Contact
All case studies

Microsoft 365 Security: Tenant hardening – How jovoco increases the Secure Score

With targeted GAP analysis, best-practice configuration and Microsoft 365 security tools, a medium-sized IT company has hardened its IT security in compliance with KRITIS - quickly, efficiently and audit-proof.

Customer

  • Industry: IT
  • Company size: approx. 30 employees
  • Project location: Bavaria

Customer benefits

  • Greater security acceptance in the company
  • Transparent and prioritized security strategy
  • M365 Secure Score increased to 82
  • Future-proof basis for KRITIS requirements

Technology stack

  • Microsoft 365 Secure Score
  • Azure AD & Azure Sentinel
  • Microsoft Defender & Endpoint
  • Intune
  • Microsoft Purview (DLP, Sensitivity Labels)
micrometal RGB 300x114 1
"With jovoco's structured GAP analysis, we catapulted our Secure Score from 46% to 82% in record time. More importantly, we now feel really secure and audit-ready."
Profil
Senior Sales Manager
  • Challenges

Challenges of the customer

Despite a high awareness of cybersecurity risks, the company’s Microsoft 365 environment had a comparatively low Secure Score of just 46%. The main reason for this was a heterogeneous tenant configuration, which had arisen due to rapid company growth and several M&A activities. As a result, there was a lack of a consistent security architecture, which favored potential vulnerabilities in identity and device management.

In addition, the company was increasingly confronted with KRITIS requirements from new major customers – combined with the expectation of operating a demonstrably hardened Microsoft 365 tenant. The goal was clear: a significantly higher security standard, measured among other things by a secure score of at least 80%, combined with a sustainable and auditable solution.

  • Procedure

Our approach

In order to raise the IT company’s Microsoft 365 tenant to a secure and audit-proof level, we carried out a comprehensive security assessment including a GAP analysis. The aim was to uncover critical vulnerabilities, develop a structured action plan and carry out a step-by-step hardening of the tenant. The focus was on the Secure Score as an objective measure – combined with the actual security situation in day-to-day operations.

Initial safety assessment

To begin with, the current Microsoft Secure Score was recorded and compared with the recommended target values (70% standard / 80% KRITIS). At the same time, we recorded all activated and missing security functions as well as critical vulnerabilities in the tenant.
1

Carrying out the GAP analysis

The analysis was structured along central security areas - including identity management, data and device protection and threat detection. This allowed risks to be specifically localized and technically located.
2

Development of measures & prioritization

We drew up a prioritized action plan based on risk and effort. This included quick wins as well as medium and long-term security steps with clear configuration specifications.
3

4. implementation & tenant hardening

The measures were implemented in a coordinated manner: including the introduction of MFA and PIM, setting up DLP policies, configuring Defender for O365 and rolling out device security policies with Intune.
4

Final review & handover

Once all prioritized measures had been implemented, a re-scoring and a final report were carried out. CYSA received a detailed roadmap for further optimization and training materials for internal empowerment.
5
  • Results

Results for the customer

Microsoft 365 Secure Score achieved
0 %
Critical security gaps closed

Further results:

  • Critical vulnerabilities completely fixed
  • Automated alerting introduced with Microsoft Sentinel
  • Securing data, end devices and identities according to best practices

Do you have a specific project in mind?

  • Our assessment of your challenge
  • First concrete solutions and quick wins
  • Budget & time frame orientation
Arrange an initial consultation now

Your decision would be the same as that of renowned companies:

Kundenlogos - 17
Kundenlogos - 1
Kundenlogos - 3
Kundenlogos - 7
Kundenlogos - 5
Kundenlogos - 9
Kundenlogos - 13
Kundenlogos - 15
Kundenlogos - 11
Kundenlogos - 21
Kundenlogos - 19
Kundenlogos - 25
Kundenlogos - 23
Geschaftsfuhrer Matthias vom IT Dienstleister jovoco
Kundenlogos - 17
Kundenlogos - 1
Kundenlogos - 3
Kundenlogos - 7
Kundenlogos - 5
Kundenlogos - 9
Kundenlogos - 13
Kundenlogos - 15
Kundenlogos - 11
Kundenlogos - 21
Kundenlogos - 19
Kundenlogos - 25
Kundenlogos - 23
  • Case studies

Similar case studies

  • Case studies Switzerland, M365

Migration from Google to Microsoft 365 – how jovoco ensures a secure and smooth email transition

Standardizing IT infrastructure and reducing costs - how a medium-sized company switched from Google Workspace to Microsoft 365 with the support of jovoco GmbH and migrated emails, calendars and contacts without any downtime.
Read case study
  • Case studies Munich, Data analytics

Proactive system monitoring with Azure & Co: avoid outages, increase security, reduce costs

Unnoticed failures and certificate errors lead to costs and risks. With a monitoring solution provided in Azure, jovoco enables early detection, automatic notification and continuous system availability.
Read case study
  • Case studies Cologne, IT security, M365

Future-proof email communication: migration from Exchange 2016 to Microsoft 365

End of support for Exchange 2016 - jovoco set the course early and successfully migrated to Microsoft 365
Read case study
View all
jovoco Logo - 2
Erstgespräch vereinbaren
jovoco Logo - 2
Arrange an initial consultation