Multifactor Authentication Service on Azure for DTEK

It was essential for DTEK that their admins would not have to use any passwords in the remote admin scenario. Password hashes can be easily compromised by malicious parties – and with admin rights, they would have full access to any IT system. Therefore, after conducting comprehensive research of the market, we came up with the solution to utilize token keys.

Furthermore, using keys or MFA, access to the following components of IT infrastructure becomes easy for admins and users:

• Windows Hello for Business
• Office 365 apps
• The applications supporting MFA and allowing integration with Azure AD

Additionally, the associates would need to access a number of IT services with MFA: Microsoft 365, business applications (SAP, Salesforce), and on-premises applications in virtualized infrastructure. Infopulse suggested using FIDO2 tokens for access to M365 consoles and admin portals as well as configured a number of components to guarantee the smooth performance of Windows Hello for Business.

A joint Infopulse-DTEK team took a comprehensive approach and came up with the following solutions to meet the customer’s requirements:

• Increased security level of accounts. When working remotely, associates connect to the customer’s IT services outside of the controlled environment. Thus, the protection of accounts, especially privileged ones, became a pressing matter for the customer that it tackled with the help of Infopulse.
• Implemented conditional access. Now, the client can control scenarios that might or might not require two-step authentication, for instance, when an authentication request comes from a controlled network segment.
• Access Log for better analytics. The client can view who accessed the system using two-factor authentication and analyze this data.
• Extended MFA functionality. In addition to using off-the-shelf MFA configuration, the client can now also connect cloud applications, which can be integrated with Azure AD and on-premises applications depending on the authentication scenario.
• Offered a multi-layered protection mechanism to privileged account owners.
• Realized MFA and passwordless authentication in hybrid applications that the client has today and secured an opportunity to apply these methods with new applications in the future.
• Leveled up identity protection, creating a solid foundation to upscale security across the whole IT landscape.
• Created a set of tech documentation that supports the main project deliverables:
  • Solution architecture
  • Service passport
  • User guide
  • Admin guide.
• Conducted onboarding sessions and knowledge transfer workshops to introduce users to the implemented system.

Infopulse helped DTEK address a number of security challenges. The joint tech team created a powerful multifold authentication system, allowing our client to set up the necessary access levels for varied roles of users.

Within 6 months, through the joint efforts of the two expert teams, DTEK and Infopulse successfully orchestrated the project delivery and accounted for all the associated risks, which allowed our client to smoothly upgrade the security of their IT services:

• Adoption of recommended information security measures in line with existing industry standards for user authentication
• Increased identity protection without security trade-offs
• Identity and company’s assets theft prevention
• Improved another aspect of collaboration with IT assets through a fully-fledged user authentication solution.