Microsoft Licenses for Servers and PCs
Delivery of Microsoft licenses for servers and PCs: This includes services for license compliance management and security assessment of the Microsoft environment. The contract covers consulting, analysis, and assessment of the IT system to ensure correct licensing, optimize license usage, and increase the security and transparency of the Microsoft infrastructure. This involves consulting to eliminate risks of incorrect software licensing, continuous information as needed, at least annual training on licensing rules and manufacturer terms, and an annual license inventory, which includes scanning, recording, analyzing, and optimizing software and license usage, as well as creating a licensing status report. Furthermore, a systematic discovery of all devices, services, and systems in the network is required for detailed asset information, to obtain a complete infrastructure overview, including undocumented devices, shadow IT, and outdated components; the results will be analyzed, validated, and evaluated for irregularities, risks, and security issues. A detailed analysis of the Active Directory environment to detect security vulnerabilities, misconfigurations, and outdated settings is also part of the contract, covering domain controllers, user and service accounts, GPO settings, protocols, delegations, certification services, and inter-domain relationships, as well as the identification of weak passwords, shadow admin accounts, vulnerable SPNs, outdated objects, insecure scripts, vulnerable protocols (SMBv1, LM/NTLMv1, LLMNR), Kerberos vulnerabilities, incorrect delegations, and DACL/ACE settings; additionally, PKI system configurations, certificate templates, RODC settings, auditing policies, DNS security, and services installed on domain controllers must be checked. An analysis of possible attack paths and a risk assessment must be created. The service includes a structured report with findings, prioritized recommendations for problem resolution, and a presentation of results. Additionally, an IT environment scan to detect security vulnerabilities and verify the resolution of previously identified problems must be performed, including analysis of scan results, removal of false positives, risk prioritization, and remediation recommendations.
CONTRACTING AUTHORITY
Name
ISTARSKA ŽUPANIJA
City
Pazin
Country
HR
CLASSIFICATION
Procedure Type
Open Procedure
Contract Type
Supplies
Main CPV
48000000, Software package and information systems.
Other CPV
72810000, Computer audit services.
ADDITIONAL DETAILS
EU Funded
Yes
Suitable for SMEs
Yes
Electronic Submission
Required
Legal Basis
32014L0024
DEADLINES & TIMELINE
Submission Deadline
27 days remaining(LOT-0000)
Published