This standard provides base-level requirements for ensuring a client’s Azure Active Directory (AAD) contains the necessary information and attributes to integrate with Halo’s CMDB and automated business processes. Adherence and tactical adoption of this standard within a client’s On-Prem AD with AAD Connect or AAD is a fundamental catalyst to enable our Product Development Core Process and ensures alignment or progression toward compliance with centrexIT’s Quality, Information Security, and Financial Policies; Processes; and Procedures. Here in, referred to as Collective Command.

• In Scope AAD Objects

• Active Users

• Service Accounts

• Security Groups

• Assumptions

• Client’s environment meets Requirements in Section 3

• Client trust, stakeholder involvement, and approval

• Tactical adoption based on a client’s IT Roadmap or Business Need

• Risks

• Misalignment disrupts our Collective Command, resulting in increased consumption and utilization

• Misalignment increases the likelihood and need for manual processes and the potential for human error

• Dependencies

• Processes and automation for creating accounts for On-Prem AD with AAD Connect Clients

• Halo automation and workflows for AAD Only clients

• Active Directory

• On-Prem AD with AAD Connect

• AAD Only

• Assessments and Changes to a client’s production environment to adopt and implement this Standard shall be part of centrexIT’s Onboarding, Change, buildIT, or myIT Processes

• Active Users– Reference tables below for perquisites and requirements. The listed AAD Attributes are either Required or Client Specific to enable Product Development initiatives & processes.

• Prerequisites

    1. Client/HR approved active list of employees with required or client specific AAD attributes
    2.    All inactive or former employees disabled, sign-in blocked, and unlicensed (unless under legal hold)
    3.    Appropriate _Change Control_ related to the given _Process_ (e.g., Onboarding, myIT, buildIT)

AAD B2C Attribute	Attribute Type	Requirement	Usage
department	String	Required	Client reporting
displayName	String	Required	GAL & Login Name
employeeId	String	Client Specific	For client specific business cases
givenName	String	Required	First Name
jobTitle	String	Required	For cIT and client reporting
mail	String	Required	SMTP address
manager	directoryObject	Required	For authorized approval processes & Direct Reports
mobilePhone	String	Client Specific	For future user authentication by text message, client specific use-cases
physicalDeliveryOfficeName	String	Required	For cIT and client reporting
proxyAddresses	String collection	Client Specific	Alias email addresses
surname	String	Required	Last Name
telephoneNumber	String	Required	Work Phone Number
userPrincipalName	String	Required	M365 Username and Sign-In

• Service Accounts (SA) - Reference tables below for prerequisites and requirements

• Prerequisites

    1.    cIT and client reviewed Service Accounts
    2.    Approved naming convention, description of the process, and Service Owners
    3.    Client Specific use-cases or needs assessed
    4.    Appropriate _Change Control_ related to the given _Process_ (e.g., Onboarding, myIT, buildIT)

AAD B2C Attribute	Attribute Type	Requirement	Populate field with	Usage	Examples
department	String	Required	[Department of Service Owner]	Client reporting	Finance, IT, [Vendor Name]
displayName	String	Required	[Name of Service]	Client approved naming & standard cIT naming convention	PBA Admin, cit_svc_ds_123456
givenName	String	Client Specific		Only if required for client business, use-case
Job title	String	Required	svc-[Brief Description]	64 character description or usage	svc-[PBA] vendor support, svc-cIT Halo Integration
mail	String	Client Specific		Business, use-case specific
manager	directoryObject	Required	[Service Owner’s Name]	Who’s accountable for or owns this account? Who can authorize changes to this account or managed services?	John Doe, [Client POC]
physicalDeliveryOfficeName	String	Required	[Location of Service Owner]	For cIT and client reporting	Building 123, cIT
surname	String	Client Specific		Only if required for client business, use-case

• Security Groups – Reference tables below for prerequisites and requirements

• Prerequisites

    1.  Client approved usage or creation of Security Groups
    2.  The M365 Security Groups to support Halo functions are active or created

AAD Security Group with the following Members	Example	Usage
All Active & Licensed Users	All [Company]	Total number of managed users, contact list, Halo access via Azure SSO, Tagged in Halo as a managed user
All service accounts	All Service Accounts	Total number of service accounts, Halo import

• User profile attributes for Azure AD B2C - User profile attributes in Azure Active Directory B2C | Microsoft Learn

• Review AAD B2C Requirements

• Graph Rest API v1.0 - Microsoft Graph REST API v1.0 endpoint reference - Microsoft Graph v1.0 | Microsoft Learn

• Referenced to ensure Halo integration

Term	Definition
Product Development	cIT Core Business Processes
Core Process	10 vital business processes that are critical to the organization’s success and survival
Collective Command	As it relates to this Standard, the positive or negative impact if this Standard is in alignment or misalignment to our Policies, Processes, and Procedures
IT Roadmap	vCIO product and plan with each client’s projected IT projects and actions
Business Need	Client factor weighed and prioritized on the value it brings to a Client’s organization
Required	As it relates to this Standard, AAD B2C Attributes that are required to be populated