Untitled project(7)

Azure Sentinel allows you to create automation based on Azure Logic Apps, which used within Azure Sentinel are called Playbooks. This situation means that we have access to a very broad spectrum of elements from which we can build automation activities. At the same time, for the Azure Sentinel administrator, most often not DEVOPS on a daily basis. This richness and the dynamics of development and change of Azure Sentinel as well as Azure Logic Apps, makes it sometimes quite difficult to find help in solving the described problem.

My goal was to expansion of automation o use one of the latest features that have recently been made available in Azure Sentinel - the Watchlist. It is a dictionary that is defined and editable after creation, allowing to avoid "hardcoding"

in analytics queries of quasi static data such as: lists of IP addresses, sensitive account names, etc. The Watchlist is stored as a component of the Log Analytics workspace where Azure Sentinel has been added (enabled).

WATCHLIST MENU IN AZURE SENTINEL

Despite the wealth of features, Azure Logic Apps module with elements dedicated to Azure Sentinel, until recently, did not offer management functionality Watchlist. W Azure Portal Watchlist could be added or deleted, editing its contents was not possible,

as well as Azure Logic Apps did not provide this capability (at the time of writing this text - these capabilities are already significantly expanded). The only mechanism supporting the automation of activities in this area was the Azure REST API and I decided to use it. Since I had no previous experience in using the REST API

As part of Logic Apps, I decided to enlist the help of communities Azure Sentinel.

          To make life easier for those dealing with Azure Sentinel and allow for the exchange of experience, Microsoft has created a community on GitHub. A lost administrator looking for a solution to his problem can very often find it here. The community portal can be accessed from the Azure Sentinel menu or by going to the https://github.com/Azure/Azure-Sentinel

mo2
COMMUNITY MENU IN AZURE SENTINEL
mo3
AZURE SENTINEL GITHUB COMMUNITY

Within the list of available playbooks, I found this one fulfilling current needs

 

  1. Check if there is a Watchlist with the given name and if it does not exist create one.
  2. Add an element to the Watchlist according to its structure, in this case a pair: address_IP_server and name_server.

Playbook address:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Watchlist-Add-IPToWatchList

I imported the playbook directly from the page using the "Deploy to Azure" button, specifying the necessary import parameters required by the playbook. Then, according to

with the requirementsand Azure Logic Apps I configured API calls for the playbook elements requiring it. The problem occurred with the elements performing the main playbook tasks, and using the REST API, because they required the use of do Managed Identity authentication.

mo4
AUTHENTICATION FOR REST API QUERY ELEMENT

As recommended by the author of the playbook for the Azure Logic App, a Managed Identity was created correctly in Azure AD from within the Logic App and verified in Azure AD.

mo5
ENABLE SYSTEM ASSIGNED MANAGED IDENTITY FOR LOGIC APP

Despite this, the item still did not execute correctly, there was an authentication error in Azure AD.

mo6
AUTHENTICATION ERROR QUERY ELEMENTS REST API PLAYBOOK

I verified both Tenant ID, as well as resource principal, but everything seemingly matched. Managed Identity was registered correctly, the playbook was visible in Azure AD, and it had the necessary permissions granted on the Resource Group, which included the Log Analytics workspace from Azure Sentinel. I found a few blog posts about my problem to some extent, but either were outdated due to changes in Azure. Changes made on the basis of these posts had no effect. The only, but very important, knowledge I gained from reading these blogs was the following.

about the need to focus on the field Audience. Audience is a value that identifies an "application" in Azure against which the Azure Logic App is authenticated in AD

and authorized. I started looking for how to specify the identifier to be entered in the Audience field. In blogs, each time it was an identifier of type GUID. Unfortunately, this was a misleading lead, as it was not an application registered in, for example, the Enterprise Applications,

a system's REST API Azure service Accessible via the system ID.



mo7
QUERY REST API IN LOGIC APP

Watchlist is an element stored in an Azure resource, which is the Log Analytics workspace, accessible via Resource Manager, referencing it via the REST API just creates an Audience for our playbook from Resource Manager.

On the https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities#azure-services-that-support-azure-ad-authentication you will find a list of Azure services supporting authentication with Managed Identity.

On the other hand, on the https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity#authenticate-access-with-managed-identity you will find additional resources for defining authentication in Azure Logic Apps using Managed Identity.

 

 

Finally, the Azure Logic Apps component of the Log Analytics query containing Watchlist:

mo8
REST API QUERY WITH MANAGED IDENTITY AUTHENTICATION

Summarizing all the measures taken, one can come to a conclusion:

  • When working with Azure Sentinel, there must be close cooperation between the security engineers configuring the product and those with DevOps expertise,
  • The very dynamic changes that are taking place in Azure, intended, of course, according to Microsoft, to develop the platform, can be your friends or your greatest enemies. If you are up to date with Azure, following newsletters and information about changes - you will rather manage, if not - tips found on the web can lead you astray,
  • Use Managed Identities because you give applications specific rights to specific resources and minimize the need to keep an eye on changing passwords for accounts, which is always a problem. Azure Sentinel does a very good job of tracking such application logins in Azure after recent changes to the Azure AD Connector, so it's easy to detect anomalies that could be a threat. And you'll probably be able to read about the Azure AD Connector and other elements in future ISCG blog posts.

