Operating Microsoft 365 securely and in compliance with NIS2

Unclear security statuses, a lack of governance and increasing regulatory requirements increase the risk. With a structured NIS2 implementation in Microsoft 365, jovoco creates transparency, security and sustainable compliance.

Customer

Customer benefits

Clear NIS2 readiness through transparent evaluation of the Microsoft 365 tenant
Real risk reduction through prioritized NIS2 measures instead of formal compliance
Time savings for IT and management thanks to clear catalog of measures and fixed sequence
Reduced liability and default risk thanks to comprehensibly implemented NIS2 requirements

Technology stack

Microsoft 365
Microsoft Entra ID
Microsoft Defender
Microsoft Secure Score
Conditional Access Policies
Microsoft Intune
Privileged Identity Management
Privileged Access Management

"Thanks to jovoco's structured approach, we were able to clearly recognize for the first time where we stand in terms of security and which measures are really relevant. The implementation was comprehensible and practical and our Microsoft tenant is now NIS2-compliant."

CIO

Challenges of the customer

The existing IT environment had grown historically and was only partially standardized. It was used with local Active-directory structures, while cloud security functions were only used to a limited extent. Multifactor authentication was implemented inconsistently, Conditional-Access policies were completely lacking and end devices were not managed centrally. In addition, there were too many privileged user accounts without clearly defined roles or time limits.
When the NIS2 directive came into force, there was an acute need for action, as neither the current security status was transparent nor was there a clear roadmap for implementation. At the same time, it had to be ensured that security measures did not affect operations and were accepted by employees.

Our approach

The existing Microsoft 365 tenant was systematically analyzed. The aim was to objectively record the actual level of security and compliance maturity and use this to prioritize a Implementation roadmap to be derived. All measures were aligned with NIS2 requirements and implemented in a technically sound manner.

Structured as-is analysis of the tenant

A technical analysis of the Microsoft 365 tenant was carried out. The current security status was automatically assessed and documented with the help of Microsoft Defender Portal and Secure Score. In addition, manual checks were carried out on identities, role models and device structures.

Development of a NIS2 catalog of measures

An individual catalog of measures was created based on the analysis. This assigned all identified gaps to the relevant NIS2 requirements and prioritized them according to risk, dependencies and technical feasibility.

Introduction of conditional access & zero trust principles

Conditional access policies were introduced to control access based on context. Location, device status and user behavior were incorporated into the authentication logic. As a result, a zero-trust approach was technically implemented.

Device compliance with Microsoft Intune

End devices were managed centrally via Microsoft Intune. Security policies, compliance rules and device statuses were defined and integrated into access control. Non-compliant devices were denied access to company resources.

Authorization management & final documentation

Privileged access management was used to assign administrative rights in a time-limited and traceable manner. Finally, the entire implementation was documented and made available to the customer for internal and external verification.

Results for the customer

Reduction of privileged user accounts

> 0 %

Increase of the Microsoft Secure Score

> 0 %

Further results:

Standardized security and governance structure in the Microsoft tenant
Improved audit and verification capability for internal and external auditors
Increased acceptance of safety measures among employees
Clear technical basis for future compliance requirements

Do you have a specific project in mind?

Your decision would be the same as that of renowned companies:

Similar case studies

Case studies Switzerland, M365

Office migration to 64-bit: stable applications, tested VBA compatibility and future-proofing

Smooth migration to 64-bit Office: jovoco checks VBA, add-ins & database connections and ensures the functionality of all applications.

IT security

Successful TISAX certification in 5 months

The project focused on the implementation of TISAX-compliant security solutions to improve information security and fault diagnosis. Centralized monitoring systems and standardized processes increased efficiency, reduced dependence on individual knowledge and increased operational stability.

Case studies Switzerland, M365

Migration from Google to Microsoft 365 – how jovoco ensures a secure and smooth email transition

Standardizing IT infrastructure and reducing costs - how a medium-sized company switched from Google Workspace to Microsoft 365 with the support of jovoco GmbH and migrated emails, calendars and contacts without any downtime.