Wave Three
In Wave Three we have a lot of Stages (17-22)
What sets Wave Three apart is the Stages it contains, these are more for operational purposes for IT.
Here we build the center for Documentation in Azure Dev Ops, we will use pre build tools that will help It admins to transform a Word document to a MarkDown file.
Same as in Wave Two: All these are configured to work as a Protection Set. Each set stands on it's own and is designed to work with the other Protection Sets. This is not only a best practice setup but also a detailed configuration for the Protection Sets eco system.
As mentioned previously: see this as an Eco system, leave multiple sets out creates gaps in your security.
Every Phase has it's matching documentation and guidelines. Using the custom build Microsoft Teams we now focus on another tab called "Protection Sets".
This tab is a direct link to the Word documents and matching scripts.
Opening a folder you see the Word document(s) and any required files.
There are video files provided for the task at hand to help you understand the high level what you are about to do.
Example of a Word document, some can be small (only a few pages) but can take a long time to get agreed upon.
Operations Suite
Your admins need to run operations and prove outcomes. The Operations Suite brings both together:
Lifecycle automates user and device workflows (create, onboard/upgrade, deploy devices, enforce MFA, offboard).
InSights delivers reporting and analytics (users, MFA coverage, app bypass MFA, dormant accounts, Conditional Access with deleted groups, and more).
Lifecycle — Standardization for IT Admins
Purpose: Execute repeatable, secure workflows for identities and devices.
What it handles
-
User creation & onboarding: accounts, licenses, group membership, Teams/SharePoint access.
-
User upgrades: role changes, access updates, Conditional Access adjustments.
-
Device deployment: enroll to Intune/Defender, apply compliant baselines, encryption, OS hardening.
-
MFA enablement/enforcement: ensure strong identity posture by default.
-
Offboarding (users & devices): disable/lock accounts, revoke tokens, wipe/enroll removal, archive mail/OneDrive, clean up sharing.
Benefits
-
Faster provisioning and fewer errors
-
Consistent baselines across identities and endpoints
-
Cleaner, safer offboarding (no orphaned access)
-
Ready for audit (evidence captured as part of each workflow)
InSights — Reporting & Analytics
Purpose: Provide audit‑ready visibility into identity, access, device, and policy health.
Key report areas (examples)
-
Users & MFA Coverage: who is protected, who isn’t, and trends over time.
-
App Bypass MFA: apps or exceptions circumventing MFA; highlight risk and remediation candidates.
-
Dormant Users: accounts with little/no activity; identify cleanup opportunities.
-
Conditional Access Health: policies referencing deleted groups or broken conditions; find and fix policy drift.
-
Privileged Roles & Elevations: who has standing access, who gets just‑in‑time elevation, and how often.
-
Device Compliance & Encryption: compliant vs non‑compliant endpoints, encryption status, onboarding coverage.