Author: Mariusz Orkisz

Business Applications: IT infrastructure:

Cloud Solutions:

Cyber Security:

Cyber Security:

Privacy Policy

ISCG sp. z o.o.

Al. Jerozolimskie 178, 02-486 Warsaw
NIP: 5262798378
KRS: 0000220621

Phone

+48 22 571 67 80

Mail

info@iscg.pl

Business Applications

Migration of applications and processes

We carry out migration projects both at the level of data and entire processes. We specialize in migrations to the Microsoft ecosystem. We help plan migrations, prepare data for migration, and perform test and target migrations. We provide post-migration support and optimization services for new solutions.
Contact us

Business Applications

Implementation of IT governance

We support our clients in implementing or optimizing IT governance for Microsoft solutions and technologies. We offer both in-house services developed on the basis of many years of experience and ready-made partner solutions to facilitate and accelerate the implementation of governance.
Contact us

Business Applications

Implementation
and optimization of analytical solutions

We support our clients in building or optimizing analytics solutions. We provide services on all key layers of analytics, i.e. data extraction from various data sources, data integration and preparation for analytics, building optimized databases, warehouses and data lakes, and data modeling for analytics.

We help implement and adopt Microsoft solutions for analyzing and presenting data, such as Microsoft Fabric and Microsoft Power BI.

We organize workshops for both technical and business users.

Contact us

Business Applications

Training for business and IT

We offer comprehensive training for companies on how to effectively use Microsoft 365 applications to help your team maximize the potential of modern office tools.

Our training courses are tailored to the participants' level of proficiency, and practical exercises will help to quickly implement the skills learned in everyday work.

We also offer specialized training for Microsoft 365 environment administrators to effectively manage and grow your company's infrastructure. Our training includes advanced configurations, security management, access control, application deployment and optimization of your Microsoft 365 environment.

With our experienced trainers, participants will gain hands-on knowledge of administering services such as Exchange Online, SharePoint, Teams, OneDrive and Azure AD, allowing them to effectively monitor and develop their cloud environment.
Contact us

Cyber Security Technologies.

End device protection (EDR)

EDR (Endpoint Detection and Response). is an advanced cyber-security tool focused on monitoring and responding to threats in real time on end devices such as computers, smartphones and servers.

EDR uses behavioral analysis, signature engines and AI to detect and block attacks before they happen. Compared to traditional antivirus solutions, EDR offers more proactive protection and Automation of response processes.

It is a key tool that significantly improves the level of security in a customer's infrastructure, especially in the case of distributed infrastructure. It is also an essential tool in the work carried out by Security Operations Center (Monitoring Teams
and responding to cyber threats in the organization).

ISCG offers EDR-class systems of the world's leading cyber security vendors: Microsoft Defender for Endpoints, Checkpoint, Sentinel One, Trend Micro

Contact us

Cyber Security Technologies.

Security incident monitoring and response [SIEM/SOAR].

Implementation of SIEM/SOAR monitoring and response systems [Security Information and Event Management/ Security Orchestration, Automation, and Response] offered by ISCG are advanced solutions that enable comprehensive protection of IT infrastructure. 

They integrate data from various sources such as network devices, operating systems, applications, EDR systems, PAM, IAM, and cloud environments, enabling continuous monitoring, threat detection and incident response automation. 

By combining SIEM and SOAR, organizations can quickly and effectively manage cyber security, minimizing the risk of attacks and ensuring regulatory compliance. These solutions are used in the daily work of the organization's security monitoring teams -. SOC (Security Operations Center)..

ISCG offers SIEM/SOAR class systems The world's leading cybersecurity vendors: Microsoft Sentinel, IBM Qradar, Elastic

Contact us

Cyber Security Technologies.

Mobile Device Management [MDM].

MDM (Mobile Device Management). is a modern solution enabling central management of mobile devices in the company. Implementation of MDM class systems allows remote configuration, monitoring and security of mobile devices such as smartphones, tablets and employee laptops, providing full control over company data.

MDM Solutions protect against data loss or leakage, enable enforcement of security policies, and allow remote locking and wiping of devices In case of an emergency. They also allow the implementation of updates and patches which significantly contributes to the security of the infrastructure. This is a key element of security in remote and mobile work environments.

ISCG offers MDM-class systems The world's leading cyber security vendors: Microsoft Intune, Ivanti Trend Micro Mobile Security, NinjaOne

Contact us

Cyber Security Technologies.

Web Application Security [WAF].

WAF (Web Application Firewall). is an advanced solution that protects web applications from external attacks, such as SQL injection, cross-site scripting (XSS), DDoS and other most frequently mentioned attacks listed in the OWASP Top 10

WAF Monitors and filters network traffic, providing protection against known and unknown threats before they reach your applications. With this tool, your applications are safe,
and user data protected. 

WAF is a key component of cybersecurity, making applications more resilient to attacks and ensuring compliance
With safety regulations and an absolute must have For an organization with web-based applications.

