1. Assessment • Provide project management and oversight. • Consultant is responsible to complete a discovery, research, analysis and review with the City to develop a compressive implementation plan. Ensuring Security, Compliance, Governance and regulatory requirements are incorporated in the implementation plan. • Requirements that must be met are NIST 800-53, NIST 800-145 CJIS, FIPS 140-2, NERC CIP standards, FedRAMP, Cybersecurity Insurance frameworks and best practices. https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-nerc • Consultant assessment and inventory of the current systems. Exchange, Active Directory, Active Directory Federation Services (ADFS), file migration and integrating multiple tenants to a new cityofredding.gov tenant. • Identify and define any and all applicable data compliance requirements, i.e. Identity Protection, Data Loss Protection, Microsoft Information Protection (classification and labeling), data retention, email retention, external sharing, etc. • Multi-factor requirements for external access, privilege accounts or critical services. • Research method to migrate Single Sign-On from Active Directory Federation Services (ADFS) to Entra ID. • The City will continue to use its own endpoint protection. • Complete implementation within 12 months after kick off. • The City reserves the right to negotiate changes to original proposal(s). • Identify testing and provide training that is needed for migration. 2. Preparation • Establish permission structure and documentation matrix for all applicable application products implemented. • Develop an achievable implementation schedule, to include all appropriate timelines and deadlines, chronological list of milestones, responsible party tasks and important dependencies that pertain to measurable implementation of Microsoft 365 GCC. • Discover then design SharePoint, the migration plan for user data to SharePoint, Teams and OneDrive. • Minimize day to day impact to public safety and City business during implementation. 3. Migration – Cutover • Integrate on-premise Active Directory and migrate ADFS for Single Sign-On into Entra ID. • Migrate on-premise Exchange 2016, configured for Hybrid, with approximately 1200 mailboxes, 300 distributions groups and 50 shared resource mailboxes, etc. to Exchange online. • Configure Defender for Exchange to replace Barracuda Email Security Gateway SG-400. • Configure Microsoft Sentinel. • Create and configure SharePoint, migrate user data to SharePoint, Teams and OneDrive. • Configure conditional access and smart lockout. • Multi Factor Authentication for access from outside the City of Redding private network. MFA to access privilege accounts or critical services. • Migrate Barracuda, model 450, Email Archiver to Microsoft email archiver. • Integrating all existing multi-tenant domains to primary tenant domain. Migrate existing volume licenses to the primary .gov tenant. 4. Post Migration • Provide documentation of the base line configuration, i.e. as built document. • Consultant will be available for 180 days after implementation to address any requirements that still need resolution. 5. Training • Provide tenant administrator training; proper on-boarding and off-boarding process, Exchange Admin Center, Security Admin Center, Compliance Admin Center, Entra ID, Defender, SharePoint, Intune, MDM, Sentinel, etc. Exchange archive retrieval training for Freedom of Information Act requests and legal holds.
