Discover more customer stories
Dillen Bouwteam is a Belgian construction firm whose small staff works with hundreds of external partners. The company uses cloud services, such as Microsoft Office 365, to facilitate its work but needed a secure, easy-to-use authentication method. Dillen Bouwteam chose Windows Azure Active Directory as a foundation for expanding its use of cloud services in a way that keeps data safe and is convenient for employees and partners.
"Convenience is essential to our users. They want to get into their applications and get their work done as quickly as possible. They can do that more easily with Windows Azure Active Directory."
Dillen Bouwteam is a construction firm based in Balen, Belgium, that provides construction services to businesses and homeowners. Dillen Bouwteam has 50 employees in addition to a large number of external partners, such as architects and contractors. Giving all team members an easy way to communicate and share information is critical to the firm’s success.
“We have construction sites across Belgium, and we are always looking for ways to improve collaboration,” says Toon Dillen, IT Manager at Dillen Bouwteam. “The ability to collaborate quickly and easily helps us meet deadlines and avoid mistakes.” To minimize the exchange of paper documents and constant driving to construction sites, Dillen Bouwteam began using Microsoft Office 365, a Microsoft cloud service that combines Microsoft Office applications with enterprise-grade email, conferencing, and document-sharing capabilities. Employees and contractors use Office 365 to store and share documents, have quick instant messaging chats and videoconferences, and send and receive email messages.
The company wanted to move even more applications into the cloud, but it needed a way to ensure security of cloud-based data. “Cloud services are great for productivity but a challenge from an IT perspective,” Dillen says. “Data is no longer sitting on servers behind our firewall, and simple user names and passwords are not sufficient anymore.” Also, on construction sites, one computer is used by many people, so identity management is very important to Dillen Bouwteam. It’s critical that the company be able to assign access rights to specific applications to specific individuals.
Dillen Bouwteam decided to augment its internal Active Directory Domain Services system with Windows Azure Active Directory, a Windows Azure service that provides identity management and access control capabilities for cloud applications. By using Windows Azure Active Directory, all of the company’s on-premises and cloud-based directories would be aligned.
“It was quite easy to get up and running on Windows Azure Active Directory,” Dillen says. “We signed in using our Office 365 credentials and started connecting our on-premises applications to Windows Azure Active Directory.”
All Dillen Bouwteam cloud-based applications are now accessible from one place. Employees sign in to the Access Panel, where they see only the applications that they are authorized to use. From the panel, they can easily connect to other cloud services, such as Office 365 and SkyDrive Pro and hundreds of non-Microsoft “software as a service” applications.
To add an extra layer of security, Dillen Bouwteam uses Windows Azure Multi-Factor Authentication. After logging on to externally available services by using their user name and password, employees and partners confirm their identity by responding to a phone call or text message. Dillen Bouwteam used the PhoneFactor multi-factor authentication product to protect its Remote Desktop Services farm but the product did not extend to Office 365. Microsoft acquired PhoneFactor and integrated it into Windows Azure Active Directory, so now Dillen Bouwteam has multi-factor authentication for its cloud-based workloads, too.
Dillen uses security reports produced by Windows Azure Active Directory to detect anomalies, such as multiple sign-in attempts during a short period of time in multiple time zones, which typically indicates fraud.
Dillen Bouwteam is deploying all new applications in Windows Azure, to reduce IT capital and management costs and simplify application access.
Additionally, Dillen Bouwteam uses Windows Intune for cloud-based management of its PCs—and soon, mobile devices—distributed across sites.
By using Windows Azure Active Directory, Dillen Bouwteam has created a more secure foundation for a bigger push into the cloud so that the company can realize greater efficiencies. Cloud-based data remains safe, and employees have a simple, centralized way to get to all of their applications.
With Windows Azure Active Directory, Dillen Bouwteam has the foundation for moving more services to the cloud without impacting employees’ and partners’ lives. “Once you have the directory structure right, you can then add Windows Azure Multi-Factor Authentication and other Microsoft Online Services,” Dillen says. “We want to move as much to the cloud as possible.”
Moving more applications to the cloud is important to Dillen Bouwteam because of the cost savings and productivity enhancements. The firm reduced its email costs by 80 percent by moving to Office 365, eliminating the need to deploy servers and storage on-premises, and avoiding all the associated software licenses. “Even more important than cost is how much faster we can deploy new applications,” Dillen says. For example, the IT team recently had a request from the business to deploy a new planning tool. It had no servers or storage to spare and would have needed two weeks to order more. However, by deploying this tool in Windows Azure, the IT team was able to deliver it in just four hours.
By using Windows Azure Multi-Factor Authentication, Dillen Bouwteam has an extra layer of safety for its cloud services. “With Windows Azure Multi-Factor Authentication, we have a stronger level of protection for Office 365 as well as our Remote Desktop Services farm, so we have all of our external services well protected,” Dillen says.
Previously, Dillen Bouwteam employees and partners had to change their passwords every two months. By using Windows Azure Multi-Factor Authentication, the IT staff was able to expand the password limit to six months, which reduces inconvenience for users and the amount of time the IT staff spends on password-reset problems. Employees can also use single sign-on access when inside and outside the office.
Additionally, when employees access websites that have organizational rather than individual credentials, the needed credentials are available in the Access Panel along with the applications that the individual is authorized to access. Employees previously spent time tracking down credentials. “Convenience is essential to our users,” Dillen says. “They want to get into their applications and get their work done as quickly as possible. They can do that more easily with Windows Azure Active Directory.”