HomeMy WebLinkAboutContract 62044-A1Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
CSC No. 62044-A1
Ina
Template Updated May 6, 2024
Microsoft Modern Work & Security Deployment Offer
Services Agreement Verification Form — Proof of Execution
To redeem a Modern Work & Security Deployment Offer Voucher, you must be a Microsoft FastTrack
Ready Partner and demonstrate that you have a service agreement in place with the customer listed
below for deployment of eligible workloads.
Complete this document in English. You may use machine translation for Section 3, when needed. The
document must be dated and signed (physically or electronically) by both Partner and Customer.
Note! Do not modify the template.
Ensure the Customer has provided you with a copy of their Voucher email which indicates the Voucher
Type, eligible workloads, value, and expiration date. Consult the program Terms and Conditions for details
on eligible workloads.
Upload this completed template here when submitting your Final Voucher Redemption Request.
Section 1 (Required): Identify Voucher ID #, Expiration Date, and Voucher Type redeemed.
You will need the Voucher email from the Customer to complete this correctly.
Voucher ID: 005396
Voucher Value $: (US dollars)
$ 50,000
Voucher Expiration Date: (From voucher email) 12/28/2024
Voucher Type: (Select one)
FY23 Vouchers FY24 Vouchers
❑ M365 Deployment IK M365 Deployment
❑ Migration and M365 Deployment ❑ Migration and M365 Deployment
❑ Growth Bets
❑ M365 Deployment H2
❑ Migration and M365 Deployment H2
OFFICIAL RECORD
CITY SECRETARY
FT. WORTH, TX
Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
Section 2 (Required): Select the workload(s) to be deployed for the type of Voucher redeemed. Note: All
M365 Migration and Deployment Vouchers must include one or more of the eligible Migration activities and
must include M365 Deployment workload activities.
M365 Deployment Voucher Workloads
❑ Teams Platform
❑ Teams Meetings
❑ Teams Phone
❑ Microsoft Endpoint Management / Microsoft Intune
❑ M365 Apps
X❑ Azure Active Directory Premium Conditional Access (AADP CA) / Microsoft Entra ID
❑ Microsoft Purview Insider Risk Management (IRM) / Microsoft Purview Data Lifecycle Management (DLM)
❑ Microsoft Purview Information Protection (MIP) / Azure Information Protection (AIP)
❑ Microsoft Purview Data Loss Prevention (DLP)
❑ Microsoft Defender Endpoint (MDE) / Microsoft Defender Advanced Threat Protection (MDATP)
❑ Microsoft Defender for Cloud Apps (MDC) / Microsoft Cloud App Security (MCAS)
❑ Microsoft Defender for Identity (MDI) / Azure ATP
❑ Microsoft Defender for Office (MDO)
❑ Exchange Online
❑ SharePoint Online
❑ Outlook Mobile
❑ Yammer
Migration and M365 Deployment Voucher Workloads
(Only complete this section if you are redeeming a Migration and M365 Deployment Voucher. Select the
eligible migration activities below. You must also include M365 deployment activities from the table above.)
❑ From Office on prem to
❑ From Box to
❑ From Okta to
❑ From Slack to
❑ From VMware to
❑ From Google to
❑ From Zoom to
❑ Only for FY24 Vouchers: From (indicate Source) to (indicate Target)
Growth Bets Voucher Workloads
(Only complete this section if you are redeeming a FY23 Growth Bets Voucher. Do not complete any other
part of section 2.)
I❑ Frontline Worker
Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
❑ Viva
❑ Teams Room
❑ Teams Phone
❑ Windows 365
Section 3: (Required) Scope of Work Details Describe in a bulleted point list the M365 deployment activities
performed for each of the workload areas selected in Section 2. Indicate in US dollars (USD) the total cost of
services delivered for M365 Deployment and/or Miqration (if applicable).
Discovery
Client to provide Patriot with the list of applications to migrate from DKTA to Entra (Ma):ifntim o* 5
Applications}
Patriot will read-only access to the OKTA administrative portal
o An AN Token will be created to run the QKTA discovery Tool
n An Entra 11) app registration with spetifrc permissions for migration will be treated for the
migration
- Pat riot wiII determinewhiCh appiwaUOns are touna,n the! Azure Gallery, and which dppiiuvon3
require custom SAML configuration.
Client to determine which applications require notific_oblj . �,s •i�x ia.
In v __ i -A _ i \, _, Clientwfll identifythe application's business
stakeholder. The stakeholder is thr i A of contact for the application ! .. :.... ,'.ble
for x,thorizing the 550 Change.
Patriot will review the Current GKTA Configuration
Pat riot will also review Entra ID Connect implementation
r I an Upgrade is requited of the current Entra ID Connect, Patriot will assist with up_qrading
the agent
0 Pa$5wOrd Hash Sync will be the topology created For identities
Deliverables
u The Following deliverables are required to exit the Discovery phase, before proceeding to the
Planning phase_
• Client Deliverable: List of Applications by application stakeholder name, and cutover
window (datWlime).
