Mikron AG was founded in 1908 in Biel. In the first half of the last century, Mikron contributed to the industrialization of the Swiss watch industry with gear cutting machines and tools. From the 1960s onwards, Mikron gradually expanded its activities to include milling machines, plastic components, and machining systems (special machines). The Mikron Group develops, produces, and distributes high-precision, productive, and adaptable automation solutions, machining systems, and cutting tools. Rooted in Swiss innovation culture, Mikron is a global partner for companies in the automotive, pharmaceutical, medtech, consumer goods, writing instruments, and watch industries. Mikron employs around 1,400 people in three business segments at eight locations worldwide. Providing a stable and secure infrastructure for the collaboration of Mikron employees with internal and external partners is therefore an important task for Mikron’s IT department.
Initial Situation
- Classic IT infrastructure with Windows 7-capable workstations, most client/server management and security solutions run on-premise
- Transition to Windows 10 by 2018 – 2019
- Classic third-party antivirus solution used on clients and servers
- Mikron recognized that they need better “advanced” protection for their clients and servers
Our Solution
- Security assessments and implementation guides that support Mikron in improving their security posture
- Introduction of Microsoft Defender Advanced Threat Protection (MDATP) for all Windows 10 devices
- Migration of the existing antivirus solution for servers to Windows Defender and Microsoft Defender ATP
- Implementation of Office 365 Advanced Threat Protection
- Implementation of Azure AD Privileged Identity Management
- Migration from Active Directory Federation Services to Azure AD Password Hash Sync
- Implementation of Azure AD multi-factor authentication, identity protection, and self-service password reset
- Implementation of compliance monitoring for Windows 10 devices
«Zu dieser Zeit war Mikron bestrebt, die Sicherheit zu verbessern, und Lösungen für den Endpunktschutz waren auf dem Vormarsch. Es war klar, dass die Korrelationsfähigkeit zwischen vielen Sicherheitssensoren der Schlüssel zum Erfolg ist. Anstatt einzelne Produkte zu betrachten, die integriert werden müssen, haben wir uns das 365-Sicherheitsangebot angeschaut, das auch für mittelständische Unternehmen vielversprechend klang: eine Sicherheitsscheibe für alles. Heute, zwei Jahre später, kann ich sagen, dass es die richtige Entscheidung war. Zusammen mit der Expertise der baseVISION AG haben wir unser Ziel, Visibility First, erreicht und setzen nun unseren Weg mit der Microsoft Threat Protection Suite fort.»
The Vision
- Improvement of Mikron’s overall security posture
- Provide each user with the same level of protection
- Reduction of the number of security tools from various providers
- Harmonize license plans
«Wir haben mit Microsoft eine ausgewogene Lösung gefunden, die mit unserer aktuellen Umgebung (vor Ort und in der Cloud) harmoniert und sich ständig weiterentwickelt, um alle Sicherheitsaspekte auf integrierte Weise abzudecken.»
The Transformation
In 2018, Mikron began migrating existing Windows 7 clients to Windows 10. As the license renewal for the existing third-party antivirus solution was due in the coming months and a more advanced solution was needed to protect users, Mikron decided to evaluate Microsoft Defender Advanced Threat Protection.
baseVISION AG supported Mikron in conducting the Proof of Concept for Microsoft Defender Advanced Threat Protection. The baseVISION security consultants worked directly with Mikron’s IT infrastructure and security teams, providing guidance on installation, configuration, and deployment, allowing Mikron to conduct the necessary evaluation of Microsoft Defender ATP in their own environment.
Convinced by the capabilities Microsoft Defender ATP offers to protect employees, Mikron decided to deploy Windows Defender and Microsoft Defender ATP to protect Windows 10 devices. Shortly after this decision, Mikron requested a review of the antivirus strategy for server workloads as well. After evaluation and some testing with various server workloads, Mikron decided to migrate the existing antivirus solution for servers to Windows Defender and Microsoft Defender ATP.
Mikron’s workplace was now equipped with a state-of-the-art EDR solution. However, Mikron’s IT management and CISO were aware that an EDR solution alone is not sufficient and that, as part of a defense-in-depth strategy, existing security processes and solutions need to be further reviewed and adjusted to ensure that users remain protected, regardless of where they work and where they store their data. In early 2019, baseVISION, Microsoft, and Mikron conducted a two-day workshop focused on how Mikron can offer its users a secure and modern work environment with the features of the Microsoft 365 E5 Security Stack.
Throughout 2019, baseVISION and Mikron continued their collaboration and began planning the deployment of Microsoft Office 365 ATP, which will replace a third-party solution, as well as the introduction of Azure AD Privileged Identity Management, which provides an additional layer for IT administrators’ identities. By migrating from ADFS to password hash synchronization, Mikron was able to remove additional server load and complexity from the local IT infrastructure.
Starting in early January 2020, multi-factor authentication, Azure AD Conditional Access, and Azure AD Identity Protection provide the necessary protection mechanisms to safeguard Mikron’s employees.
Summary
In summary, Mikron’s move to the cloud brings benefits associated with reduced infrastructure and increased agility. By implementing Microsoft Threat Protection (Microsoft Defender Advanced Threat Protection, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection, and Microsoft Cloud App Security) together with baseVISION, Mikron was able to reduce its infrastructure and provide an integrated security solution to protect its employees.
- Improvement of Mikron’s overall security posture for on-premise and cloud
- All users have the same security applications
- Reduction of infrastructure and third-party security products
Leading companies rely on us.
