Here's how one University Medical Center separated its Microsoft 365 platforms to meet requirements and improve overall security and collaboration.
A large university medical center was struggling to split the technical platforms they shared with another university after legally separating into two different entities. Both medical center and university users needed to be able to work and collaborate in both environments which meant they needed to be given appropriate security access. This required a migration of the medical center's technology platforms, content, and applications to their own space. In addition, the medical center wanted to modernize where possible and increase their use of the Microsoft 365 cloud platform which was licensed but not fully adopted.
A Separate Fully Functioning Technical Environment
As common with separations and divestitures, technical platforms become so intertwined over long periods of time that untangling the knot can feel impossible, let alone finding the beginning of a string on which to pull. The medical center partnered with JourneyTEAM's SharePoint and Cloud specialists to initially analyze and plan the various platforms and processes that needed to be separated—essentially, figuring out which knot to pull first. It was clear that this project would impact all aspects of their business. Then began the execution of a multi-year plan focusing on the areas of identity and access management (IAM), devices, data, and applications.
For user identities, which were managed across multiple on-prem Active Directory instances and in the Microsoft 365 (M365) cloud, they standardized on Azure AD for all M365 workloads and future IAM requirements through federation. This included, but was not limited to, updating onboarding and offboarding processes, implementing a third-party tool for group management across on-prem and cloud directories, and rolling out Microsoft Multifactor Authentication (MFA) to over 30,000 users. With the user’s cloud identities secured and fully managed, other workloads could easily be leveraged from the Microsoft 365 tenant.
Devices were targeted for Microsoft Endpoint Management with Intune by removing them from on-prem Active Directory and joining them to Azure AD. This required many devices to be updated to Windows 10 or new devices to be issued through Autopilot. Standardizing devices through Microsoft Endpoint Management gave the medical center better visibility and control of the thousands of remote devices they now had to manage in a post-pandemic world. In addition, combined with the IAM improvements, the new device state removed the need for Virtual Private Network (VPN) for a number of users.
The move of primary identity and devices to Microsoft 365 paved the way for users to fully adopt the features and services that made working remote easier and more secure. In the realm of data, individual content for tens of thousands of users was migrated from on-premises file shares to each user's OneDrive. This allowed for cloud backup of known folders like My Documents, Desktop, and others better separation of individual files from departmental or group files. Department and group data will be migrated to SharePoint Online where needed and is slated to begin soon so users can more easily share and collaborate on content.
With nearly a thousand applications, migration of applications for the medical center is the longest running workload. Apps are reviewed and analyzed and then slated for either an infrastructure migration or authentication migration to Azure AD through federation or both. Some applications will remain on-prem but are integrated with Azure AD for SSO and secure remote access which further removes VPN requirements going forward. In addition, some unique applications require access from the university user base which is being addressed through Azure AD B2B identity and collaboration framework. This includes a custom solution from JourneyTEAM that allows synchronization of identity attributes across organizations.
JourneyTEAM continues to partner with the medical center team as they have for several years to ensure a proper migration to their new environment. As a result, collaboration and productivity increased and technical platforms and identities are more secure. The university and the medical center can still work together, but the medical center has better control and visibility over their separate platforms, content, and access. Additionally, their remote workforce can easily and securely access the content, applications, and platforms needed to get work done.
If your business is growing, and you are wanting to learn more about how Microsoft 365 cloud can improve your business, contact JourneyTEAM today.