Securing a Microsoft Partner Practice Built on Trust

The company

A specialist Microsoft Data & AI consultancy headquartered in Ireland with operations in the UK. The company is a Microsoft Solutions Partner, delivering data platform, analytics, and AI projects to enterprise clients across Europe, including some of the largest organisations on the continent. Its consultants work embedded within client environments, handling sensitive data and operating within client tenants as a trusted partner.

Despite its focused headcount of approximately 10 people, the company operates at the enterprise tier. Its client roster, the sensitivity of the data it handles, and the access it is granted demand a security posture that matches. The licensing environment reflects this: Microsoft 365 Copilot, Dynamics 365, Power Platform, Visio, Project, Teams Premium, and Cloud PCs alongside the core security and productivity stack. This is not a company that uses Microsoft lightly — it lives inside the platform.

We protect our clients’ privacy by default. The details in this case study are anonymised, because we secure our clients’ identities the same way we secure their data.

The challenge

This company’s challenge was not the usual story of neglect or a breach that forced action. It was a credibility gap — and the leadership team could see it widening.

As a Microsoft Solutions Partner specialising in Data & AI, the company advises some of the largest organisations in Europe on how to use Microsoft’s data platform. Its consultants are granted access to client tenants, work with sensitive datasets, and are trusted to operate within environments where a security incident would have consequences far beyond the consultancy itself. That trust is the foundation of the business, and it needed to be backed by verifiable controls.

Microsoft’s own partner programme imposes specific compliance requirements. All partner organisations must meet MFA adoption targets, maintain security baselines, and demonstrate ongoing compliance. These are not optional — failure to meet them risks partner status itself. But meeting the minimum bar is not the same as being properly secured.

The collaboration model added complexity. At any point, the company might be collaborating with dozens of enterprise clients through guest access, shared channels, cross-tenant Teams environments, and delegated administrative access. Each of those relationships is a trust boundary. Data classification, information barriers, and governance controls matter as practical requirements.

The company also held rich Microsoft licensing that it needed to understand deeply in order to advise clients. This created a distinctive requirement: the need to regularly provision lab tenants, deploy Microsoft Security technologies in realistic configurations, and test how features like Purview sensitivity labels, DLP policies, and Copilot data governance controls behave in practice before recommending them to enterprise clients.

What we did

The engagement began with a full environment audit covering the Microsoft 365 tenancy, device inventory, licensing analysis, partner compliance review, multi-tenant collaboration assessment, lab environment audit, and ISO 27001 gap analysis.

The security baseline was deployed within eight weeks. Microsoft 365 Business Premium was optimised with a tiered licensing model. Entra ID P2 provided Conditional Access and MFA enforcement exceeding Microsoft partner requirements. Intune enrolled all managed endpoints with compliance policies, security baselines, and disk encryption.

The Defender XDR suite was deployed alongside Blackpoint Cyber MDR, advanced email threat protection, and Microsoft Sentinel with extensive custom detection rules — including authentication from new countries, unseen platform detection, privileged account monitoring, FIDO2 authentication method changes, and multi-stage persistence and exfiltration alerting. Guest access and cross-tenant collaboration policies were reviewed and tightened with Conditional Access extended to cover external collaboration scenarios.

The ISO 27001 certification programme built directly on the deployed security baseline. A lab partnership was established: Tarbh Tech engaged as an ongoing technical partner for provisioning and configuring Microsoft Security lab environments, including Purview sensitivity labels, DLP rules, Defender for Cloud Apps, and Copilot data governance testing.

The results

The 85% Microsoft Secure Score is the highest across the Tarbh Tech client base and significantly above the 51% industry average — reflecting both the depth of configuration and the company’s willingness to adopt controls fully rather than selectively.

In the most recent month, 28 security incidents were detected and triaged. Authentication attempts from Brazil, Indonesia, the United States, and Luxembourg were flagged. Changes to FIDO2 authentication methods on privileged accounts were detected in real time. A multi-stage persistence and exfiltration alert was investigated and managed. The 21 VIP impersonation emails mitigated reflect the reality that Microsoft Partners whose leadership is visible in the partner ecosystem are disproportionately targeted.

The ISO 27001 certification was not a bolt-on compliance exercise. The controls required by Annex A are the same controls that run the environment day to day. When the certification auditor arrived, the evidence was already there. When it came time to retain the certification, nothing needed to be rebuilt.

The lab partnership has become one of the most distinctive aspects of the relationship. Tarbh Tech regularly provisions dedicated lab tenants and works alongside the consultancy’s team to deploy and test Purview sensitivity labels, DLP rules, Defender for Cloud Apps configurations, and Copilot data governance controls. These findings directly inform the consultancy’s recommendations to its enterprise clients.

Where things stand today

The company is on COSAINT Managed with ISO 27001 add-on support. The monthly service includes full Microsoft 365 and Intune management, Defender XDR monitoring, 24/7 SOC triage, Sentinel with custom detection rules, advanced email threat protection, Teams Phone, automated monthly reporting, and ongoing ISO 27001 compliance support plus lab partnership support.

Current priorities include maintaining ISO 27001 certification, refining cross-tenant collaboration governance, expanding lab testing to cover emerging Microsoft Security capabilities, and supporting the company’s growing use of Copilot across consulting and delivery workflows.