{"id":3027,"date":"2026-03-31T21:47:44","date_gmt":"2026-03-31T18:47:44","guid":{"rendered":"https:\/\/www.jussimetso.com\/?p=3027"},"modified":"2026-03-31T21:50:54","modified_gmt":"2026-03-31T18:50:54","slug":"red-tenant-intro","status":"publish","type":"post","link":"https:\/\/www.jussimetso.com\/index.php\/2026\/03\/31\/red-tenant-intro\/","title":{"rendered":"Red Tenant intro"},"content":{"rendered":"
<\/div>\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Study of Red Tenant<\/h2>\n\n\n\n

From pure interest I started to study the thing called Red Tenant. What it is and why it is called Red Tenant.<\/p>\n\n\n\n

Red Tenant is not a Microsoft related product name. There are companies which provide Managed Red Tenant -service but my interest is to clarify for myself what is needed to build the red one without selling it outside. Maybe later….<\/p>\n\n\n\n

In practice, a \u201cRed Tenant\u201d usually means an isolated admin control plane. The common components are: a dedicated Entra tenant for admin identities, separate admin accounts from normal user accounts, hardened admin devices\/PAWs, strict Conditional Access, just-in-time role activation through Microsoft Entra Privileged Identity Management, monitoring\/auditing for privileged actions, and controlled ways to manage production tenants or on-premise Active Directory without letting compromise in the normal estate spread into the admin estate. <\/p>\n\n\n\n

Thought red tenant is not a Microsoft product I’ll will write it as it would be used with Microsoft products.<\/p>\n\n\n\n

This might go south but at least I have tried. Here’s some architecture mockup. I’ll explain later what is included in each layer.<\/p>\n\n\n\n

<\/p>\n\n\n\n

    \n
  1. Core <\/li>\n\n\n\n
  2. Identity layer<\/li>\n\n\n\n
  3. Device layer<\/li>\n\n\n\n
  4. Access policy layer<\/li>\n\n\n\n
  5. Elevation and governance layer<\/li>\n\n\n\n
  6. Monitoring and response layer<\/li>\n\n\n\n
  7. Hybrid and Multi-tenant connections<\/li>\n<\/ol>\n\n\n\n

    <\/p>\n\n\n\n

    \"\"<\/figure>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Here was a very short intro to the Red tenant. I’ll be back soon.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t\"Picture\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t\t\tJussi Metso\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t

    Author is a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. <\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Study of Red Tenant From pure interest I started to study the thing called Red…<\/p>\n","protected":false},"author":1,"featured_media":3029,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7],"tags":[61],"class_list":["post-3027","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-entraid-security-governance-management"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2026\/03\/redtenant.png?fit=347%2C241&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pes24X-MP","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/3027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/comments?post=3027"}],"version-history":[{"count":4,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/3027\/revisions"}],"predecessor-version":[{"id":3035,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/3027\/revisions\/3035"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media\/3029"}],"wp:attachment":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media?parent=3027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/categories?post=3027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/tags?post=3027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}