BST Group - Microsoft Zero Trust
BST Group - Microsoft Zero Trust Implementation
Section titled “BST Group - Microsoft Zero Trust Implementation”Customer Overview
Section titled “Customer Overview”| Attribute | Details |
|---|---|
| Customer | BST Group |
| Industry | Construction |
| Organization Size | Medium (350 employees) |
| Country | Israel |
| Key Products | Microsoft Intune, Microsoft Entra ID, Microsoft Defender for Endpoint, Microsoft Defender for Office, Scappman, AdminByRequest |
Project Background
Section titled “Project Background”BST, a mid-sized construction company, partnered with OnCloud to modernize its IT infrastructure and transition from a hybrid environment to a cloud-only setup. Leveraging Microsoft 365 and complementary tools, the project aimed to enhance security, streamline operations, and improve scalability to meet industry demands.
Challenges
Section titled “Challenges”BST faced several critical challenges with its existing hybrid IT setup:
| Challenge | Impact | Business Risk |
|---|---|---|
| Complex Device Management | Managing devices through both SCCM and Microsoft Intune | Increased administrative overhead and inefficiencies |
| Outdated Security Policies | Redundant and unnecessary Group Policy Objects (GPOs) | Compromised security and compliance posture |
| Inefficient Authentication | Traditional password-based authentication methods | Security vulnerabilities and poor user experience |
| On-Premises Dependencies | Reliance on domain controllers | Limited scalability and operational flexibility |
Solution Implementation
Section titled “Solution Implementation”To address these challenges, Matach implemented a comprehensive Zero Trust security plan leveraging Microsoft 365 services:
Unified Device Management
Section titled “Unified Device Management”- Transitioned to exclusive use of Microsoft Intune for device management
- Eliminated SCCM dependencies to streamline operations
Security Enhancements
Section titled “Security Enhancements”- Cleaned up unnecessary GPOs to reduce security vulnerabilities
- Established security baselines for Windows, Microsoft Defender for Endpoint, and Edge
- Deployed BitLocker policies for comprehensive disk encryption
Compliance and Access Control
Section titled “Compliance and Access Control”- Implemented compliance policies for all managed devices
- Set up Conditional Access policies including:
- Multi-Factor Authentication (MFA)
- Device compliance requirements
- Session controls and risk assessments
- Security information registration
- Deployed Scappman for automated application updates
User Authentication Modernization
Section titled “User Authentication Modernization”- Enabled Self-Service Password Reset (SSPR) with password writeback
- Introduced Windows Hello for Business with Kerberos trust for hybrid environments
- Reduced global administrators to approximately five with break-glass accounts and automation
- Implemented phishing-resistant MFA for administrators and passwordless authentication for new users
Infrastructure Modernization
Section titled “Infrastructure Modernization”- Decommissioned on-premises domain controllers
- Transitioned to cloud-only structure for enhanced scalability
Business Outcomes
Section titled “Business Outcomes”| Benefit | Description | Business Value |
|---|---|---|
| Enhanced Security | Modern authentication methods and streamlined policies | Reduced security risks and improved compliance |
| Operational Efficiency | Simplified device management and reduced overhead | Lower IT costs and improved productivity |
| Improved User Experience | Seamless and secure access for all users | Enhanced productivity and user satisfaction |
| Scalability and Flexibility | Cloud-only infrastructure aligned with growth | Future-ready IT environment for innovation |
Conclusion
Section titled “Conclusion”Key Takeaway: BST’s successful transition to a cloud-only environment with Microsoft 365 demonstrates the transformative impact of adopting modern cloud technologies and Zero Trust security principles. This strategic move not only addressed existing challenges but also positioned the organization for future growth and innovation in the construction industry.