Today’s post was written by Sue Bohn, director of Program Management at Microsoft, and Peter Vallianatos, director of IT Infrastructure and Security at The Walsh Group, and Phillip Nottoli, director of Enterprise Architecture at The Walsh Group.

Hello!

This is Sue Bohn from the Customer & Partner Success team for the Identity Division. I’m delighted to announce the next post in our Voice of the Customer blog series. This series is designed to help you by sharing stories from real customers who are solving their identity and security challenges using Azure Active Directory (Azure AD). I hope you find valuable insights and best practices that you can apply to your own projects. If you haven’t already, check out the first blog from in the series, Voice of the Customer: Walmart embraces the cloud with Azure AD.

This post features The Walsh Group, a large construction company in the United States. The Walsh Group has been with us from the early days in adopting Azure AD. They’ve taken advantage of its capabilities to strengthen access controls, provide more flexibility to users, and reduce the time their help desk spends on password resets. Peter Vallianatos and Phillip Nottoli, directors of IT Infrastructure and Security, provide insights on how they implemented Azure AD to give them a competitive advantage in the general contractor marketplace.

Security is no longer just about firewalls, it’s how we control identity

The Walsh Group is one of the largest construction companies in the United States with offices and job sites across the country. Like many businesses, identity and security initiatives increased in priority for us a few years ago. We had recently invested in Office 365, which allowed us to shift much of the responsibility for the uptime of our core productivity suite to Microsoft. It saved us time, but it also meant we would have less control than we were used to. We needed to find a way to manage our identities and shore up security. As an example, we did not have a Multi-Factor Authentication (MFA) solution. On top of that, our help desk was begging us to come up with a solution to reduce the amount of time they spent helping our users reset their passwords.

As we researched solutions to fill our security holes, we had to balance the need for best-in-breed security products with the fact that we have tight budgets and a drive to make economic decisions. It was important that we found tools that would be effective, easy to deploy, and easy to integrate. Historically, well before the Azure days, we viewed Microsoft as a strategic partner. So we quickly zeroed in on the complete Microsoft 365 identity stack that includes: Azure AD, Microsoft Cloud App Security, Microsoft Advanced Threat Analytics, Privileged Identity Management, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection, Azure Identity Protection, Microsoft Intune, Single Sign-on, Self-Service Password Reset, among others.

Azure AD conditional access is central to our Zero Trust strategy

Using the Microsoft security stack has also allowed us to begin implementing a Zero Trust strategy. We believe identity is the foundation of our security posture. As a construction company, we have so many locations, creating opportunities for exploitation. We must properly verify identities before we give access. Azure AD conditional access has given us tools to better control access by defining geographical rules and hardware restrictions. As an example, we simply blocked all access from many countries across the world. We could do that because we operate mostly within North America. As Azure AD conditional access matured, we changed our strategy. To support our people that vacation overseas, we’ve been able to build sophisticated rules that consider if a device is Intune managed, hybrid joined, and where the device is located. Combining that rule set with MFA, we’ve been able to safely give our vacationers access to email and other business resources.

Paying attention to the sign-in events, we can adjust our ruleset to further restrict or allow for circumstances that we did not consider. For certain, nearly all the failed sign-in attempts are malicious. It is nice to have that visibility into and control over when and how our networks are accessed.

We bet the farm with Microsoft

We chose to be an early adopter of the Azure AD identity framework. At the time, the tools were just emerging, but we understood the vision, the direction, and Microsoft’s roadmap to get there. Microsoft helped us establish short-, middle-, and long-range plans, and we rely on their security and identity products more and more. We don’t have that level of confidence in nor the relationship with other vendors. For us, the evidence is clear, we chose the right partner. As a general contractor, this platform has allowed us to remain competitive in our marketplace. Our implementation of Azure AD gives us a competitive advantage that will continue to pay dividends as our cloud strategy grows and we make use of the Office 365 and Azure features. Currently, we have turned our energy towards Microsoft Cloud App Security and operationalizing the Windows Defender Advanced Threat Protection integration across platforms. Already, we are recognizing the value in having all three Advanced Threat Protection products integrated and will continue to fine tune how we manage it.

Voice of the Customer—looking ahead

Many thanks to Pete and Phil for sharing their journey from on-premises to Azure AD. Our customers have told us how valuable it is to learn from their peers. The Voice of the Customer blog series is designed to share our customers’ security and implementation insights more broadly. Bookmark the Microsoft Secure blog, so you don’t miss the next installment in this series, where our customer will speak to how Azure AD and implementing cloud identity and access management makes them more secure.