[Copilot Readiness Case Study] Deployment for a large construction firm

Construction Firm Strengthens Security Before Copilot for Microsoft 365 Rollout

The company partners with Netwoven to evaluate all M365 workload along with security infrastructure to create a baseline for M365 Copilot Deployment

Customer Construction Company CountryUSA
Case Study


The customer has M365 E3 licenses and is deeply entrenched in it in terms of usage and data. Therefore, it becomes imperative to assess the security footprint before rolling out M365 Copilot. The company also uses additional non-Microsoft security products that need to be assessed critically in this context.

The company wanted to ensure that the system and data to be considered for Copilot for Microsoft 365 deployment do not introduce any new or unidentified risk to the organization. It weighed heavily on them to be able to identify all risks associated with such a process and they needed to keep the risks below the accepted internal risk threshold.


Netwoven conducted an in-depth review of the infrastructure, all Microsoft 365 workloads, users, data and its usage, and the existing security tools and practices. The goal was to assess the present status of each one against Microsoft's best practices and provide appropriate recommendations. Netwoven also reviewed past security incidents and established remediation steps. The following is a high-level list of entities that were examined. A detailed review was undertaken at a very granular level within each one of these.

  • Microsoft 365 Tenant Settings
  • Microsoft Entra – Users, Groups and Devices
  • Multi Factor Authentication (MFA)
  • Conditional Access Policy
  • Data Governance
  • Data Security
  • SharePoint Online
  • OneDrive for Business
  • Microsoft Teams
  • Content sharing and permissions review
  • Microsoft Purview Compliance
  • Identification of sensitive sites

Netwoven provided detailed recommendations for each one of the above as a part of the final assessment report.

Some of the recommendation highlights are as follows:

1. Upgrading to Microsoft 365 E5

This was strongly recommended to gain access to a comprehensive suite of features that include all the offerings of E3. Additionally, to take advantage of the enhanced value with scalable business analytics through Power BI Pro, advanced security and compliance capabilities etc. This strengthens the areas of:

  • Information Protection
  • Threat Protection
  • Cloud Access Security Broker
  • Insider Risk Management
2. Microsoft Secure Score

This was recommended to be used more vigorously as one point metric on a continuous basis. Certain settings were suggested to be activated as baseline default and certain settings were advised to be changed e.g., setting up alerts on changes in secure score resulted by high impact actions.

3. Microsoft Entra – Users, Groups and Devices

The important recommendations were

  • Implement Role Based Access Control (RBAC)
  • Leverage Group Based Access Control
  • Utilize Device Management Solution
  • Enable Mobile Device Management (MDM) and Mobile Access Management (MAM)
  • Define Guest User Policies and Access
  • Enable redundant MFA using Entra ID to provide users a backup option in case they forget or lose one of their factors and provides them the convenience of authenticating securely from any device.
4. Implementing data protection and compliance using Microsoft Purview

By utilizing pre-built assessments for relevant regulations, this identifies data protection risks and suggests improvement actions. With Sensitivity labels, the customer can classify and protect critical information, ensuring it is only accessed by authorized personnel. Data Loss Prevention (DLP) empowers the customer to set up safeguards that prevents sensitive data from unintentionally exiting the company network. Additionally, insider risk management features within Purview help identify and mitigate potential security threats posed by malicious or careless employee activity.

Likewise, detailed recommendations were made for each relevant entity to strengthen the security readiness for deployment of M365 Copilot. This was important because Copilot will extract data from the documents, presentations, spreadsheets, emails, calendars, chats, meetings, contacts, and other files through Microsoft Graph. The content can reside in any repository like Microsoft 365, ServiceNow, Box.com, Azure File Share etc. that has been integrated with the Graph data. The most important aspect would be the resilience of the secured searches. Therefore, it was imperative to examine the organization’s security maturity, with a strong focus on identity and access management. This ensures that the foundation of security controls are in place before Copilot deployment and helps identify and address potential risks and gaps in infrastructure, data, and security.


This assessment helped the organization with a 360-degree view of its present security posture. It gave them a clear roadmap for a smooth deployment of M365 Copilot. The major business benefits were:

  • Appropriate technology solution optimizing on existing investment
  • Implementation recommendations for a more secure business operation
  • Secure foundation to attain improved employee productivity with proposed M365 copilot deployment
About Construction CompanyThis is a civil construction company building critical infrastructure and landmark projects. It constructs a wide range of infrastructure, from roads, bridges, and railways to airports, dams, industrial facilities, water systems, and underground projects, managing both standard and highly complex, large-scale operations. The company has an unparalleled reputation in innovative solutions, design-build and public-private partnership experience and expertise. It has more than 3,000 employees working across the United States and Canada. The company wanted to take advantage of M365 Copilot and was aware that a security assessment was needed before deployment. It engaged Netwoven to undertake a thorough review of all M365 workloads from a security standpoint and wanted an actionable assessment report towards developing a secure roadmap for Microsoft 365 Copilot deployment.
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Unravel The Complex
Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex