Managed Security based on Microsoft Security Stack

  • [Industry] High-Tech
  • [Employees] 9,300
  • [Duration] 4 months


  • Managed Security according to the concept of a Security Operations Center (SOC)
  • Consolidation of security & compliance solutions
  • Prevention of shadow IT
  • IT security strategy also for collaboration with external parties (partners and customers)
  • Corporate-wide security concept for access to company data / protection of sensitive data
  • Securing access to company data also from unmanaged / privat devices
  • TCO & ROI analysis
  • License cost optimization and consolidation in an enterprise agreement with Microsoft


Founded in the 1960s, "quality" has been a company principle from day one. As before, 75% of the products are developed and manufactured in Germany. However, in the high-tech electronics industry it is also important to have short distances to the customer. This is especially true for the department Service & Support. That is why the company, with its approximately 9,300 employees, is now represented in over 93 countries around the world.


“It is not only important to identify and limit risks for us in economic terms. This also applies to our IT systems”, explains the customer's management to us.


“Today and in the future, it is no longer just a matter of detecting and removing a virus or malware on a laptop. Increasingly complex and sophisticated malware and attacks must be detected and prevented in a holistic approach.” - This is how the CISO frames the key challenges for the new IT security solution.


This design principle was then also the benchmark for the new IT security strategy based on the Microsoft Security Stack. Among other things, a group-wide hub for all IT security aspects was introduced based on Microsoft Cloud App Security and the Microsoft 365 Security Center.

The backend for this is the Microsoft Securit Graph. The data and signals from the graph can be used to implement proactive triggers that prevent incidents before they even occur.

Example: If a user installs a "potentially unwanted application" (PUA)* on his laptop, he automatically receives a notice to use only programs from the company's software portal or to request new software via the help desk. This solution is implemented based on the combination of Defender for Endpoint "Unwanted Software Alerts" and Azure Logic apps.

* The potentially unwanted application (PUA) protection feature in Microsoft Defender for Endpoint can identify and block PUAs. This prevents unwanted applications from being downloaded and installed. These applications are not considered viruses, malware, or other types of threats, but may perform actions on endpoints that affect their performance or use.



Together with the customer, we worked out the strategy for a new and innovative IT security setup based on Microsoft solutions. In addition to the technical aspects such as the consolidation and restructuring of the grown IT system landscape, one of the main goals was to disrupt the daily work processes to a minimum. Shadow IT and increasingly complex attack scenarios were also a topic on our list.


Customer: “How can a migration take place without disrupting ongoing daily business?”


"We also can't control which devices and apps partners and customers use", was one of the concerns we worked out in the design sprint related to IT security.



  • Integration of the customer's already established Zscaler solution with Microsoft cloud app security.
  • Semi-automated actions based on alerts in Microsoft Defender for Endpoint
  • Processes and workflows for the new IT security operation
  • Sanctioning of unwanted apps in Microsoft Cloud App Security and synchronization of these settings with Microsoft Defender for Endpoint
  • Replacing the current antivirus solution with Microsoft-Defender-for-Endpoint
  • Device Management including migration of AD-GPO's to Microsoft-Endpoint-Manager (Intune)
  • Migration from Microsoft-Advanced-Threat-Analytics (on-prem focus) to Microsoft-Defender-for-Identity
  • Prepare KQL queries for recurring scenarios

Linking the IT security solutions to the ticket system is one of the next steps in the project. This way, tickets will be created automatically when a threat is detected.




The IT security setup is no longer dependent on whether access is via the company firewall or a company laptop is used. The company now has control of the requirements for the modern working world and especially the challenges with HOME Office and mobile working. Solutions from various vendors have been consolidated into a holistic approach.

  • Alerts from Microsoft 365 Defender, Defender-for-Endpoint, Defender-for-Identity and Cloud App Security lead directly to action
  • End users are notified when there has been an incident on their device and are offered solutions and assistance directly and automatically
  • The SOC can work in detail and proactively and, if necessary, use the "Hunting" function to analyze in detail what has happened, how malware has spread in the company and what actions are needed to eliminate them