Client: SME, IT service provider:
- Setup and configuration of an M365 tenant on a hybrid basis, SSO integration for existing app infrastructure like Mattermost, Huhu, etc.
- License consulting, Entra ID basic configuration, MFA, Conditional Access, Privileged Identity Management.
- Intune: basic configuration, Windows 11 Autopilot, iPhone AES.
Client: regional, mid-sized manufacturing company:
- Took over the tenant and prepared a security audit, rolled out iPhones with AES (formerly DEP) on COPE (Corporate Owned, Personally Enabled).
- Connected external customers with enhanced security via Conditional Access.
- Consulting on “cloud-first” strategy and migration to “cloud-only” business.
- Connected various apps via SSO/SCIM (e.g., Atlassian, Personio, Adobe).
- On-premises AD: security audit and project management: decommissioning local AD (migration: file servers, Navision 2016, user clients to Entra ID joined).
- Copilot rollout with connections to external data sources (Atlassian) and Intune configuration.
Client: international, mid-sized automotive supplier:
- Support in preparation for TISAX and ISO27001 certifications.
- Entra ID: security audit, switched per-user MFA to Conditional Access, upgraded MFA to “phishing resistant.”
- Intune: setup and management of Intune – integrating Windows and Apple clients, switched web enrollment to AES (formerly DEP), introduced Autopilot, took over app management, integrated Microsoft Defender on company clients, built a baseline for Windows (COBO) and iOS/Android (BYOD) devices.
- Teams/SPO: expanded and enhanced access model and integrated SPO sites into Teams.
- Maintenance and backup of Entra ID and Intune tenants (drift management).
- M365 backup with Veeam.
Client: international, mid-sized manufacturing company:
- Extended existing Conditional Access policies, designed and implemented PIM including hardware tokens for admins (YubiKey), on-premises admin tier concept.
- NCD project: revised existing GPOs for structure, security, and compliance.
- Project management: security audit and hardening of on-premises AD and cloud tenant, SAML VPN, PIM introduction.
- Supported HR by implementing a booking portal and supported the System Engineering department in general administration, security, compliance, and innovation (Copilot).
Client: SME, staffing services:
- Security audit and hardening of cloud tenant, introduced Conditional Access and passwordless MFA for all users, supported BSI security audit according to DIN SPEC 2707.
- Introduced platform SSO and Defender for macOS and iOS devices, expanded and monitored macOS devices with Intune, ensured compliance requirements.
- Introduced and configured Code2 signatures. M365 backup with Veeam.
Client: SME, development, medical:
- Introduced and set up compliance and security policies for Windows 11 devices including Autopilot and WUfB.
- Security audit and hardening of cloud tenant, introduced Conditional Access and passwordless MFA for all users.
- Expanded and monitored macOS devices with Intune, ensured compliance requirements.