ISCG offers WAF-class systems The world's leading cybersecurity vendors: Microsoft Azure Application Gateway, Barracuda WAF

Contact us

Cyber Security Technologies.

Email Security [Mail Security].

Mail Security provides comprehensive email protection against threats such as phishing, spam, malware and zero-day attacks. 

The solution monitors email traffic in real time, identifies suspicious messages and blocks dangerous content even before it reaches the mail server, minimizing the risk of data leakage and attacks on IT infrastructure. With advanced filtering and security mechanisms, it ensures secure company communications.

ISCG offers dedicated systems for mail protection The world's leading cybersecurity vendors: Microsoft Defender for Office 365, Trend Micro Email Security, Check Point Harmony Email & Collaboration

Contact us

Cyber Security Technologies.

Enhanced Incident Detection and Response [XDR].

XDR (Extended Detection and Response) is an advanced solution that integrates threat data from different systems and layers of IT infrastructure, such as networks, endpoint devices and the cloud, to enable effective detection, analysis and response to attacks. XDR automates monitoring and incident response processes, which increases the efficiency of security operations. Unlike SIEM-class solutions, it features deeper analytics and automation of threat response processes. This solution helps companies proactively manage threats and reduce response times to cyber attacks, raising the level of protection for IT infrastructure.

ISCG offers XDR-class systems from the world's leading cyber security vendors: Microsoft Defender XDR , Checkpoint - Infinity XDR, SentinelOne - Singularity XDR, Trend Micro Vision One XDR

Contact us

Cyber Security Technologies.

Multi-Factor Authentication [MFA].

MFA (Multi-Factor Authentication). offered by ISCG is multi-component authentication, which significantly increases the security level of access to digital resources.
MFA requires users to confirm their identity using two or more verification methods, such as SMS codes, biometrics or tokens.
The solution protects against unauthorized access, phishing attacks and ensures compliance with regulations such as RODO, NIS2 and DORA, which minimizes the risk of data breaches

ISCG offers MFA-class systems from the world's leading cybersecurity vendors: Microsoft Azure MFA, Yubico YubiKey, HID MFA, Delinea and ISCG's proprietary solution dedicated to on prem ASA2 MFA environments.

Contact us

Cyber Security Technologies.

Passwordless authentication [Passwordless].

The Passwordless solution offered by ISCG is a passwordless authentication solution that eliminates the need for traditional passwords, increasing security and convenience for users. Identity verification is based on biometrics and cryptographic security keys, minimizing the risk of phishing attacks and data leaks. Passwordless authentication is more secure and intuitive, supporting organizations in eliminating weak passwords and improving productivity

ISCG offers Passwordless class systems from the world's leading cybersecurity vendors: Microsoft Azure Active Directory Passwordless. HID DigitalPersona, Yubico

Contact us

Cyber Security Technologies.

Cloud security

Cloud security solutions [Cloud security]. offered by ISCG provides protection for data stored and processed in the cloud, minimizing the risk of cyber attacks and data leaks. The system includes mechanisms such as access control, preventive leakage protection and automated incident management. Through the collaboration of various cloud tools, ISCG provides comprehensive security tailored to an organization's needs, helping to meet regulatory and security standards

ISCG offers Cloud Security systems from the world's leading cyber security vendors: Microsoft Defender for Cloud. Trend Micro Cloud One

Contact us

Cyber Security Services

Risk analysis and management

Risk analysis and management are key to ensuring the security of organizations, especially in the face of increasing regulatory requirements such as NIS2, DORA and RODO. By identifying and assessing risks, companies can minimize the risk of breaches, protect sensitive data and comply with applicable regulations. Implementing effective risk management mechanisms increases an organization's cyber resilience, allowing it to proactively counter threats and limit potential losses.

ISCG offers comprehensive cyber risk analysis and management services, helping organizations identify, assess and minimize IT security risks. Our best-practice-based solutions enable continuous monitoring of risks, implementation of effective security mechanisms and compliance with regulatory requirements.

Contact us

Cyber Security Services

Vulnerability monitoring and management

Vulnerability monitoring and management service offered by ISCG is a service that provides comprehensive identification, assessment and management of vulnerabilities ( including patch management) in IT infrastructure. The goal of this process is to minimize the risks associated with cyber attacks through ongoing monitoring and security updates. This service includes regular scanning of resources, vulnerability assessment, patching and recommendations for future elimination or risk mitigation. In the price of the service, we provide commercial tools from leading manufacturers, so the organization does not incur any additional costs in terms of technology investment.

Benefits of vulnerability management:

  • Proactive detection of vulnerabilities in IT systems.
  • Increasing resilience to cyberattacks.
  • Maintain compliance with regulations and safety standards.
  • Respond faster and more effectively to new threats.
  • Monitoring the organization for vulnerabilities on a continuous basis
  • Patch management for third-party devices and systems and applications
Contact us

Cyber Security Services

Security HealthCheck for AD

The scope of the service includes, but is not limited to.

