Customer Success Story: Securing Microsoft 365 for a Safer, Simpler Cloud Experience

Executive Summary

Ameritec Machining, Inc., AMI, had been using Microsoft 365 for cloud email and productivity, but hadn’t implemented security or identity best practices. SST stepped in to configure their tenant using the Center for Internet Security (CIS) benchmarks, unify user identities across cloud and on-premises environments, and deploy modern endpoint management. The result is a more secure, consistent, and streamlined IT experience for users—without the friction or confusion that commonly plagues small business environments.

Customer Overview

Customer Name: Ameritec Machining, Inc.
Industry: Manufacturing
Location: Iowa
Size: ~25 Users

Challenge

Like many small businesses, AMI adopted Microsoft 365 to improve productivity, but had not configured it to meet modern security standards. Users were managing separate passwords for cloud and on-prem systems, and multi-factor authentication (MFA) had become a barrier rather than a protection. Unrestricted mailbox access, unfiltered attachments, and default settings throughout the tenant left the organization vulnerable to phishing, credential theft, and other cloud-based attacks. Without expert guidance, AMI had no clear understanding of these risks or how to address them.

Assessment & Goals

SST conducted a targeted assessment and identified key risks:

• Inconsistent user identities between on-prem and cloud environments
• MFA disruptions caused by poor configuration
• Unrestricted mailbox access and weak spam/malware filtering
• No configuration of Microsoft security baselines

The goal: Strengthen the Microsoft 365 environment with minimal disruption while aligning the platform with industry-recognized best practices for identity, security, and endpoint management.

Solution

SST delivered a focused Microsoft 365 security hardening engagement designed for high impact with low friction:

• Entra ID Sync: Unified user identities across on-prem and cloud, enabling seamless single sign-on (SSO) and eliminating duplicate credentials.
• Endpoint Management: Implemented Intune and Autopilot to streamline workstation provisioning and enforce consistent policies across devices.
• Security Configuration: Applied multiple CIS-aligned controls across the tenant:
  • Blocked sign-ins to shared mailboxes
  • Enabled Safe Links and Safe Attachments
  • Filtered dangerous file types
  • Configured internal malware alerting
• MFA Optimization: Integrated MFA with improved user experience using Microsoft Authenticator.

Results

Unified Access: Users now log in once for all systems with a consistent identity and smoother MFA experience.
Modern Device Management: Workstations are deployed faster and managed securely with modern cloud tools.
Reduced Risk: Key Microsoft 365 attack vectors have been closed by applying baseline security policies and restricting risky behaviors.
No Disruption: The entire project was completed in a few weeks without impacting users or business operations.
Stronger Cybersecurity Posture: AMI now has a cloud environment that supports future growth and aligns with CIS security frameworks.

Key Takeaways

• Microsoft 365 is not secure by default—configuration matters
• Identity unification and SSO reduce user friction and boost security
• CIS-aligned safeguards provide a measurable framework for protection
• SST brings strategic insight and technical execution to every engagement