Project Information
Country
India
Industry
Healthcare
Organization Size
1000+ Employees
Solution Area
Data
Products & Services
• Microsoft Sentinel
• Azure Monitor Agent
About Company
NPB Consultant Pvt Ltd is a mid-sized healthcare technology and services organization operating in a hybrid IT environment. The organization runs critical healthcare systems on-premises while using Microsoft 365 in a separate tenant. Microsoft Azure serves as the central platform for security monitoring and management across these environments.
The organization operates across on-premises infrastructure, Azure resources, and Microsoft 365 workloads, with centralized security oversight and consistent access management across all systems.
Challenge
With systems spread across multiple platforms and tenants, managing security became increasingly complex. Key challenges included:
- Fragmented security visibility
Security logs were generated across on-premises servers, Azure resources, and Microsoft 365 workloads. With data spread across platforms, correlating events and investigating incidents required more time and effort. - No centralized security monitoring system
The organization did not have a single SIEM platform to bring together logs and alerts from all environments, which limited consistent threat detection and response - Cross-tenant monitoring limitations
Microsoft 365 workloads operated in a separate tenant, and activity logs were not easily visible within the Azure environment used for security operations. - Identity and access challenges
Users relied on separate credentials for on-premises systems and Azure access. Single Sign-On was not available, increasing administrative effort and creating friction for users. - Security and compliance requirements
The organization required centralized monitoring, role-based access, auditable incident handling, and secure access to Azure resources without exposing systems to the public internet.
Solution
We designed and implemented a centralized security and identity architecture using Microsoft Sentinel on Azure. The solution focused on consolidating security data, improving threat visibility, and simplifying identity management while maintaining governance controls. Key elements of the solution included:
- Centralized security monitoring
Microsoft Sentinel was deployed as the primary SIEM platform, bringing together security data from on-premises systems, Azure resources, and Microsoft 365 workloads. - On-premises log integration
Security and system logs from on-premises servers were ingested into Sentinel using Azure Monitor Agent, providing near real-time visibility. - Cross-tenant Microsoft 365 monitoring
Microsoft 365 activity logs were integrated using the Office 365 Management Activity API, giving visibility into user and service activity without tenant consolidation. - Simplified identity and access
On-premises Active Directory was integrated with Microsoft Entra ID, so users could access Azure using existing domain credentials through Single Sign-On. - Improved alert quality
Security alerts were reviewed and tuned to reduce noise, helping teams focus on relevant and actionable incidents. - Centralized incident management
Standardized workflows were configured to support investigation, response, and audit requirements.
Impact
The Microsoft Sentinel implementation delivered clear improvements across security operations:
- Unified security visibility
Security teams gained a single view of activity across on-premises systems, Azure resources, and Microsoft 365 workloads. - Secure cross-tenant monitoring
Microsoft 365 logs were monitored centrally without merging tenants or increasing administrative complexity. - Simplified access through Single Sign-On
Users accessed Azure using existing domain credentials, reducing credential sprawl and improving user experience. - Faster detection and response
Improved alert quality and centralized incident management helped security teams respond to threats more efficiently. - Improved audit and compliance readiness
Centralized logging and auditable incident workflows supported governance and compliance requirements.
- Unified security visibility
Conclusion
By implementing Microsoft Sentinel on Azure, NPB Consultant Pvt Ltd moved from fragmented security monitoring to a centralized and scalable security operations model. The solution improved visibility across hybrid and multi-tenant environments, simplified identity access through Single Sign-On, and created a strong foundation for consistent threat detection and response aligned with Microsoft security best practices.