  • Configuration audit - including domain structure, GPO policies, and user and group management
  • Security assessment - review of current security mechanisms, password policies, access control and login security features
  • Identification of risks - configuration errors, security weaknesses, improper configurations and permissions
  • Analysis of compliance with security standards
  • Remedial recommendations

The end product is a detailed technical report describing all detected vulnerabilities and configuration errors, along with clear recommendations for security departments to improve security and risk management.

We provide the SH service for AD(Entra) on a one-time basis or as a recurring service that is a regular item on the organization's audit schedule.

Contact us

Cyber Security Services

Protecting the Cloud as a Service

ISCG provides services in the area of Cloud Security based on Microsoft technologies provide advanced protection for cloud environments based on solutions such as Microsoft Azure and Microsoft 365. Often this type of service begins the process that ultimately finalizes the implementation of a full Security Operations Center. These services include:

  1. Monitoring and detection of threats in cloud resources in real time, detect and automate actions to eliminate them
  2. Access and identity management Advanced identity management features, including Multi-Factor Authentication (MFA), Conditional Access, and Identity Protection, which provides full control over access to cloud resources.
  3. Data security and application protection - by monitoring and controlling application activities, implementing security policies tailored to the organization's needs and in compliance with regulations.
Contact us

Cyber Security Services

Health Check Office 365

Office 365 Health Check is a service provided by ISCG, is a comprehensive analysis of the health of the Microsoft 365 environment. The audit includes verification of security, such as MFA implementation, license management and identification of unnecessary administrative privileges. Specialists also check security in services such as Azure Active Directory, Exchange Online, SharePoint, OneDrive and Teams. The goal is to optimize security and cost efficiency by eliminating unnecessary licenses and adjusting data protection policies.

What do you get?

  • Basic security verification (MFA, password policies)
  • Identification of accounts with unsafe privileges
  • Verification of phishing and spam policies
  • Microsoft expert advice

Areas tested:

  • Licenses
  • Microsoft 365 and Azure Active Directory Security
  • Exchange Online, SharePoint, Teams, OneDrive

Benefits:

  • Increasing security and eliminating unnecessary licenses, which reduces costs.
Contact us

M365

End device management - Microsoft Intune

Endpoint device management is a key component of any organization's security strategy, and in the Microsoft 365 ecosystem, this is especially important. ISCG, a partner with Security expertise and years of experience in IT infrastructure management, offers end-to-end implementation and configuration of Microsoft Intune, a modern tool for managing mobile and desktop devices.

With Intune, it is possible to manage PCs and mobile devices from one central point, giving you full control over the devices in your company. This allows for effective:

  • configuration management,
  • Controlling and distributing updates,
  • Enforcing safeguards in accordance with the best industry standards,
  • Protection of corporate data on users' private devices (BYOD).

ISCG has been implementing endpoint device management solutions such as SCCM (System Center Configuration Manager) for years, making device management our DNA. This gives our customers the confidence that any Intune implementation will be based on a solid technical foundation and follow best practices. Our unique combination of knowledge and experience allows us to create consistent and secure IT environments.

Creating configuration and security standards is key to ensuring:

  • Uniformity and minimization of the risk of errors,
  • IT infrastructure scalability,
  • Full regulatory compliance (e.g., RODO),
  • Proactively securing company data against internal and external threats.

As part of the implementation, ISCG focuses on fine-tuning Intune to the organization's requirements. We integrate security solutions, such as Windows Defender, to effectively protect corporate data on users' devices, and support security policy management and compliance processes.

With ISCG as a partner, deploying Intune becomes the foundation for effective and secure endpoint device management, allowing the company to focus on key business objectives with the confidence that their IT environment is secure and optimized.

Contact us

M365

Migrating documents to SharePoint and OneDrive

Moving documents from local file servers or other cloud-based solutions to platforms such as SharePoint and OneDrive is a key part of modernizing any company's IT environment. ISCG offers comprehensive migration services that not only include moving files, but also optimizing their organization and ensuring the highest level of security in the new environment. This allows companies not only to access data from anywhere and from any device, but also to manage information efficiently, securely.

Migrating files to SharePoint and OneDrive requires the use of precisely planned document transfer logic. It is important to preserve the file structure during the migration process and to properly map access to documents in the new environment. ISCG pays particular attention to securing access to data at various levels, from the site level to individual files. This allows organizations to effectively control who has access to certain information, which is essential for maintaining data security.

An important aspect of migration is the classification of documents, which enables the proper management of file confidentiality. For the migration of sensitive documents, ISCG ensures the implementation of advanced mechanisms to protect against data leakage. ISCG's experience in working with classified data (access level 3) is crucial here, as migration of such sensitive information requires not only technical competence, but also appropriate procedures to ensure data integrity and security.

The introduction of SharePoint and OneDrive also makes it possible to implement advanced auditing mechanisms to monitor user activity against specific files and sites. These technical safeguards not only protect data from unauthorized access, but also enable rapid response to potential security incidents. In the context of today's cyber threats, this approach to document management and migration is invaluable.

In summary, ISCG, with its experience and expertise, provides secure, efficient and best-practice file migration to SharePoint and OneDrive, which supports not only the flexibility of teamwork, but also the highest level of data protection in the company.

