About company

Commercial and industrial holding companies (mining), more than 30,000 employees, EMEA.

Situation

The holding consists of many production assets located in different countries. Historically, each asset has its own mail system, administered by local IT staff. All local mail systems are integrated into the holding’s email service.

A lot of local mail systems, a variety of versions and vendors, various support groups on assets – all of this complicates the administration of the email service, making changes to the service a lengthy and poorly controlled process.

There is no single address book for users of the service, naming standards and terms of service are different on different assets. There is no single plan for backing up service data.

Management of service security parameters is decentralized and performed in a limited volume, leaving a significant area for attack by attackers.

All this increases the risks of information security incidents, and also does not meet the requirements for building a dynamic business model of production that needs fast and efficient communications.

Solution

The target model was a centralized mail system that unites all users of the holding. The centralized mail system platform was the Exchange Online cloud service, which provided the following key features:

  1. Scalability;
  2. Integration with Microsoft Office services;
  3. Conditional access mechanisms;
  4. Advanced functionality of Anti-Spam and Anti-Malware Protection.

Due to the large volume of transformations, the project was divided into 2 stages:

  1. Migration of assets into a single Active Directory holding directory;
  • Configuring trust, formalizing the rules for naming objects;
  • Renaming enterprise domain objects;
  1. Migration of the central mail system of the holding
  • Configuring a hybrid failover solution between On-Premise Exchange and the Exchange Online cloud service;
  • Preparation of scripts to automate the process of user migration from the enterprise mail system to Exchange Online;
  • Planning and implementation of the user data migration process (training instructions, training support service specialists, solving problem cases);
  • Setting up access to corporate data from the Android and iOS mobile platforms using the Intune (Application Management) service and the Conditional Access conditional access service.

Were achieved following results of the project:

  1. Unified rules for naming user accounts and mailboxes;
  2. Global address book, which includes more than 20,000 users;
  3. For 12 months, the information security department employees did not register a single incident related to malicious attachments in e-mail;
  4. The growth in the number of mobile users of the service up to 300%.