Contact
All case studies

Microsoft 365 Security: Tenant hardening – How jovoco increases the Secure Score

With targeted GAP analysis, best-practice configuration and Microsoft 365 security tools, a medium-sized IT company has hardened its IT security in compliance with KRITIS - quickly, efficiently and audit-proof.

Customer

  • Industry: IT
  • Company size: approx. 30 employees
  • Project location: Bavaria

Customer benefits

  • Greater security acceptance in the company
  • Transparent and prioritized security strategy
  • M365 Secure Score increased to 82
  • Future-proof basis for KRITIS requirements

Technology stack

  • Microsoft 365 Secure Score
  • Azure AD & Azure Sentinel
  • Microsoft Defender & Endpoint
  • Intune
  • Microsoft Purview (DLP, Sensitivity Labels)
micrometal RGB 300x114 1
"With jovoco's structured GAP analysis, we catapulted our Secure Score from 46% to 82% in record time. More importantly, we now feel really secure and audit-ready."
Profil
Senior Sales Manager
  • Challenges

Challenges of the customer

Despite a high awareness of cybersecurity risks, the company’s Microsoft 365 environment had a comparatively low Secure Score of just 46%. The main reason for this was a heterogeneous tenant configuration, which had arisen due to rapid company growth and several M&A activities. As a result, there was a lack of a consistent security architecture, which favored potential vulnerabilities in identity and device management.

In addition, the company was increasingly confronted with KRITIS requirements from new major customers – combined with the expectation of operating a demonstrably hardened Microsoft 365 tenant. The goal was clear: a significantly higher security standard, measured among other things by a secure score of at least 80%, combined with a sustainable and auditable solution.

  • Procedure

Our approach

In order to raise the IT company’s Microsoft 365 tenant to a secure and audit-proof level, we carried out a comprehensive security assessment including a GAP analysis. The aim was to uncover critical vulnerabilities, develop a structured action plan and carry out a step-by-step hardening of the tenant. The focus was on the Secure Score as an objective measure – combined with the actual security situation in day-to-day operations.

Initial safety assessment

To begin with, the current Microsoft Secure Score was recorded and compared with the recommended target values (70% standard / 80% KRITIS). At the same time, we recorded all activated and missing security functions as well as critical vulnerabilities in the tenant.
1

Carrying out the GAP analysis

The analysis was structured along central security areas - including identity management, data and device protection and threat detection. This allowed risks to be specifically localized and technically located.
2

Development of measures & prioritization

We drew up a prioritized action plan based on risk and effort. This included quick wins as well as medium and long-term security steps with clear configuration specifications.
3

Implementation & tenant hardening

The measures were implemented in a coordinated manner: including the introduction of MFA and PIM, setting up DLP policies, configuring Defender for O365 and rolling out device security policies with Intune.
4

Final review & handover

Once all prioritized measures had been implemented, a re-scoring and a final report were carried out. CYSA received a detailed roadmap for further optimization and training materials for internal empowerment.
5
  • Results

Results for the customer

Microsoft 365 Secure Score achieved
0 %
Critical security gaps closed

Further results:

  • Critical vulnerabilities completely fixed
  • Automated alerting introduced with Microsoft Sentinel
  • Securing data, end devices and identities according to best practices

Do you have a specific project in mind?

  • Our assessment of your challenge
  • First concrete solutions and quick wins
  • Budget & time frame orientation
Arrange an initial consultation now

Your decision would be the same as that of renowned companies:

Kundenlogos - 17
Kundenlogos - 1
Kundenlogos - 3
Kundenlogos - 7
Kundenlogos - 5
Kundenlogos - 9
Kundenlogos - 13
Kundenlogos - 15
Kundenlogos - 11
Kundenlogos - 21
Kundenlogos - 19
Kundenlogos - 25
Kundenlogos - 23
Geschaftsfuhrer Matthias vom IT Dienstleister jovoco
Kundenlogos - 17
Kundenlogos - 1
Kundenlogos - 3
Kundenlogos - 7
Kundenlogos - 5
Kundenlogos - 9
Kundenlogos - 13
Kundenlogos - 15
Kundenlogos - 11
Kundenlogos - 21
Kundenlogos - 19
Kundenlogos - 25
Kundenlogos - 23
  • Case studies

Similar case studies

NIS2-Konformität für KRITIS-Unternehmen
  • Case studies Frankfurt, IT security

Structured ISMS for critical infrastructures: Establishing information security sustainably and in compliance with NIS2

With increasing regulatory requirements, the need for structured information security is growing. jovoco supports critical organizations in setting up an ISMS, increases the level of security and ensures NIS2 compliance in the long term.
Read case study
NIS2 konformes KRITIS-Unternehmen
  • Case studies Hamburg, IT security, M365

Operating Microsoft 365 securely and in compliance with NIS2

Unclear security statuses, a lack of governance and increasing regulatory requirements increase the risk. With a structured NIS2 implementation in Microsoft 365, jovoco creates transparency, security and sustainable compliance.
Read case study
Office Migration auf 64 Bit
  • Case studies Switzerland, M365

Office migration to 64-bit: stable applications, tested VBA compatibility and future-proofing

Smooth migration to 64-bit Office: jovoco checks VBA, add-ins & database connections and ensures the functionality of all applications.
Read case study
View all
jovoco Logo - 2
Erstgespräch vereinbaren
jovoco Logo - 2
Arrange an initial consultation