. All rights reserved.