3 min read
A national care group operating across three subsidiary companies (residential, supported living, and specialist brain injury services) with care staff working across multiple sites and in the community. The organisation runs on Microsoft 365 and manages sensitive data for vulnerable adults daily.
Service: Managed IT Care sub-sector: Residential, supported living, specialist care
When we took over IT management for this care group, we carried out a full audit of their Microsoft 365 environment. The Microsoft Secure Score, which measures how well an organisation's security is configured, sat at 16%.
For a care provider handling confidential care plans, medical records, and personal information for vulnerable adults across multiple companies, this was a serious concern.
The previous IT provider had assured the organisation that all devices were managed and compliant. They weren't. Staff phones and tablets being used in the community had no device management, no security policies, and no way to be wiped if lost or stolen. There was no visibility over who was accessing what, from where, or on what device.
Care organisations handle some of the most sensitive data there is. This wasn't a tick-box problem. It was a safeguarding risk.
We developed a phased remediation plan designed to strengthen the environment without disrupting frontline care delivery. The priority was clear: protect people and data, and do it without creating more admin for care staff.
We enrolled every company-owned device (phones, tablets, and laptops) into Microsoft Intune, establishing a managed baseline across the organisation. Every device accessing business data now had to meet compliance requirements before it could connect.
We implemented Conditional Access, which checks whether the right person is signing in, from a compliant device, in an expected location, before granting access. If the conditions aren't met, access is denied. Even a compromised password alone can no longer unlock sensitive care data.
Microsoft Defender was deployed to all Android devices used by care staff in the community, providing real-time protection against malware and phishing. We wrote clear, step-by-step guides so that non-technical care workers could set everything up without needing IT support on-site.
Multi-factor authentication was enforced across the tenant, data loss prevention policies were configured, and SharePoint and OneDrive sharing permissions were tightened to prevent sensitive information from being inadvertently exposed.
The Microsoft Secure Score rose from 16% to 82%, moving the organisation from one of the most vulnerable configurations to a security posture aligned with industry best practice.
Every company device is now centrally managed, monitored, and compliant. Care staff working in the community have proper security on their mobile devices without any extra effort on their part. The organisation has full visibility over its environment for the first time.
The personal data of the vulnerable adults this care group supports is now protected to a standard that reflects the trust those individuals and their families place in them.
Secure Score: 16% → 82% · All devices managed via Intune · Conditional Access enforced · Defender deployed to all mobile devices · Zero disruption to care delivery
Related service: Managed IT