Contact us

Azure

Maintain On-Premise and Azure environments 24/7

We provide professional maintenance services for Azure and On-premise environments, drawing on years of experience in managing large infrastructures for 50,000 users and several thousand servers. Our distinguishing feature is our support for classified networks and secret systems, thanks to our relevant certifications and NATO vendor status. We offer 24/7 global support and manage infrastructure in Data Centers around the world.

By opting for our services, you will focus on key aspects of your organization's operations, minimizing the risk of downtime and benefiting from advanced technologies and best practices. Outsourcing to ISCG also saves on hiring and training your own IT staff, allowing you to allocate resources more efficiently and invest in strategic growth.

Our comprehensive approach to infrastructure management, backed by experience in handling the most demanding environments, guarantees security, reliability and cost optimization. By working with us, you will gain confidence that your IT infrastructure is in the hands of experts who will ensure its uninterrupted availability and high performance.

Contact us

Azure

Management and audit of directory services

For any organization, the correctness of directory services is crucial, ensuring consistency and security in the management of identities and access to IT resources.

We provide comprehensive 24-hour support services for Active Directory, covering 2-3 lines of support. With advanced knowledge and experience in the field of Identity and Access Management, our team of specialists provides the highest quality of services.

In addition, we perform Active Directory audits, both one-time and regular, which are key to maintaining optimal configuration and security. Our audits allow us to detect security vulnerabilities, check regulatory compliance and monitor system performance. With regular reviews, it is possible to react quickly to changes in the organizational and technological structure, which minimizes the risk of unauthorized access and ensures business continuity

Contact us

Azure

Developing and maintaining standards in Azure

Customers often neglect regular reviews and audits of their cloud environment, leading to gaps in cloud management procedures and standards. ISCG ensures policies are updated and best practices are implemented, significantly improving security and efficiency.

We evaluate configurations and management policies on the Azure platform, identifying gaps, incompatibilities and risks. Based on the analysis, we develop recommendations for improving security, efficiency and compliance with best practices. We help implement these changes and monitor their effectiveness, regularly updating management policies.

Contact us

Azure

Emergency recovery of cloud environment

We offer comprehensive preparation of backup environments for key IT systems, ensuring their continuity and security. Our offering includes risk analysis and estimation of the costs associated with failure, as well as the development of recovery procedures and identification of data sources. We use Azure Site Recovery, which is the most cost-effective solution in its class, offering low cost, automatic backups and fast restoration of systems. Our services also include the development of detailed restoration procedures, establishing service levels (SLAs), ongoing support and monitoring to minimize downtime and ensure a fully functional backup environment. With our offerings, you'll increase the security of your critical systems, benefit from the low cost of Azure Site Recovery, and gain the confidence of rapid system restoration and customization.
Contact us

Azure

Migration to Azure

We specialize in comprehensive migration services to Azure, including both infrastructure and database applications. Our experienced teams of architects ensure a smooth and fast transfer of resources. The migration process is carried out with attention to data security and minimal downtime, allowing for a smooth transition to the new environment. Thanks to the advanced knowledge and experience of our specialists, clients can count on a safe and efficient migration that streamlines the management of IT resources and optimizes operating costs.
Contact us

Business Applications

DMS and VDR system

We offer implementation of an advanced DMS (Document Management System) class system with VDR (Virtual Data Room) functionalities, based on Microsoft SharePoint platform.

Our solution allows you to centrally manage your records, providing full control over access, versioning and archiving of documents. With VDR functionality, we enable secure sharing of confidential data with external partners, while maintaining the highest standards of security and activity tracking.

The system supports full automation of workflow processes, and with its flexible configurations, it is ideally suited to the needs of your organization, ensuring regulatory compliance and operational efficiency
Contact us

Infrastructure

Backup

We support our customers with a well suitable Backup system that will guarantee reliable backup of the environment. We work with leading brands on the market like Barracuda and Veeam.

Contact us

Infrastructure

Infrastructure management system

Management of on-premise infrastructure is still very often done with the System Center Configuration Manager tool. At ISCG, we have experience in supporting our customers in the area of this technology.
Contact us

Infrastructure

Infrastructure monitoring

We perform on-premise Infrastructure monitoring services. For this, we use native tools available within Microsoft Active Directory, Exchange, SCOM services as well as tools from leading manufacturers in the market.
Contact us

Infrastructure

Distribution of parcels

Along with the implementation of SCCM (System Center Configuration Manager), the ISCG team supports customers in preparing software packages to be distributed to workstations in the organization.
Contact us

Infrastructure

Databases

As part of our services in the area of on-premise infrastructure, we provide SQL database licenses. We also support customers in the management, reconfiguration and development of database environments.
Contact us

Infrastructure

Active Directory

Active Directory (AD) is an advanced directory system that provides companies with centralized management of user identities, network resources and security policies. With extensive integration capabilities, scalability and advanced access control mechanisms, AD enables secure and efficient organization of the IT environment.
Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Cyber Security Services

Cyber Deception Services

Cyber Deception is a cutting-edge security strategy that relies on the creation of fake environments, traps and false resources to mislead cybercriminals. It allows organizations to effectively detect attacks and learn from attackers' behavior before they can do real damage. This allows for early detection of threats that traditional security systems (NGFW, NDR) may miss. With confusing paths and attractors, attackers are guided to controlled locations, giving them time to react, minimizing potential damage. With Cyber Deception, we can detect attacks earlier, reduce risks and losses by engaging cybercriminals in attacks against false targets, better understand attackers' actions through analysis in a controlled environment, and increase security by complementing existing security systems in the infrastructure.

