The Impact of M365 Optimization at a Major Health System
Challenge
CTG worked with a non-profit health system with thousands of users across multiple practices that provide primary, urgent, and specialty care. As part of their current migration to Microsoft 365 (M365), they previously leveraged a vendor that left them with several gaps and significant risks in their governance settings. As a result, the health system turned to CTG for help. CTG was tasked with assessing and providing guidance across all tools to fulfill security and compliance requirements and adhere to best practices.
CTG's Solution
CTG performed an implementation assessment and health check of the organization’s M365 environment and, based on the findings, implemented several recommendations. These updates have contributed to a higher level of security and compliance as they continue to roll out the full M365 suite of tools.
- Mail Flow Rules: Configured mail flow rules to block executable and macroenabled files, encrypt messages, prevent auto-forwarding to external domains, inspect attachments, filter bulk emails, and include disclaimers in all outgoing emails
- Access Control: Activated idle session sign-out
- Mailbox Policies: Created mobile device mailbox policies for every practice
- Syncing Settings: Allowed syncing only on computers connected to specific domains
- Blocking Settings: Blocked uploads of specific file types
- Roles and Admins: Activated global administrator role members
- Conditional Access: Created multifactor authentication for users
- Consent for Applications: Created controls over where consent can be given to apps that use OpenID Connect and OAuth2.0
- Password Management: Set specific password-related settings and features
- Email Policies and Rules: Configured alerts for threat detection
With patient privacy compliance increasingly being thrust into the spotlight, several of these risk factors are critical to the health system’s digital operations. Additionally, continuous support will be necessary as regulations change, best practices evolve, and the organization’s M365 migration begins to take shape. Ultimately, this assessment served to greatly increase confidence in implementing the rest of their M365 suite of tools across all employees and practices.
Key Results:
CTG Team
- Health Check
- Assessment Report
- Health Check Assessment Results Presentation
- Migration Strategy and Planning Presentation
- Recommended Tenant Settings
- Weekly Status Reports
M365 Tools Assessed
- OneDrive
- Teams
- SharePoint
- Exchange
- Defend