DT Swiss AG cuts admin hours 60% with Microsoft Entra Internet Access

DT Swiss AG faced mounting pressure to comply with revised Swiss data protection regulations (revDSG) and GDPR, while reducing data-residency risk, minimizing latency, and simplifying a complex multi-vendor edge stack across its global sites.

To address these challenges, the company piloted Microsoft Entra Internet Access with Remote Networks, integrating with Cisco SD-WAN to route Microsoft 365 traffic directly through Global Secure Access, with plans to extend this approach to all Internet-bound traffic for consistent policy enforcement.

The results: 50% of sites now enforce Zero Trust-aligned network access, monthly admin effort fell by about 60% (from 20 hours to 8 hours), and latency dropped to 5–25 ms for Microsoft services.

Balancing security, performance, and simplicity

DT Swiss AG manufactures high-performance cycling components with teams across Europe, North America, and Asia. As the company expanded, its security perimeter grew more complex, and leaders saw a growing risk of non-compliance with Swiss/EU data residency regulations, as sensitive traffic was being processed outside the region. With revised Swiss data protection (revDSG) and GDPR top of mind, the team prioritized an approach that would keep traffic in-region, shrink the attack surface, and reduce operational overhead.

The tipping point came when compliance concerns and mounting latency began to affect day-to-day operations. Although the gateways were located in Switzerland and the EU, they weren’t always near Microsoft infrastructure. This added an extra hop before traffic could reach Microsoft, introducing 60–90 miliseconds of latency. At the same time, managing policies across disparate systems slowed incident response and complicated troubleshooting. This combination of poor user experience, rising compliance risk, and fragmented oversight underscored the need for a Zero Trust initiative anchored in identity-centric access, visibility, and least-privilege controls. "By consolidating siloed business systems and shifting key functions to Microsoft, we’ve created a unified security and compliance framework which honors the Zero Trust approach. Combining remote network access with SD‑WAN and integrating it into Microsoft 365 has allowed us to build a modern, consolidated security architecture,” said Niklaus Bischof, Head of ICT Operations, DT Swiss AG.

“By consolidating siloed business systems and shifting key functions to Microsoft, we’ve created a unified security and compliance framework which honors the Zero Trust approach. Combining remote network access with SD‑WAN and integrating it into Microsoft 365 has allowed us to build a modern, consolidated security architecture.”

Niklaus Bischof, Head of ICT Operations, DT Swiss AG

Identity-centric network access with Entra Internet Access and Cisco SD-WAN

Working with partner Experts Inside AG, DT Swiss AG deployed Microsoft Entra Internet Access at branch offices worldwide using remote network connectivity to create a direct, policy-enforced path into the Microsoft network. By integrating Entra Internet Access with Cisco SD-WAN, Microsoft 365 traffic now flows over a Global Secure Access (GSA) tunnel, bypassing external gateways and eliminating unnecessary detours.

From the outset, the program was shaped by three goals: reduce risk, cut costs, and simplify management. These priorities guided every design choice, from identity-anchored policies to centralized logging. In Entra, the team enforced secure, identity-centric network rules so that only traffic originating from Global Secure Access egress addresses could reach protected Microsoft services—replacing static IP allowlists with dynamic Zero Trust policies.

The pilot launched at two sites in Germany before expanding to locations in France and the United States, with further rollouts planned for Poland, Taiwan, and Switzerland. By sequencing in phases and leveraging existing Microsoft 365 E5 entitlements, DT Swiss AG accelerated adoption while avoiding duplicate licensing costs.

“At Experts Inside we want to provide fair value, which means introducing products to our customers which will leverage synergies. With Microsoft’s Security Service Edge solution, we manage to do just that, through licensing, Zero Trust architecture, and remote access technologies. With Global Secure Access in Microsoft Entra, the customer will get faster deployment, better control, simplified support, and quicker incident response. Now we have an enterprise-ready solution with audit logs and full visibility into connections. These are true benefits of a modern, integrated security platform,” said Viktor Grzebyk, Modern Workplace Expert, Experts Inside AG.

Faster performance, stronger security, simpler operations

The IPsec tunnels from Cisco SD-WAN devices at branch offices now send traffic directly to GSA services, where it travels over the Microsoft backbone network to reach its destination. This eliminated unnecessary backhaul, which users noticed immediately as Microsoft 365 became faster, smoother, and more reliable. Average latency dropped from 50–80 milliseconds to 14 milliseconds in the US, 25 milliseconds in France, and 20 milliseconds in Germany, translating into more responsive applications and fewer performance complaints.

Security posture advanced in parallel. Half of DT Swiss AG locations now enforce Zero Trust-aligned access with Entra Internet Access policies—representing the company’s first adoption of identity-centric network controls. Today, three of six sites are enrolled, with devices centrally protected and traffic governed by compliant rules.

Operations also became more efficient. Previously, administrators spent nearly 20 hours per month configuring policies across different systems and coordinating client installations on every device. With Microsoft Entra Internet Access, enrolled sites are managed entirely through a single portal in Entra Admin Center, with no client software required. This streamlined model cut monthly effort to about 8 hours—a 60% efficiency gain—while freeing IT teams to focus on higher-value initiatives.

Centralized logging further closed the loop. “Our SOC teams can now fully leverage Global Secure Access in Microsoft Entra to gain full overview of logs and activities—all within a streamlined, enterprise-grade environment. This not only drives efficiency but also enables enterprise-grade compliance and reduced reaction times—a true benefit for DT Swiss AG,” said Niklaus Bischof.

The business case is clear: by consolidating the security stack under existing Microsoft 365 E5 entitlements, DT Swiss AG has reduced third-party licensing costs, improved user experience, and strengthened compliance through in-region processing for Microsoft services all while streamlining operations.

“Our SOC teams can now fully leverage Global Secure Access in Microsoft Entra to gain full overview of logs and activities—all within a streamlined, enterprise-grade environment. This not only drives efficiency but also enables enterprise-grade compliance and reduced reaction times—a true benefit for DT Swiss AG.”

Niklaus Bischof, Head of ICT Operations, DT Swiss AG

Scaling Zero Trust globally

DT Swiss AG is extending coverage across remaining regions, with US sites prioritized. The team also plans to route all internet-bound traffic through Entra Internet Access for consistent policy enforcement and add TLS inspection to further expand visibility and control. In addition, DT Swiss AG is planning to extend Entra Private Access to remote workers, ensuring secure connectivity and uniform policy enforcement beyond office sites.

With Microsoft Entra Internet Access, DT Swiss AG has demonstrated that security, performance, and compliance can advance together creating a unified framework that protects today’s distributed workforce while positioning the company for confident global expansion.