Contact us

Modern workplace

An efficient and secure MS Teams environment

We offer support in the development of the Microsoft Teams environment to make it as effective as possible for employees and at the same time safe for the organization.

Our services include automating the creation of assets, such as feeds, groups, sites and tabs, according to company policies, ensuring consistency and compliance with internal standards. We also provide standardization of descriptions and metadata to facilitate organization and information retrieval. We review current and archived resources, helping to optimize workspace, and manage access for employees and external visitors, ensuring compliance with security policies.

Contact us

Modern workplace

Digitization of HR processes

We offer comprehensive HR process digitization solutions that will allow your company to optimize and automate key areas of HR management.

Our services include digitizing processes such as recruitment - from automating candidate management, to digitizing onboarding and offboarding, to implementing effective training management systems. We also help with electronic leave management, the implementation of advanced 360 employee assessment tools, and the full digitization of HR documentation, allowing easy access to employee data and reducing paper documents.

Our solutions not only improve the operational efficiency of the HR department, but also support better workflow, regulatory compliance and improved employee experience.

Contact us

Modern workplace

Services for Microsoft 365 Copilot

We offer a comprehensive and secure implementation of Microsoft Copilot in a Microsoft 365 environment, providing full support at every stage of the process.

Our services include detailed configuration of the tool, taking into account the specific requirements of your organization, and assistance in meeting the highest standards of IT security and compliance.

In addition, we support the adoption of Copilot by employees, offering training and support in integrating it into daily work processes. We also provide long-term maintenance of the solution, including regular backups and monitoring to ensure business continuity and data security.

Contact us

Modern workplace

Chatbots

We offer implementation of advanced chatbots based on Microsoft Azure AI, Copilot and Microsoft Teams technologies to improve communication and process automation in your company.

Our solutions enable the creation of intelligent assistants to help with customer service, employee support and the automation of administrative tasks. Through integration with Microsoft Teams, chatbots can act as virtual assistants available within daily work tools, providing quick responses, technical support and performing routine operations.

The use of Azure AI and Copilot guarantees continuous learning and customization of chatbots to meet the specific needs of your organization.

Contact us

Business applications

Document workflow

We offer a comprehensive implementation of electronic workflow based on Microsoft Power Platform, SharePoint and Microsoft 365 technologies, which will significantly improve business processes in your company.

We create personalized solutions that automate the flow of documents, reduce processing time and increase transparency of operations.

With integration with Microsoft Power Automate and SharePoint, we provide easy documentation management, full control over permissions and security, and real-time progress tracking.
Contact us

Business Applications

IT governance services

We support our clients in implementing or optimizing IT governance for Microsoft solutions and technologies. We offer both in-house services developed on the basis of many years of experience and ready-made partner solutions to facilitate and accelerate the implementation of governance.

Contact us

Business applications

Implementation of e-signatures
and e-seals

Working with leading trust service providers, we provide solutions using electronic signatures and electronic seals.

We provide both qualified and non-qualified solutions.

The trust services we offer can be stand-alone solutions or part of larger systems - such as systems for managing e-contracts.
Contact us

M365

Auditing and optimizing your Microsoft 365 environment

Regular reviews of your Microsoft 365 environment are key to maintaining compliance with best practices and security standards. Our audit offerings, performed by ISCG, provide a thorough analysis of your Microsoft 365 configuration, identifying security gaps, regulatory non-compliance and other risks.

With a Microsoft 365 audit, you gain configuration optimization that maximizes the efficiency of your environment. You can save on unused licenses - up to 40% in costs. Additionally, you'll increase data security by focusing on protecting your business from threats.

Our audits focus on key areas such as analyzing redundant privileges and evaluating phishing and spam protection policies. Based on the results of the audit, we develop detailed recommendations for improving security, performance and compliance, and then help you implement these changes. Upon completion of the audit, you will receive a detailed report to help you improve security, remove unused licenses and implement best practices in Microsoft 365 management.

Contact us

M365

Development and maintenance of M365 standards

ISCG offers a comprehensive service for developing and maintaining cloud management standards, with the goal of improving the security and efficiency of Microsoft 365 environments. Customers often neglect regular reviews and audits, leading to gaps in procedures and standards.

Our team of experts performs a detailed assessment of configurations and management policies, identifying gaps, incompatibilities and risks. If necessary, we use third-party tools such as Simone Cloud and Microsoft Score to help align configurations with applicable standards, such as Baseline and CIS.

We prepare and document the key procedures that are necessary to properly manage a cloud environment. We regularly review and update this documentation to ensure it is in line with best practices and changing requirements.

