Ensuring Device & Data Security for a Global Business

Situation

A medium-sized organisation faced serious data security and operational challenges. Employees routinely accessed corporate information from personal or unmanaged devices, without any visibility into what data was being viewed, copied, or shared. There were no controls in place to revoke access or remotely wipe sensitive content once staff left the business, exposing the organisation to ongoing risks of data leakage, intellectual property loss, and unauthorised access. Performance limitations in the existing VPN infrastructure led users to bypass secure channels, storing files across a mix of personal devices, unsanctioned cloud platforms, and local file servers. This fragmented approach resulted in widespread data sprawl and a complete lack of centralised oversight. Compounding the issue, corporate devices were not enrolled in any management solution, and no standard operating environment had been established, leaving the organisation with inconsistent security posture and an inability to enforce baseline protection standards.

Task

We had to implement a secure Microsoft 365 framework that ensured corporate data could only be accessed on compliant, protected devices. The business needed full control over data access, the ability to revoke access instantly, enforce device hygiene, and establish audit-level visibility of system and file activity. A more efficient file storage and sharing solution needed to be established.

Action

• A mobile device management (MDM) strategy was developed and deployed using Microsoft Intune. Conditional Access policies were configured to ensure that only compliant devices could access corporate systems.

• Device compliance policies were enforced to mandate antivirus protection, encryption, and up-to-date operating systems. Non-compliant devices were automatically blocked from accessing sensitive data.

• Access to corporate files and applications was restricted to managed, containerised environments, reducing the risk of data leakage or unauthorised downloads to personal storage.

• An advanced logging and monitoring infrastructure was implemented across endpoints and servers to capture user activity, failed sign-in attempts, anomalous behaviour, and potential security threats.

• VPN infrastructure was rolled out across all office locations, enabling secure remote access while eliminating the need for duplicated file storage or ad hoc data transfers.

• A corporate intranet was established and central SharePoint File Server for corporate files and users were enabled on OneDrive for external file sharing.

• Microsoft Teams was rolled out in functional teams to enable collaboration on day to day operation and project activity.

Result

• Microsoft 365 access restricted to compliant corporate devices

• Remote wipe capabilities enabled for unmanaged endpoints

• Brute force attack detected and blocked through enhanced logging

• Secure access model improved user efficiency and workflow

• Organisation-wide policy enforcement standardised security posture

The solution delivered measurable improvements across security, usability, and operational control. Access to Microsoft 365 and critical business systems was fully restricted to verified, compliant corporate devices, dramatically reducing exposure to data leakage and unauthorised access. Sensitive corporate data could now be remotely wiped from personal devices in real time, ensuring immediate response to offboarding events or policy breaches. Proactive monitoring infrastructure enabled the early detection and prevention of a brute force attack, strengthening the organisation’s overall security posture. End-user experience was also enhanced—secure, managed applications provided faster, frictionless data access, eliminating the reliance on personal storage or file transfers. Finally, standardised policies and automated enforcement created consistent security practices across the entire workforce, improving both governance and operational stability.

How can Cornerstone revolutionise the way you work?