A A
Silversands Logo
Microsoft 365 logo Microsoft 365

Provide your users with the productivity & collaboration tools they need, wherever they are working

Find out more
Azure logo Azure

Overcome the burdens and cost of on-premises infrastructure with powerful, resilient cloud-based services & solutions

Find out more
Microsoft Power Platform logo Microsoft Power Platform

Solve complex business application and process requirements with Microsoft Power Platform

Find out more
On-Premises Solutions logo On-Premises Solutions

Maintain your on-premises environments and migrate legacy solutions to the cloud.

Find out more
Devices logo Devices

Track, manage and maintain your endpoint devices.

Find out more
Custom Development logo Custom Development

Build bespoke solutions that extract maximum value from your Microsoft investment.

Find out more
Support Services logo Support Services
Business Process Digitisation & Automation logo Business Process Digitisation & Automation
Cloud Migration logo Cloud Migration
Collaboration logo Collaboration
Device Management logo Device Management
Hybrid Working logo Hybrid Working
Identity & Access Management logo Identity & Access Management
Intranet logo Intranet
Governance & Compliance logo Governance & Compliance
Organisation Mergers & Demergers logo Organisation Mergers & Demergers
Power Platform Proactive Support logo Power Platform Proactive Support
Security logo Security
User Adoption & Change Management logo User Adoption & Change Management
Windows Desktop logo Windows Desktop

01202 360000 (Switchboard) 01202 360360 (Service Desk)

getstarted@silversands.co.uk

Silversands Ltd, Albany Business Park, Cabot Lane
Poole, Dorset, BH17 7BX

Customer Portal
Silversands identifies Microsoft-focused security optimisations for public sector organisation hero image

Silversands identifies Microsoft-focused security optimisations for public sector organisation

This public sector organisation, with around 4,000 staff, provides services to residents in London.

Technology used :

Microsoft Security Solutions

Silversands identifies Microsoft-focused security optimisations for public sector organisation hero image
What were the challenges?
  • The organisation is not taking advantage of the security benefits of its Microsoft licensing
  • Security functions are provided by a number of separate products which complicates admin, analytics and threat responses.
  • Threat protection may not be as efficient and effective as it could be
What was the solution?
  • Silversands provided a high-level overview of Microsoft security portfolio
  • A security review was undertaken to consider the maximisation of licensing benefits, reducing admin and product complexity, and improving threat protection
What were the results?
  • A number of recommendations were made, including the deployment of Microsoft Defender for Endpoints, consolidation towards the Defender ecosystem and a move from Citrix to Azure Virtual Desktop
  • The recommendations will improve the organisation’s overall security posture, reduce the admin overhead and provide enhanced threat protection.
  • The organisation has taken our recommendations to form part of its internal, strategic deliberations

the background

Following the delivery of a high-level workshop to outline the availability and quality of Microsoft’s security solutions for a public sector organisation, we were asked to provide a security review, with a focus on:

  • Validating whether the benefits of its existing Microsoft 365 licensing were being maximised.
  • Considering the options for reducing administrative and infrastructure complexity
  • Improving the intelligence of threat detection and response
  • Understanding what additional benefits might be realised by purchasing the E5 licence

Separate reviews of productivity and governance & compliance functionality will be completed in due course.

Technical workshop with customer staff
Background
  • Microsoft-focused security review requested
  • Validated the utilisation of existing Microsoft 365 licensing
  • Considered options for reducing complexity
  • Reviewed options for improving threat detection and response
  • Considered additional benefits of E5 licencing

The findings

At the start of the project, our team engaged with the organisations IT services team, and through an interactive workshop, gathered information about current security protections and capabilities, licensing, and third-party solution usage.