Based on the analysis, we develop recommendations for improving security, efficiency and compliance. We help implement these changes and monitor their effectiveness through periodic updates to management policies.

With our service, customers can rest assured that their Microsoft 365 environment is compliant with best practices and properly secured. When you work with ISCG, you get a partner who cares about the growth and security of your cloud business.

Contact us

M365

Microsoft 365 24/7 support

As a Managed Services partner, we specialize in comprehensive maintenance of Microsoft 365 environments for numerous clients, including large organizations with thousands of users. Our offering includes all Microsoft 365 packages, allowing companies to focus on their business, leaving technology issues in the hands of experts.

Many organizations face difficulties due to insufficient competence to manage their environments, which can lead to misconfigurations and serious data security problems. Customers often overlook important issues, which can generate risks.

With dedicated first, second and third line support teams, we provide comprehensive support. Our Microsoft 365 support operates 24/7, 365 days a year, allowing us to resolve issues quickly. We serve customers in 26 countries, offering advanced assistance for more complex issues. With our global reach and fast response time, we minimize the risk of downtime and ensure uninterrupted continuity of your Microsoft 365 services.

As part of the contract, we provide clients with the necessary data and reports with recommendations for changes in the environment, as well as FinOps data. We regularly discuss this information with the client, which allows us to jointly develop the competencies of local teams.

Contact us

M365

Backup of Microsoft 365 configuration and data

ISCG offers comprehensive data backup and archiving solutions for users using Microsoft 365, covering services such as SharePoint, Exchange Online, OneDrive and Microsoft Teams. Our approach guarantees full data security and quick access to backups in case of data failure or loss.

As part of our services, we offer backup of both data and settings of the Microsoft 365 environment. Both of these functionalities are crucial, especially in the context of regulations such as the FSA, which require business continuity and auditability. Data backup allows you to recover information after a disaster, such as a ransomware attack or other incidents. Configuration backup allows restoring the environment to a stable state and auditing the changes made, making it easier to identify deviations from recommended configurations.

We use proven tools such as Veeam, CodeTwo, Barracuda and CoreView to ensure effective data management. CoreView provides advanced analytics and reporting capabilities, enabling better license and security management in a Microsoft 365 environment.

ISCG uses Simeon Cloud solutions, which offer advanced configuration management features. This tool allows you to save environment settings and compare them with recommended CIS and baseline configurations. This makes it easy to identify deviations and receive recommendations for optimization. Simeon Cloud also allows you to track the changes you've made, which increases transparency and control. Users can create backups of their configurations and manage changes, as well as restore the full configuration from a specific day, which is extremely useful in emergency situations.

ISCG provides comprehensive and secure data backup and Microsoft 365 configuration solutions, enabling organizations to effectively manage their resources and ensure business continuity under all conditions.

Contact us
M365

Entra ID implementation and audit

Correctness of directory services is crucial for companies to ensure consistency and security in managing identities and access to IT resources. Improperly managed directory services can lead to security vulnerabilities, unauthorized access, and performance and regulatory compliance issues.

We have advanced Microsoft specialization in Identity and Access Management, so you can be sure of the best experience from our engineers. We offer a comprehensive Entra ID (formerly Azure Active Directory) implementation service for organizations with a scale of 50-100 thousand users, as well as smaller companies. With extensive knowledge of directory services and integration with various versions of legacy systems, our implementations are efficient and reliable. We support multi-location projects and integration of different domains, allowing for centralized management of access and identities.

We also perform one-time or regular Active Directory (AD) audits, which are essential to ensure that the configuration remains optimal and secure. Audits allow you to detect and address potential security vulnerabilities, check compliance with internal and external regulations, and monitor system performance. Regular reviews also enable you to respond quickly to changes in your organizational and technological structure, minimizing the risk of unauthorized access and ensuring business continuity.

Contact us

M365

Implementing Microsoft Teams

Microsoft Teams is an advanced communication and collaboration tool that acts as a central hub for daily work, integrating key business applications and ensuring the smooth flow of information within the company. It offers features such as chat, videoconferencing, file sharing and advanced workflow mechanisms to smooth approval processes and automate tasks, eliminating the need for multiple tools.

ISCG specializes in Microsoft Teams implementations and offers full support for integration with existing systems, user and access management. Our differentiator is our competence in integrating Teams with low-code platforms, which allows us to create and implement optimal business processes without advanced programming. As a result, we are able to offer solutions that take into account the specifics of Teams operations, supporting process automation and efficiency.

