How Stability Networks reduced Microsoft 365 tenant hardening time by more than 85%

Stability Networks has been in the Microsoft 365 game for 12 years now. During that time, they’ve navigated major platform changes, from the evolution of Conditional Access to the adoption of CIS as a security standard.

But as the company grew to 200+ tenants, it became increasingly clear that their manual Microsoft 365 management processes were holding them back.

To be fair, their manual processes were pretty impressive. The team had built an extensive library of SOPs — almost 100 of which were dedicated to tenant hardening. They also had a tried and true workflow for executing them: One person to follow the process, another to review their setup.

It worked. But it was time-consuming. Fully hardening a tenant could take as long as 14 hours, which ate up all of their onboarding budget. At that pace, the team was only able to harden two to four tenants each month. If the sales team had a good quarter, techs had to decide which environments to prioritize first. And then there was the process of monitoring drift. Stability Networks had the best intentions to audit tenants on a semi-annual basis. That made sense on paper. In reality, not so much. Instead, the team prioritized reviews based on risk, focusing on clients in vulnerable industries, like finance and healthcare, and the controls that actually mattered.

During their Microsoft 365 tenure, the team had demoed dozens of solutions to help simplify tenant hardening and auditing. They considered inforcer, desktop automation tools, and platforms that required them to maintain and clone a “gold standard” tenant across environments.

During their Microsoft 365 tenure, the team had demoed dozens of solutions to help simplify tenant hardening and auditing. They considered inforcer, desktop automation tools, and platforms that required them to maintain and clone a “gold standard” tenant across environments.

After evaluating so many platforms, the team realized one of the most important qualities of any solution was usability. Whatever they implemented had to make life easier for every tech, regardless of experience, and integrate cleanly with the rest of their stack.

inforcer was user-friendly enough for junior engineers to tackle more complex Microsoft 365 projects with confidence. It also played nice with the rest of their stack.

As an added bonus, inforcer’s built-in baselines helped the team easily align environments to frameworks like CIS without building every configuration themselves.

With inforcer, those 14-hour tenant hardening and auditing projects now take barely two hours. Some can be turned around in an hour and a half. That’s a time savings of more than 85%.

What used to require the time and headspace of two engineers can now be knocked out by one person. And that person doesn’t need to be a Microsoft 365 expert.

“Before, we relied on a niche group of engineers with deep knowledge of Microsoft 365,” said Joshua. “Now we have Tier 1 engineers follow a defined process using known good configurations and get the same result.”

Since bringing on inforcer, if the sales team has a good month, that’s no longer a problem for Joshua, Chad, and their teams.

Instead of struggling to get through two to four deployments each month, they can handle several times that, without adding additional resources.

“If we bring on 10 new clients in a week, it’s no longer overwhelming. Deployments only take a few hours, and we can run several at once,” said Chad.

The labor hours once tied up in manual tenant hardening and auditing are now largely automated, helping Stability Networks roughly double onboarding profitability.

If you listen to their podcast, Why IT Matters, you’ll hear plenty of great tips for building and running a successful MSP, including embracing tools like inforcer.