Microland’s Email Group Governance Platform Enhanced Security and Efficiency for one of the Big Four Accounting Firms

Overview

The client, one of the largest professional services networks globally, with over 400,000 employees across 700 offices in more than 150 countries, faced challenges in managing an excessive number of group IDs. Microland custom-built an Email Group Governance Data Platform to enhance security, governance, and operational efficiency

Challenges

The client faced significant challenges in managing and securing its email group IDs in its Active Directory (AD). With over 400,000+ employees worldwide, the company struggled with the growing number of group IDs used for internal communication and company-wide announcements. The lack of an effective governance tool resulted in excessive inactive, obsolete, and unwanted group IDs, posing security risks and administrative inefficiencies.

1. Audit Active Directory Groups: The client needed a comprehensive solution to audit their AD groups, including distribution groups, mail-enabled security groups, and shared mailbox IDs. The absence of an auditing tool led to an excessive number of 0.5 million inactive AD groups, with the total count of group IDs exceeding 1.5 million. These inactive groups, lying unused for several years, cluttered the system and posed potential security risks.
2. Over-Privileged Users: Due to the highly confidential nature of the information the client handles, including sensitive customer and financial data, it was imperative to limit access to corporate resources to authorized users only. The client required a solution to ensure that regular users did not have over-privileged access, adhering to stringent regulatory requirements and minimizing the risk of data breaches.
3. Data Accuracy: The presence of outdated and inaccurate group IDs and member information in the directory exposed the client to data theft and risks of access abuse. Ensuring the accuracy and up-to-date status of group and member data, along with the permissions granted, was critical for maintaining security and operational efficiency.

Microland’s Solution

Microland custom-built a robust Email Group Governance Data Platform using Microsoft Graph API to address these critical challenges. The solution included a data gathering component, which collected and integrated information from Active Directory (AD) and exchange logs to support the Power BI dashboards. These comprehensive and dynamic dashboards delivered detailed data and visualizations of various group ID dimensions, facilitating operational decision-making and enhanced governance. Key features of the solution included:

1. Comprehensive Auditing and Cleanup: The Power BI dashboards offered a detailed view of each group ID, including attributes such as distinguished name, group type, status (active/inactive), inactive age, age since creation, creation date, updated date, and last used date. This information enabled the client to identify and remove inactive and obsolete groups efficiently, reducing the overall group ID count and enhancing security.
2. Guardrails for Access Control: The governance dashboard automatically highlighted inactive group members and instances of over-privileged access. By identifying and flagging these issues, the client was able to implement stricter access controls, ensuring that only authorized personnel had access to sensitive corporate resources.
3. Data Accuracy and Anomaly Detection: The anomaly detection capability of the dashboard helped the client maintain accurate and up-to-date group and member information. Any discrepancies or gaps in the data were promptly highlighted, allowing the governance body to take corrective actions and ensure data integrity.

Business Outcomes:

• Enhanced Security: By removing 30% of inactive and obsolete AD groups and revoking associated permissions, the client significantly improved its security posture. The risk of unauthorized access to sensitive corporate data was minimized, safeguarding the company's confidential information.
• Operational Efficiency: The comprehensive auditing and cleanup process streamlined the management of AD groups, reducing the administrative burden on IT staff and saving approximately 21,000 man-hours per year. With a clear view of group ID status and attributes, the client could better manage the lifecycle of group IDs, ensuring a more organized and efficient directory.
• Improved Compliance: The solution helped the client comply with regulatory requirements by ensuring that access controls were in place and up-to-date. The ability to identify and address over-privileged access and data inaccuracies contributed to a stronger governance framework, aligning with client’s commitment to maintaining high standards of data security and regulatory compliance.