In addition, ISCG's offerings include Teams Room Calling, an integration of audio conferencing systems with telephony to enable seamless online conversations and meetings. Although Microsoft Teams is a well-known tool, many companies use only part of its potential. That's why we offer user training to take full advantage of Teams' advanced features and its integrations with other tools, making daily team work much faster and easier.
Contact us

M365

Mail migration to Exchange Online

Migration of mail from various systems such as Google Workspace, Lotus Notes, local providers or on-premisse servers to Exchange Online is a key part of the transformation to Microsoft 365 cloud. ISCG's team has extensive experience in large-scale migrations involving distributed environments with thousands of mailboxes. In such complex projects, we use third-party migration tools that automate the process and enable detailed migration auditing, ensuring full control and data security. This allows us to carry out the migration quickly and securely, minimizing the risk of data loss and downtime for the organization. We offer comprehensive support at every stage, from analyzing your current environment to moving emails, contacts and calendars, ensuring your business runs smoothly. Thanks to advanced security methods, your data is protected and the migration takes place at convenient times, limiting the impact on current operations. Once the process is complete, we also offer training and technical support so users can get the most out of Microsoft 365
Contact us

M365

CSP licenses

As a Microsoft Bill Direct ISCG provider, we offer Microsoft 365 licenses at attractive prices, supporting our customers to effectively manage their cloud resources. Our licensing optimization consulting allows you to maximize the use of available resources.

In addition, we establish close relationships with our clients, enabling them to benefit from the expertise of our best architects. We offer continuous 24/7 support services, which gives our clients a sense of security. As a partner with the right expertise, we monitor their environment, catching potential threats and responding to them quickly. The Microsoft 365 platform processes business-critical information, so it deserves the special attention and care we provide to our customers.

Contact us

M365

M365 and Co-Pilot platform management workshop

We offer a comprehensive training program on managing the Microsoft 365 platform, led by a top MVP architect in the area of this technology. Our courses focus on key aspects such as managing licenses, permissions and data security. Participants will gain the knowledge necessary to effectively manage their M365 environment, allowing them to optimize processes and increase productivity.

We particularly focus on the Copilot for Microsoft 365 tool, which supports task automation and facilitates daily collaboration. Through sessions led by an expert, participants will learn not only about the tool's capabilities, but also about the myths and facts associated with it. They will learn which features work effectively and which still need to be refined, allowing them to have realistic expectations and be better prepared to use the tools in their daily work.

Training is customized to provide the practical skills and competencies needed to effectively manage the platform and protect data

Contact us

Azure

Optimizing the Azure environment

We offer comprehensive services to reduce costs and increase efficiency in Azure cloud environment

Our service includes a cost audit and resource utilization analysis, which will allow us to identify areas for optimization. We will focus on monitoring workloads, optimizing test environments and reducing the number of virtual machines.

In addition, we will migrate from the Pay-As-You-Go model to long-term bookings, which can save up to 50%.

Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Azure

Backup data to Azure

We deliver advanced data backup configuration to the cloud, with a focus on security, efficiency and compliance with the best market standards. Our approach includes precise governance preparation, robust procedures and integrated processes, supported by the latest tools.

We design a backup architecture, tailoring it to your organization's specifics, and then configure backup solutions according to your strategy. We implement automated backup mechanisms and monitor processes in real time, ensuring data integrity and quick detection of problems. We regularly test the recovery process to ensure that backups are complete and effective.

Contact us

Azure

Entra ID implementation and audit

Correctness of directory services is crucial for companies to ensure consistency and security in managing identities and access to IT resources. Improperly managed directory services can lead to security vulnerabilities, unauthorized access, and performance and regulatory compliance issues.We have advanced Microsoft specialization in Identity and Access Management, so you can be sure of the best experience from our engineers. We offer a comprehensive Entra ID (formerly Azure Active Directory) implementation service for organizations with a scale of 50-100 thousand users, as well as smaller companies. With extensive knowledge of directory services and integration with various versions of legacy systems, our implementations are efficient and reliable. We support multi-location projects and integration of different domains, allowing for centralized management of access and identities.We also perform one-time or regular Active Directory (AD) audits, which are essential to ensure that the configuration remains optimal and secure. Audits allow you to detect and address potential security vulnerabilities, check compliance with internal and external regulations, and monitor system performance. With regular reviews, you can also respond quickly to changes in organizational and technological structure, minimizing the risk of unauthorized access and ensuring business continuity.
Contact us

Azure

Pilot implementation

The pilot deployment is a key test phase in the Azure migration process, allowing identification and elimination of potential problems before full deployment. Organizations can test the migration on a smaller scale, allowing them to optimize the process. Our experienced IT architects conduct detailed testing, moving selected infrastructure and application components to the Azure cloud, monitoring performance, compliance and security. The pilot phase also allows training for IT teams and end users, ensuring a smooth transition to the new environment. As a result, it minimizes the risk of problems, increases efficiency and ensures readiness for a full migration.
Contact us

Azure

CSP licenses

As a Microsoft Bill Direct provider, we offer the opportunity to purchase Azure licenses at attractive prices through the Cloud Solution Provider (CSP) program. Our offer not only includes access to the necessary licenses, but also the added value of consulting in the form of cost optimization using mechanisms for scaling, booking and changing the billing model. With our consulting, customers can effectively manage their cloud resources, minimizing costs up to 50% and ensuring optimal use of Azure infrastructure.
Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Azure

Environmental assessment

We conduct a thorough inventory of the entire local infrastructure (Microsoft and Linux) on the basis of which, we prepare a report with a valuation of potential cloud costs and a recommendation of an implementation plan.
Contact us