Security reimagined: Theben relies on Microsoft 365

Theben AG – Security reimagined: Theben relies on Microsoft 365.

Theben has been making buildings smart for over 100 years. In Haigerloch and around the world, around 750 employees develop solutions that efficiently control lighting, climate, and energy. Bechtle secured the digital working environment behind this at Theben with the right security concept. After all, how do you bring identities, end devices, and cloud workloads under one roof – transparently, robustly, and scalably? The answer: Microsoft 365 E5 Security as a platform for everything. This enables Theben to protect identities, manage endpoints centrally, and proactively detect threats. Windows 11, Intune, Autopilot, Defender – everything works together. The result? An IT system that embodies zero trust and is ideally positioned for the future.

Project details.

Services

Security
Modern Workplace
Cloud

Industry

Manufacturing

Company size

250 – 1,500 employees

Challenge.

Theben wanted to rethink its entire IT security. The task? Identify vulnerabilities and transfer the security landscape to Microsoft's own tools. Everything had to come together here. The goal? An architecture that creates transparency, streamlines processes and consistently implements the zero trust approach. This included a role-based identity and access model, a uniform workplace strategy for Windows 11 and centralised device management via Intune and Autopilot. Threat detection and cloud security were also a focus: Defender solutions were to detect attacks early and secure workloads automatically. At the same time, the solution had to be scalable worldwide and fit seamlessly into the daily work routine of employees – without detours or media breaks.

With Microsoft 365 E5 Security, we have brought together threat detection, identity management and data control on a single platform, creating a security architecture that is both robust and flexible enough to respond to future challenges.

Stefan Knipp, Director IT, Theben AG

Solution.

Together with Bechtle, Theben opted for a clear, multi-stage roadmap. Technically sound, organisationally well thought-out and with a view to its globally active employees. First, identity and access management were revised: a new model for access rights in Active Directory was created, combined with time-limited admin rights in the cloud. Intelligent rules for access were then set up – depending on the device, location and risk. At the same time, Bechtle rolled out the new client strategy: Windows 11 devices can now be set up via Autopilot, automatically managed via Intune and provided with the appropriate security policies from the first start.

The next step was to protect the systems. Since then, Defender has been monitoring all end devices, servers and the Active Directory of Theben AG. By expanding the Microsoft Azure platform Azure Arc, Bechtle also integrated the physical and virtual systems into the system. Everything now runs together in a central portal – transparent, controllable and visible at all times. This was made possible by strategic Enterprise Agreement (EA) negotiations as a starting point, structured project planning with clear approvals and close cooperation between Theben and Bechtle. The integrated rollout of security, identity and endpoint brought the individual components together to create a uniform, future-proof overall picture.

Business benefits.

Uniform platform: combines all security and management functions centrally in Microsoft 365.
Modern Workplace: brings Windows 11 devices into your organisation via Autopilot and manages them automatically via Intune.
Clear access structures: regulate rights transparently and flexibly with a role-based model.
Centralised management: bundles notifications and policies in the Defender portal, providing a clear overview.
An attractive licensing model: reduces costs and bundles services through the Enterprise Agreement.
Proactive security: detects attacks early and stops them automatically.
A scalable concept: secures local systems and global cloud workloads alike.
Secure know-how: is maintained through training within the Theben team and strengthens independence.
Zero Trust consistently: protects identities, end devices and applications.