• Patriot Deliverable_ Vkriot will update the Client Deliverable to include a column that
identifie, which applications are found in Azure Application Gallefy, Over the course
of the project thisworksheet will include the external vendor contact information
and other details related to each application,
4KTA migration tool
As a Mkrasaft Security partner, Patriot will be responsible for setup and deployment of the OKTA
Migration Tool
Patriot will need at least read-only access to the CKTA tenant
C An API Token will need to he created to run the 0KTA discovery Toal
o An Entra ID app registration with specific perm issions for migration will also need to be
Created for the migration
Planning
Patriot Entra ID $50 Engineer will peffnrm envisioning of Entra iu rnpnt arts admin estperlenne
Patriot and Client will meet to discuss the roject schedule.
Client Project Man�c�er will create a pfJjWNS ,, , vrtd planning sessions have been Completed
Client to ck iA%q . f l..iication plans foreach application
Client to provide App Targeting information {based an Dynamic Rules or Group Membership}
o Patriot to assist client with creating Dynamic Group ,. , . L , . ,. , requ,red
Planning !meetings to deep dive an the fallowing:
c Password Hash Synchronization
r Conditional Access Policies
,. Muhl-Factar Aut?wntication
C Identity Types {Guest, . !q °ice , _W, .
- Client Application Stakeholder will identify the communication recipii .:' .,.. h application to
prepare for sending notifications to end users about the Change.
Identity Review
Patriot to review current identiur manaaement structure
Docusign Envelope ID: 3672489A-lB43-4ADC-B5BE-977BFODB69A2
C User creauan / Onboarding
User updates {name change, tide change, etc}
User Iifecycle manatgemerr.
Configuration
- Entra ID Connect Configuration
En�i}le Pass,v�id Hash Syncnror�lzation
Enable SSPR Write -Rack
Enable EmployeelWEmployeeHumber Custom Attribute Sync iF needed
• Patriot ME also review other Custom Attributes to verify if additional attributes are
required
PaMut will pre -stage the Azure configuration for SSO Applications
There are two types of Application Configurations
• Self -Initiated
A self -initiated application configuration is where the Client has full
administrative a€cess to make changes to the SSO configuration witfinut
contacting the Application Vendor_ In this case, the Client will be responsible
for obtaining the administrative account with necessary permissions, along
with the inorLwtiof,s ffom Ihr Application Vender For making the changes to
the application. Patriots respansilaility will be to make changes tc the Azure
side of the configuration. patriot will provide guidance to client fof making
changes to the Application vendor configuration on a best effort basis
■ Vendor -Initiated
Avendot~initlated application t06frguration is where the Client does not
have an administrative interface to make changes to the SSO Configuration_
In this situation, the diem must tontact the Application Vendor to
coordinate an email or phone call to exchange SSO intarmation and
coordinate the change to the application.
Client will coordinate a date ancE time With the Application Vendor and Patriot for the
configuration during a mutvWly agreeable time between Patriot and Application Vendor.
Client Application Stakehalder will identify the communica0cin recipient list far each
application to prepare for sending notikationS to end users about the Change.
Entra ID MyApps Portal
Patriot to assist with setting up two (2} custom MyApps Portals to customize the login page
for applications in Entra ID
Company Branding
Patriot to assist with setup guidance of Company Branding for the Microsoft login page
IRMWWr at9rk5i4n$
I'm riot Ea assist with hmwser extensivnsfaF Microsoft Edge and Google Chrome
Multi-Fa€taF Authentication (MFA) with Conditional Access
Fat riot to assist client with planning a pilot group for enabling IMFA With conditional access
Patriot to review the various conditional access capabilities as it relates to MFA
o Patriot to assist client with punning an which settings will be evaluated
o Patriot to provide download hyperlinks to MFA compatible PowerShell modules
Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
C User creauan / Onboarding
User updates {name change, tide change, etc}
User lifecycle manatgernerr.
Configuration
- Entra I Connect Configuration
En�i}le Pass,v�id Hash Syncnror�lzation
C.
Enable SSPR Write -Rack
Enable EmployeelNEmpluyeeHumber Cus#am Attribute Sync iF needed
• Patriot wilE alsa review other Cu stern Attributes to verify if additional attributes are
fequ4ed
111111111111111111Ef:*7
Patriot will pre -stage the Azure configuration for SSO Applications
There are two types of Application Configurations
• Self -Initiated
A self -initiated application configuration is where the Client has full
administrative acres to make changes to the SSO configuration without
contacting the Application Vendor. In this case, the Cient will be resparsible,
fay obtaining the administrative account with necessary permissions, alorrcg
With the iii0iuctiaf,s Ffom thr Application Vender For making the changes To
the application. Patriots responsibility wdl be to make changes to the Azure
side of the configuration. patriot will pruvide guidance to client fuf making
changes to the Application vendor configuration on a best effort basis
■ Vendor -Initiated
F Avendor-initiated application configuration is where the Client does not
have as administrative interface to make changes to the SSQ Configuration.
