When a multi-billion-dollar, privately-owned healthcare and insurance company was looking to modernize their Microsoft Active Directory (AD) environment and shift more services to Azure Active Directory (AAD), they called on Collective Insights to assess their existing directory services and create a plan to provide single sign-on for all applications utilizing features already licensed from Microsoft. Our team performed an extensive baseline assessment, designed a hyper-secure and performant hybrid architecture, and began implementing the new design to realize significant security posture gain, performance improvement, and cost savings from a reduced infrastructure footprint.
Modernizing Microsoft Active Directory is not just a matter of improving performance and efficiency. As the central hub for management and authentication between a company’s users and its’ resources, AD has become a prime attack vector in recent years as ransomware attacks surged. The 2023 Verizon Data Breach Investigations Report indicated that 40% of all breaches involved credential theft, up from 33% in 2021. In the client’s case, an aging and excessively complex environment was jeopardizing the overall business. By implementing standards and utilizing security best practices, we would be able to reduce vulnerabilities and significantly enhance the organization’s efficiency.
Cloud migration and infrastructure updates are both complex undertakings that first require extensive planning to ensure successful implementation and adoption. Our project would touch every department in the business, including 44,000 users, 50,000 groups, and 56,000 client devices. We needed to make sure we maintained active collaboration with infrastructure partners, application owners, and end-users as we developed, validated, and executed solutions over time. Additionally, we needed to plan around the company’s change freeze period during which time we could not push updates to production.
“The client had gone through significant growth in the last two decades and understood the need to assess and modernize their overall Directory Services in the greater context of their Identity and Access Management capabilities. We identified a tremendous opportunity for operational efficiency, automation, risk reduction and cost control across a sprawling infrastructure footprint. Our team assessed the situation, put together a strategy and executed it to help them realize those benefits”
– Seth Ryan, Partner, Collective Insights
Solutions & Approach
We took a three-phased approach to modernizing the client’s Active Directory. First, we completed a discovery and threat protection assessment to get a clear sense of the current environment’s strengths and weaknesses. During that assessment, we identified a significant sprawl of AD infrastructure that was difficult for teams to manage, causing operational headaches. Modernizing this infrastructure offered a significant opportunity for security posture gain. The second phase included in-depth architecture and design activities. We also began building a change management and communications plan to ensure a successful transition to the newly created environment. The modern architecture we created was driven by three key areas of improvement:
1. Operational risks in the legacy environment
2. Cybersecurity challenges related to technical debt accumulated over the years
3. Outdated infrastructure, including a significant number of dormant services
The new, modern environment would eliminate technical debt and safeguard against new and existing risks according to the newest security benchmarks, guides and frameworks such as CIS, STIG and NIST while reducing the infrastructure in half.
We migrated a large portion of the organization’s existing authentication to Azure Active Directory, an enterprise identity service offering single sign on (SSO), multi-factor authentication (MFA) and conditional access for varying authentication scenarios. For legacy applications that could not be moved, we focused on updating the company’s on-premises Active Directory to remove unneeded and unsecure services and components.
By modernizing Active Directory and migrating services to the cloud, we helped the client achieve a significant security posture gain, higher operational efficiency and better user experience. Working with almost 20 teams within the client’s technology and security departments, we designed and developed a new environment that is secure, reliable and performs at a high level. By design, it will also be simpler for the client’s operations staff to maintain which will lower cost. Overall, the new hybrid directory services environment is positioned to deliver cost containment, operational simplicity, and a reduction of threat surface for the client. Due to the project team’s extensive communications planning and coordination across corporate communications, information security and senior leadership, the organization will be able to transition more seamlessly to the new services.
Throughout the modernization effort, we were able to vastly reduce outdated and/or unused components of the client’s AD in the 2.0 version. In collaboration with the client, we reduced the infrastructure by 50% and rationalized their application inventory from 2,000 to under 600.
In all of our client engagements, we place equal emphasis on both strategy and execution while tailoring our solutions and best practices to the unique needs of each project. As a result, the client is now on a path to modern technology that realizes performance, cost and security benefits across a complex and ever-evolving threat landscape.
Collective Insights is a Microsoft Certified Solutions Partner with extensive capabilities in Security, Modern Work, Infrastructure, Digital & App Innovation and Data & AI, including specializations in Identity and Access Management and Threat Protection.
We build the business case, create the plan and then drive our clients’ modernization of legacy, on-premises, and siloed technology.
We implement Microsoft solutions like Defender, Entra, and Purview to secure Microsoft 365 and Azure to keep our customers safe while increasing productivity in the modern work environment.
Learn more about how Collective Insights helped a Fortune 500 global apparel and footwear company increase data protection measures and Microsoft E5 utilization HERE.