From the analysis and discussions with the team, we determined that:

  • Clients and servers are using Microsoft Defender Antivirus as well as Trend Security for non-AV anti-malware protection
  • Defender clients are Group Policy-enabled, so are running without any management console
  • Trend EMS is deployed for email, phishing and link protection
  • Websense and ForcePoint are used for web filtering, although there is a planned move to iBoss
  • There is very limited use of Microsoft 365 and Azure logging to detect specific actions such as risky sign-ins
  • Citrix is significantly used for desktop access
  • Some Group Policy-managed app restrictions policies are in place
  • Azure Conditional Access is in use
  • Multiple consoles and admin services were in use for management, reporting and viewing, with virtually zero data sharing between them
  • There is no Microsoft telemetry being captured
  • A significant number of out-of-support operating systems were deployed on servers with only Trend packet inspection at the firewall to protect against ongoing vulnerabilities

For most organisations ranging from a few hundred to thousands of users like this one, this security scenario is typical, having grown organically over the years, resolving ever changing security considerations with products from different manufacturers. It works to an extent but it can be difficult to manage and doesn’t necessarily provide the optimum protection.

Security administrator looking at lots of different screens
Findings
  • Multiple security solutions and vendors causing complexity
  • Limited use of logging and telemetry
  • Serveral severs running out-of-support operating systems
  • Virtually zero data sharing between different security solutions

the results

Taking the results of the analysis into account, we looked at the key opportunities to maximise the benefits of the existing Microsoft licencing, as well as factoring in where there was value in upgrading to the E5 level.

At a high level, our recommendations include:

  • Replacing the existing but basic Defender Antivirus with Defender for Endpoints, which will provide a centralised management experience for monitoring and alerting but, more importantly, will work with other elements of Microsoft 365 security to share state and activity intelligence
  • Enabling Network Protection and Web Content Filter features of Defender for Endpoint, to provide additional levels of antimalware protection
  • Implementing the new Windows Autopatch feature to keep Windows, Office, Edge and Teams up to date, without the usual patching admin burden
  • Deploying Endpoint Security Policies for Intune Devices, since this provides device status and issue reporting that traditional Group Policy deployment does not
  • Migrating App Locker and App Control functions to Intune, which will reduce the admin overhead and provide additional status and reporting benefit
  • Consolidation of multiple third-party services into the Microsoft Defender ecosystem to reduce admin complexity, gain the advantages of data sharing between the products, enable cohesive responses to alerts and malicious activity, and benefit from likely licence cost reductions
  • Replacing or upgrading systems running unsupported operating systems
  • Implementing Azure Virtual Desktop in place of the existing Citrix infrastructure, to reduce admin-heavy physical infrastructure and gain additional security controls through Conditional Access integration
  • Considering the use of Microsoft Sentinel as the central resource for logging and analytics
  • From a licensing point of view, and based on the currently outlined requirements, rather than purchasing the full E5 licence, our recommendation was to purchase security add-ons to the existing E3 and F3 licences
Security professionals analysing data on monitors

These recommended changes will provide a number of benefits related to:

  • Improving the organisation’s overall security posture
  • Reducing the complexity of the security-related infrastructure
  • Reducing the number of third-party security-related applications
  • Simplifying administration, monitoring, alerting and reporting
  • Enhancing analytics, intelligence and threat response

The IT team has taken the information from our report and factored it into internal deliberations around upcoming solution requirements, licensing optimisations, risks and threats, and organisation strategy. Once these deliberations have been completed, we are expecting to assist this organisation implement our recommendations.

<p>“Microsoft has long had an excellent portfolio of security solutions but the availability of tools and capabilities has significant increased and improved over the past few years to such an extent that it is reasonable to consider a Microsoft-only security deployment for the majority of organisations.”</p> <p> </p> <p>Pete Holland, Lead Security Consultant, Silversands</p>

“Microsoft has long had an excellent portfolio of security solutions but the availability of tools and capabilities has significant increased and improved over the past few years to such an extent that it is reasonable to consider a Microsoft-only security deployment for the majority of organisations.”

 

Pete Holland, Lead Security Consultant, Silversands

Results
  • Numerous recommendations provided
  • Overall security posture can be significantly improved
  • Reducing complexity of security infrastructure will be beneficial
  • Reducing the number of third party solutions is possible
  • Admin, monitoring, alerting and reporting can be made more effective

Other Case Studies you may be interested in