Take a peek on what projects we've worked so far - here you can find extensive information
about several projects in which we described the objectives, the challenges and the results.
Having a small IT team, wrangling day-to-day support requests and updates left little time to explore new business technologies that would move the needle forward. Growth was another driving force behind the need for an email overhaul. The organization wanted a flexible email and mobile management solution that would seamlessly support mobile productivity and minimize the burden on IT.
Another key interest was that employees should be able to easily share information with the right people, while preventing oversharing. This included being able to share sensitive data safely with only those who should have access to it.
Last but not least, the replacement of a traditional firewall with security and threat protection capabilities from the O365 suite was needed.
1) Exchange Environment
When exploring email solutions, the organization wanted to stay within Office 365 because users were already accustomed to Microsoft products. They weighted the advantages of upgrading the company’s servers and staying completely onpremises or completing a hybrid configuration to get the best of both worlds.
To preserve its onsite servers while supporting a mobile workforce, the team opted for an Office 365 hybrid deployment and the E3 package, giving users access to the Exchange environment and full suite of Office applications on their mobile devices and desktops. The complete project scope included:
• Mailbox migration.
• Hybrid Exchange deployment.
• Password sync for Office 365.
• Active Directory federation.
• Public folder migration.
By implementing single sign-on via Active Directory Federation Services, the organization could create a seamless user experience between the cloud and on-premises worlds. When executing a hybrid migration, a few missteps in the planning and deployment phase can delay the migration, degrade the experience or result in an unsupported configuration. Following Microsoft best practices is key to delivering a complete errorfree deployment. The activities plan included the following activities:
• Pre-requisite checking for Active Directory,
IP & URLs whitelisting and Office 365 hybrid configuration.
• Error fixing and infrastructure preparation.
• Configuration of User Principal Names (UPN) suffix for Active Directory.
• Office 365 tenant registration and domain verification.
• Installation and configuration of Azure AD sync server.
• Synchronization of AD user with Office 365.
• Installation and configuration of Authentication Agents for PTA.
• Pass-Through Authentication (PTA) configuration and testing for Office 365 tenant.
• Configuration of Azure AD conditional access policies for cloud login security.
• Configuration of Azure AD Identity Protection/Privileged Identity Policies.
• Mailbox migration.
• Configuration of Apps Protection/Exchange Online policies.
• Configuration of Network Security.
2) Microsoft Teams
When it comes to collaboration, they opted for Microsoft Teams - a client interface on top of other services that provides agile, real-time communication and collaboration for teams/groups.
Implementing Microsoft Teams enabled their project-oriented teams to have a conversation, work together in files, call, and meet right where the work is happening.
Different configurations on Microsoft Teams (like
private teams) helped the organization to:
• Protect your intellectual property.
• Enable easy collaboration.
• Create a balance between security and usability that increased user satisfaction and reduced the risk of shadow IT.
Having a variety of information, with varying
degrees of sensitivity can have varying degrees of business impact if the information is inappropriately shared. The following configurations were implemented to overcome this challenge:
• Information such as marketing brochures were permitted for sharing broadly outsidethe organization. These types of information need little or no protection. Those same marketing brochures, while under development, might only be shared inside the organization. In this case, the default sharing settings in Teams may be sufficient.
• Information about a new product that is under development is considered sensitive, even within the organization. A greater degree of protection was appropriate in this case. Access to this information was restricted to members of a specific team, for example.
For configuring a secure collaboration within the organization, the following capabilities and features were used:
• O365 Advanced Threat protection - ATP Safe Attachments for SPO, OneDrive and Teams; ATP Safe Documents; ATP Safe Links for Teams.
• SharePoint - Site and file sharing policies, Site sharing permissions, Sharing links, Access requests, Site guest sharing settings.
• Microsoft Teams - Guest access, private teams, private channels.
Another way of boosting collaboration inside the organization was through creating featurerich site pages directly in SharePoint Online for teams and communication. This enabled users to have a seamless and common experience when browsing the internal pages. This way the organization was able to trademark all internal pages with their logo. Implementing a set of security and compliance capabilities across files, whether created through Microsoft Teams or directly in SharePoint sites, was necessary in order to ensure a secure environment by following the principle of least privilege.
Other functionalities that SharePoint delivered
• Broad communication using Communication sites and SharePoint News.
• Storing files in the cloud, making them accessible to a broad audience.
• Storing sensitive or highly classified files and applying robust permission management, secure access, and compliance capabilities.
Microsoft SharePoint helps manage
content, knowledge and applications to:
• Empower teamwork.
• Quickly find information.
• Seamlessly collaborate across the organization.
