Silversands Logo

Silversands Ltd, Albany Business Park, Cabot Lane
Poole, Dorset, BH17 7BX

Customer Portal
Silversands identifies Microsoft-focused security optimisations for public sector organisation hero image

Silversands identifies Microsoft-focused security optimisations for public sector organisation

This public sector organisation, with around 4,000 staff, provides services to residents in London.

Technology used :

Microsoft Security Solutions

Silversands identifies Microsoft-focused security optimisations for public sector organisation hero image
What were the challenges?
  • The organisation is not taking advantage of the security benefits of its Microsoft licensing
  • Security functions are provided by a number of separate products which complicates admin, analytics and threat responses.
  • Threat protection may not be as efficient and effective as it could be
What was the solution?
  • Silversands provided a high-level overview of Microsoft security portfolio
  • A security review was undertaken to consider the maximisation of licensing benefits, reducing admin and product complexity, and improving threat protection
What were the results?
  • A number of recommendations were made, including the deployment of Microsoft Defender for Endpoints, consolidation towards the Defender ecosystem and a move from Citrix to Azure Virtual Desktop
  • The recommendations will improve the organisation’s overall security posture, reduce the admin overhead and provide enhanced threat protection.
  • The organisation has taken our recommendations to form part of its internal, strategic deliberations

the background

Following the delivery of a high-level workshop to outline the availability and quality of Microsoft’s security solutions for a public sector organisation, we were asked to provide a security review, with a focus on:

  • Validating whether the benefits of its existing Microsoft 365 licensing were being maximised.
  • Considering the options for reducing administrative and infrastructure complexity
  • Improving the intelligence of threat detection and response
  • Understanding what additional benefits might be realised by purchasing the E5 licence

Separate reviews of productivity and governance & compliance functionality will be completed in due course.

Technical workshop with customer staff
  • Microsoft-focused security review requested
  • Validated the utilisation of existing Microsoft 365 licensing
  • Considered options for reducing complexity
  • Reviewed options for improving threat detection and response
  • Considered additional benefits of E5 licencing

The findings

At the start of the project, our team engaged with the organisations IT services team, and through an interactive workshop, gathered information about current security protections and capabilities, licensing, and third-party solution usage.

From the analysis and discussions with the team, we determined that:

  • Clients and servers are using Microsoft Defender Antivirus as well as Trend Security for non-AV anti-malware protection
  • Defender clients are Group Policy-enabled, so are running without any management console
  • Trend EMS is deployed for email, phishing and link protection
  • Websense and ForcePoint are used for web filtering, although there is a planned move to iBoss
  • There is very limited use of Microsoft 365 and Azure logging to detect specific actions such as risky sign-ins
  • Citrix is significantly used for desktop access
  • Some Group Policy-managed app restrictions policies are in place
  • Azure Conditional Access is in use
  • Multiple consoles and admin services were in use for management, reporting and viewing, with virtually zero data sharing between them
  • There is no Microsoft telemetry being captured
  • A significant number of out-of-support operating systems were deployed on servers with only Trend packet inspection at the firewall to protect against ongoing vulnerabilities

For most organisations ranging from a few hundred to thousands of users like this one, this security scenario is typical, having grown organically over the years, resolving ever changing security considerations with products from different manufacturers. It works to an extent but it can be difficult to manage and doesn’t necessarily provide the optimum protection.

Security administrator looking at lots of different screens
  • Multiple security solutions and vendors causing complexity
  • Limited use of logging and telemetry
  • Serveral severs running out-of-support operating systems
  • Virtually zero data sharing between different security solutions

the results

Taking the results of the analysis into account, we looked at the key opportunities to maximise the benefits of the existing Microsoft licencing, as well as factoring in where there was value in upgrading to the E5 level.

At a high level, our recommendations include:

  • Replacing the existing but basic Defender Antivirus with Defender for Endpoints, which will provide a centralised management experience for monitoring and alerting but, more importantly, will work with other elements of Microsoft 365 security to share state and activity intelligence
  • Enabling Network Protection and Web Content Filter features of Defender for Endpoint, to provide additional levels of antimalware protection
  • Implementing the new Windows Autopatch feature to keep Windows, Office, Edge and Teams up to date, without the usual patching admin burden
  • Deploying Endpoint Security Policies for Intune Devices, since this provides device status and issue reporting that traditional Group Policy deployment does not
  • Migrating App Locker and App Control functions to Intune, which will reduce the admin overhead and provide additional status and reporting benefit
  • Consolidation of multiple third-party services into the Microsoft Defender ecosystem to reduce admin complexity, gain the advantages of data sharing between the products, enable cohesive responses to alerts and malicious activity, and benefit from likely licence cost reductions
  • Replacing or upgrading systems running unsupported operating systems
  • Implementing Azure Virtual Desktop in place of the existing Citrix infrastructure, to reduce admin-heavy physical infrastructure and gain additional security controls through Conditional Access integration
  • Considering the use of Microsoft Sentinel as the central resource for logging and analytics
  • From a licensing point of view, and based on the currently outlined requirements, rather than purchasing the full E5 licence, our recommendation was to purchase security add-ons to the existing E3 and F3 licences
Security professionals analysing data on monitors

These recommended changes will provide a number of benefits related to:

  • Improving the organisation’s overall security posture
  • Reducing the complexity of the security-related infrastructure
  • Reducing the number of third-party security-related applications
  • Simplifying administration, monitoring, alerting and reporting
  • Enhancing analytics, intelligence and threat response

The IT team has taken the information from our report and factored it into internal deliberations around upcoming solution requirements, licensing optimisations, risks and threats, and organisation strategy. Once these deliberations have been completed, we are expecting to assist this organisation implement our recommendations.

<p>“Microsoft has long had an excellent portfolio of security solutions but the availability of tools and capabilities has significant increased and improved over the past few years to such an extent that it is reasonable to consider a Microsoft-only security deployment for the majority of organisations.”</p>
<p> </p>
<p>Pete Holland, Lead Security Consultant, Silversands</p>

“Microsoft has long had an excellent portfolio of security solutions but the availability of tools and capabilities has significant increased and improved over the past few years to such an extent that it is reasonable to consider a Microsoft-only security deployment for the majority of organisations.”


Pete Holland, Lead Security Consultant, Silversands

  • Numerous recommendations provided
  • Overall security posture can be significantly improved
  • Reducing complexity of security infrastructure will be beneficial
  • Reducing the number of third party solutions is possible
  • Admin, monitoring, alerting and reporting can be made more effective