In this situation, the diem must coTrtact the Applicatian Vendor to
coordinate an email or phone call to exchange SSO intarmation and
coordinate the change to the application.
Client will coordinate a date ancE time With the Application Vendor and Patriot for the
configuration during a mutually agreeable time between Patriot and Application Vendor.
Client Application Stakeholder wiH identify the cvmmvnication recipient list for each
application to prepare for sending notifications to end users about the change.
Entra ID MyAppi Portal
Patriot to assist with setting up two (2) custom MyApps Portals to customize the login page
for applications in Entra la
Company Branding
Patriot to assist with setup guidance of Company Branding for the Microsoft login page
Brawler Extensions
Patriot ra assist with browser ex#enSianS for Microsoft Edge and Goagle Criir ome
Multi -Factor Authentication (MFA) with Conditional' Accesi
Patriot to assist client with planning a pilot group for enabling MFA with conditional access
Patriot to review the various conditional access capabilities as it relates to MFA
o Patriot to assist client with planning on which settings will be evaluated
o Patriot to provide download hyperlinks to MFA compatible PowerShell modules
Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
Patiot to assist Client with configuring MFA ano 3 condai tes per planning
meeting
Patriot to assist with installing administrative flower5heli MFA modules (as necessary)
Patriot to assist client with testing MFA and conditional access pelkies with test group
Patriot to assist configuration of MFA using Passwordim authentication
1 Patriot to assist dent wi,h deploying Conditional Access polishes gluhally (per design fpian)
Total cost of deployment services provided: Total cost of migration services provided (only
applicable for Migration and M365 Deployment
vouchers):
US$_$50,000 US$
Total Cost of Services (deployment + migration) provided:
US$_$50,000
Section 4: (Required) Partner and Customer Contact Information
Partner Company Name Patriot Consulting Technology Group, LLC
Partner Signatory Name Rick Cox
Partner Signatory Role President
Partner Signatory Email rcox@patriotconsultingtech.com
Customer Tenant ID
Customer Company Name
Customer Signatory Name
Customer Signatory Role
Customer Signatory Email
17beO4d4-Oc77-4ca7-9b1 b-275afe6cO7Ob
City of Fort Worth
Mark McDaniel
Deputy City Manager
mark.mcdaniel@fortworthtexas.gov
Docusign Envelope ID: 3672489A-1B43-4ADC-B5BE-977BFODB69A2
Section 4.1 (Required) Partner and Customer Acknowledgement
By signing below, Partner represents, understands, and agrees that:
• The foregoing is a true and accurate description of the deployment activities provided to the Customer.
• In addition to the deployment activities outlined above, Partner delivery of the Microsoft 365 FastTrack
Benefit (for M365 Deployment Vouchers) and/or the FastTrack Data Miaration Benefit (for Migration and
M365 Deployment Vouchers) was at no cost to the Customer if provided. If either was provided, please
indicate this in Section 3 above, including the zero cost.
• Any contact information or usage information collected for this offer will not be used for marketing
(,Rw'g3o&@s &&:less explicitly agreed to by the Customer.
I K& col 12/18/2024
`SHH (bbbbAyF U4 LU...
Partner Signature Date Signed
Jan 8, 2025
Customer Signature Date Signed
Section 4.2 Public Sector Disclosure
By signing this document, the customer listed in Section 4 acknowledges that the partner listed in Section 4 will seek association to our
Microsoft Customer Tenant ID under the Microsoft Partner Incentives program, and that as part of their association, the partner may
receive monetary fees, commission, or compensation from Microsoft in connection with the services provided to the customer.
ON
(Public Sector) Customer initials here: MM
[Executed effective as of the date signed by the Deputy City Manager above.] / [ACCEPTED
AND AGREED:]
CITY OF FORT WORTH INTERNAL ROUTING PROCESS:
Approval Recommended:
By:
Name: Kevin Gunn
Title: Director, IT Solutions
Approved as to Form and Legality
M. k&t'yr //
By: M. Kevin Anders, II (Jan 8, 202510:37 CST)
Name: M. Kevin Anders, II
Title: Assistant City Attorney
Contract Authorization:
M&C: N/A
Approved: N/A
1295: N/A
Contract Compliance Manager:
By signing I acknowledge that I am the person
responsible for the monitoring and administration
of this contract, including ensuring all performance
and reporting requirements.
�
By: P
Name: Jeff Park
Title: Senior Manager, IT Solutions
City Secretary:
By:
Name: Jannette Goodall
Title: City Secretary
4.ppU4ngb
�a F�Rr ha
c$
a �o9�1dd
Ovo o=d
ddP * 000 00 o*�d
aan�bn�6454pq
OFFICIAL RECORD
CITY SECRETARY
FT. WORTH, TX