As file-share servers needed to be migrated to a more sustainable solution, OneDrive was the way to go, keeping in mind that accessibility from anywhere, on any device, was needed. OneDrive proved to be ideal for work in progress and sharing with specific individuals. Documents are private until you share them. Sharing files individually and working on Office documents with other team members at the same time proved essential for some teams, as before versioning of files was always a mess and working on the same documents was not done in an efficient manner.
OneDrive provided for the organiztion a robust but simple to use cloud storage platform. Employees can now:
• Access files from any device. Each user can now access all personal files and those files others share with all his devices, including mobile, Mac, and PC as well as in a web browser.
• Sharing inside or outside the organization. Users can now securely share files with people inside or outside your organization by using their email address.
• Collaboration with deep Microsoft Office integration. Document coauthoring can be done in Office for the web, Office mobile apps, and Office desktop apps, helping maintain a single working version of any file.
5) Power Automate
The daily processes that the organization faces are an essential part of their business – processes that were really slow and heavy before using Microsoft technologies, as most data-handling was done manually, in a traditional manner.
With the help of Power Automate, they managed to overcome most challenges and added agility
to these processes:
• Now most business processes are automated.
• Reminders for past due tasks are sent automatically.
• Moving business data between systems is done on a schedule, automatically.
• Computing data in traditional Excel files are now done automatically.
The organization can now be assured that employees enter data consistently and follow the same steps every time they work with a customer - a business process flow created with Power Automate takes care of that. Business process flows provide a guide for all employees to get work done. They provide a streamlined user experience that leads them through the processes their organization has defined for interactions that need to be advanced to a conclusion of some kind. Business process flows define a set of steps for people to follow to take them to a desired outcome. These steps provide a visual indicator that tells people where they are in the business process. Business process flows reduce the need for training because new users don’t have to focus on which entity they should be using. They can let the process guide them.
6) Advanced Threat Protection
Malware and sophisticated cyberattacks, such as fileless threats, are a common occurrence for a governmental organization. It is imperative to protect themselves with effective IT network security capabilities. Such attacks can cause major problems, ranging from a loss of trust to financial woes, business-threatening downtime, and more. The migration to Office 365 offered an unique opportunity to explore the capabilities of Advanced Threat Protection, protecting the organization with adaptive built-in intelligence. Now, with its capabilities, the organization detects and investigates advanced threats, compromised identities, and malicious actions across their environment.
• Multi-factor authentication and
conditional access - Protects against compromised identities and devices. This
protection it's foundational.
• Azure Advanced Threat Protection - A cloud-based security solution to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
• Office 365 Advanced Threat Protection - Safeguards the organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Protections for malware, phishing, spoofing, and other attack types.
With Multi-factor authentication (MFA), users are now required to verify their identity with a phone call or authenticator app. Conditional access policies define certain requirements that must be met in order for users to access apps and data in Microsoft 365. MFA and conditional access policies work together to protect the organization. For example, if someone attempts to sign in from a mobile device using an account that is not enabled for MFA, and a conditional access policy requires MFA to be in effect, that user will be prevented from signing in.
Azure ATP enables now the IT admins to detect advanced attacks in their environments to:
• Monitor users, entity behavior, and activities with learning-based analytics.
• Protect user identities and credentials stored in Active Directory.
• Identify and investigate suspicious user activities and advanced attacks throughout the kill chain.
• Provide clear incident information on a simple timeline for fast triage.
Office 365 Advanced Threat Protection (Office 365 ATP) acts as a shield against malicious threats in email messages (attachments and URLs), Office documents, and collaboration tools. Policies were configuring for the following capabilities: Safe Attachments, Safe Links, Safe Documents, ATP For SharePoint, OneDrive and Microsoft Teams, ATP anti-phishing protection.
Since the migration, the management team has already seen an uptick in productivity and communication. The Office 365 environment has also removed administrative tasks from the IT team, freeing them to focus on projects that drive growth.
Having remote connectivity to critical business applications has also been a game-changer for employees. Prior to adopting Office 365, standard OWA was the only way employees could access email remotely from non-domain joined equipment. Now, the organization can provide that extra level of remote activity by enabling users to install the Office suite on multiple devices and desktops, while ensuring security and enforcing company policies on the devices.
Microsoft Teams, SharePoint and OneDrive boosted the communication, collaboration and productivity for all organization members, as now all users are chatting in public or private channels across the environment, while sharing files, documents and information effectively.
Power Automate was the extra cherry on- the top, providing for the organization something that before was considered as impossible. The automation of various business processes and tasks provided them the necessary time to focus on other projects, instead of executing manual repetitive tasks daily.