The Client

The Client

As a trusted organisation, Active Gloucestershire coordinates we can move. Inspiring people to unite behind a common vision to increase physical activity. Connecting individuals and organisations to build strong collaborative partnerships. Enabling the growth and impact of we can move, through providing a range of resources, training and support.

‘We believe that physical activity can have a transformative impact on the lives of people and their communities. It is the single biggest thing that can be done to improve a person’s health.’
We are part of a national network of Active Partnerships operating across England. At our essence, we are about driving positive change.’

AG were looking for someone to provide day-to-day support, proactive monitoring of systems and account management, as well recommendations to enhance security provisions and decommission their on-site server.

The Background

The Background

AG were looking for someone to provide day-to-day support, proactive monitoring of systems and account management, as well recommendations to enhance security provisions and decommission their on-site server.

The Solution

The Solution

Server Decommission & MS Intune (Endpoint Manager)

At the time of onboarding, AG’s server was no longer hosting any central applications, only acting as a Domain Controller (managing user logins), DHCP and File/Print services. With a view of reducing monthly support and backup/continuity costs, the decision was made to decommission the on-site server, migrating data to the cloud, moving users onto Azure AD and machines into Microsoft Intune for central management. To achieve this, all users were upgraded to M365 Business Premium licensing, which includes Azure AD Plan 1 and Microsoft Intune.

Security hardening was undertaken in-line with AG’s M365 Secure Score, enforcing MFA company-wide, utilising conditional access to recognise the office’s IP to avoid prompts, as well as blocking legacy authentication through to self-service password resets. Intune is now used to centrally manage the machines, with GPO functions replicated into Intune.

With both emails and data residing in the cloud, Datto SaaS Protection was introduced to
provide a 3x daily backup of all data with 1yr cloud retention, providing long term data recovery.

Following this project, AG lowered their monthly recurring costs by nearly £200 PCM (server, anti-virus and backup/continuity costs) and users no longer need to dial in by VPN to access their files/folders. Furthermore, by improving the security provisions as recommended within their Secure Score, this has helped them reduce their on-going cyber insurance costs, whilst most importantly, given them peace of mind they’re adhering to the best practices set out by Microsoft.

Managed IT & Cyber Security Services

CSG proactively monitor and manage AG’s IT environment as part of the fully outsourced IT provision; with Sophos cyber security services deployed at inception of the agreement – Intercept X Advanced (Endpoint), Device Encryption and Email Filtering – giving AG next-gen protection against the latest ransomware threats.

Proactive monitoring was enabled via CSG’s Datto Remote Monitoring & Management (RMM) agent, which also provides our engineers with access directly onto the end-users machine for fault investigation and correction.

AG’s Account Manager meets with AG IT lead every quarter to review the service delivery, any trends within the tickets as well as any changes within both sides of the partnership. Furthermore, a review of all devices and licenses in use is undertaken to ensure these are correct and AG are not paying for licensing that is no longer in use. This meet also provides an opportunity to chat through any newly available technology that may be bring benefit to how AG’s wider team operates.

Cyber Essentials Plus Accreditation

AG take a proactive approach to cyber security and one of the requirements of their tender process was that we pushed the company through Cyber Essentials by an agreed deadline date (which was met).

CSG already possess Cyber Essentials Plus accreditation and have put various other clients through both CE and CE+ accreditation; managing the process in full, taking this burden away from the client.

AG systems were documented within our version controller IT knowledge base and our proactive management tools allowed us to easily confirm the information requested within the self-assessment framework, and as we had already completed security hardening as part of the M365 Intune project completed previously, it was plain sailing for AG and the CE accreditation was easily achieved.

With CE in place, Cyber Essentials Plus was the next piece of framework and we worked with our IASME assessor to carry out required checks against AG’s IT environment, carrying out all required remedial work as appropriate and then liaising with the assessor to undertake the follow-up checks and helping AG achieve CE+ accreditation.

Cyber Essentials is a great standard to work towards and CSG have noticed increasing demand for the CE accreditation from both our clients and suppliers to improve cyber resilience, helping them secure new contract wins and/or funding.

Microsoft Teams Voice

CSG hosted a Teams Voice webinar earlier in the year of which multiple members of the AG team attended as this technology was on their radar to replace their existing solution, Gamma Horizon, as it did not have Multifactor Authentication (MFA) available and was going to become problematic for their upcoming Cyber Essentials renewal.

AG were happy with the demonstration provided by CSG and decided this was the right route for them as an organisation and CSG were tasked with scoping and deploying this solution for them. As a non-profit, AG qualified for NFP licensing from Microsoft for the Phone Standard license and CSG utilised Gamma’s Operator Connect service (calls break out via Gamma’s telephony network rather than Microsoft’s) to introduce further disaster recovery planning, as well as reducing costs in comparison to Microsoft’s Calling Plans.

AG’s Account Manager met with the AG operations team to introduce the platform and scope out the requirements – automated service, hunt groups, office hours etc. using our in-built Teams Voice Build documentation (which continuously evolves as the technology changes) and the Teams Voice solution was built parallel to the Horizon systemNew headsets were provided to AG and a date was firmed up for the number port, which would be the go-live
date of the new system.

Given Teams Voice is a cloud-based platform, all preparation and go-live work was
completed remotely, with one of our dedicated project engineers managing the transition in full, talking AG through the entire process and providing end-user training as part of the go-live.

The transition went smoothly and since moving to the new platform, CSG have not had any tickets raised with the Helpdesk for any faults or follow-up queries which is not uncommon for us given most clients now natively use Teams for day-to-day operations as everything is so familiar.

No other supplier considered the value in improving the broadband service in the office which CSG provided which has made a huge difference.

Mobile Device Management

AG employees use mobile devices to access both emails and data held in the cloud and therefore, it was proactively recommended a Mobile Device Management and Mobile Application Management solution was deployed to improve their cyber security posture.

As AG were already working from Business Premium licensing, Microsoft Intune was already being paid for and therefore, it made sense to control mobile devices and applications via this existing platform, rather than introducing further vendors and their associated costs.

Due to employees using personal mobile devices, the decision was made to utilise the Company Portal application, meaning AG were only controlling AG data held within this application, rather than having full control over the phone itself, which doesn’t suit a BYOD environment.

Appropriate policies were configured within Intune for both Apple and Android devices, with conditional access policies configured to ensure only supported versions of these devices are running, mobile PINs were enforced and rooted/jailbroken phones could not access corporate data. In the event of a phone being lost/stolen, CSG can immediately revoke access from the device to protect corporate data, with this MDM solution aligning them to the latest Cyber Essentials requirements.

The Testimonial

The Testimonial

Since we started working with CSG, my colleagues have all commented on how positive their experience has been when dealing with IT issues. CSG truly focus on supporting us to be more efficient and creating great value for money. As a result, our security and the user experience of our systems and tools have improved considerably.

With the proactive approach taken by CSG and the close relationships we have developed, IT and cyber security is now something I don’t have sleepless nights over. I know they are constantly thinking three-steps ahead, highlighting potential security issues and sharing new and innovative opportunities.

Alan Inman-Ward, Director of Insights and Operations