Project Delivery Services
Start Date: January 2023
End Date: December 2024
Summary
One of our senior team members led a large security programme to implement M365 for a major global retail organisation. Our role was to ensure that the delivery of these important security enhancements were delivered on time and in budget.
The project lasted nearly two years and involved the management of a large third-party vendor.
What did we do?
Our role was to manage the whole programme of work during the full-life cycle of delivery. Our team member acted as the head of the programme and was reported to the senior security leadership of this very large organisation.
What was delivered?
The programme consisted of four projects:
Project 1 – Microsoft Defender for Identity (MDFI)
This project focused on the deployment of this security tool to protect the organisations on premise domain controllers. The MDFI solution was deployed globally, involving hundreds of domain controllers. The work was complex due to the diverse nature of their IT estate. Overall, this project took over a year to complete.
Project 2 – Microsoft Defender for Office (MDFO)
Another of the E5 license features was deployed to all of the information workers community, which totalled over 50,000 users. This was less tricky from the technical perspective but there were significant challenges with ensuring that the technology was properly embedded and supported in all countries.
Project 3 – EntraID
This project was deploy EntraID (Microsoft protection for identities in the cloud) and was complex as it involved multiple Identity and Access Teams across multiple countries. However, despite the project taking over a year to complete, it was a resounding success, significantly improving the organisations security posture.
Project 4 – Data Loss Prevention
As a Microsoft Purview deployment, this was technically straightforward. However, there were other difficult and time consuming elements to the project. These complications resulted from the differences in requirements across the multiple regions and countries involved. Data governance was a major issue and our resource had to manage a very complex set of stakeholders.
Lessons Learned
There were many but some of the highlights are below:
- License deployment and management on a global scale is extremely difficult.
- Governance and risk management is not as a high priority as it should be.
- Managing large third-party vendors is always challenging, but the time and effort invested in refining the Statement of Work (SoW) proved to be worthwhile.
- Service transition for a global company should have been smoother, but it was complicated by the lack of skills and misaligned tools and processes across regions.