The Queensland Department of Education (QDoE) provides education services to more than 580,000 students across 1,258 schools in the state. It also employs more than 78,000 people in teaching and corporate roles.
QDoE has a well-established reputation for its zero-tolerance approach to child safety. It prioritises protecting students and staff by securing the information and systems that underpin their modern learning technologies. However, the COVID-19 pandemic significantly changed the department’s cybersecurity threat landscape, as many more students and staff members switched to learning and working from home.
“We’ve had to adapt accordingly,” says Chris Whiting, Cyber Defence Manager at QDoE. “We brought on a lot of Microsoft Azure services to support the students and the staff using Microsoft Office 365, and moved our authentication mechanisms around in that space as well, to accommodate that ever-changing platform.”
As the school year was coming to an end in late 2021, so too was QDoE’s endpoint security contract. The department had been with the same provider for 15 years and began looking for an alternative solution that offered better endpoint protection for its 257,000 shared devices and 14,000 servers across the state.
“After evaluating our managed service provider, we worked out that we could actually do it ourselves using Azure and the Microsoft Defender suite,” says Whiting.
A speedy deployment
Having already invested in Microsoft 365 Education A5 Security, QDoE was able to easily integrate Microsoft Defender for Endpoint across its devices and critical infrastructure.
QDoE leveraged its internal expertise and support from a Microsoft partner to configure its security policies for Defender for Endpoint and conduct a pilot across some of its schools.
Traditionally, QDoE has avoided undertaking major information and communications technology projects that could disrupt its systems and processes at the start of the school year, and potentially impact student learning. However, the department successfully deployed Defender for Endpoint in just six weeks between January and February 2022, with zero downtime and no impact to end users.
“To execute an accelerated migration at scale, establishing a well-defined schedule was crucial,” says Cara Fitzgerald, Director of Information Security Services at QDoE.
“Without our very defined and well-practised deployment schedule – and we really tried to deviate as little as possible from that schedule – achieving such a quick rollout would have been unlikely. We knew how many days we needed in between each group [of endpoints] and how long each group should take.
Daily stand-up meetings throughout the entire project that spanned technical and leadership levels of QDoE, and included Microsoft and our Microsoft partner representatives, were also a key element of our success.
Rich insights help shape cybersecurity strategy
Among the benefits QDoE has gained from deploying Defender for Endpoint is a higher level of cybersecurity intelligence.
“Microsoft’s Defender for Endpoint offers in-built protection for our operating systems and increases our visibility through telemetry reporting,” says Chris Fowler, Platform Development Manager at QDoE. “This allows for quicker identification of threats and trends, as well as mitigation.”
Whiting agrees, saying: “The amount of information we are receiving on threat and incident management is extremely rich. It’s an extensive expansion of our security information and event management [SIEM] and the intelligence we were getting from our previous standalone antivirus information.
“Unfortunately, we are a small team in the cybersecurity space, so eyes on glass is always an issue.
But having the information flow into our SIEM makes the job a lot easier, which means one less pane of glass.
Whiting adds the “invaluable” insights that Defender for Endpoint provides will also help QDoE leverage Azure to implement a Zero Trust cybersecurity model.
“We are looking at leveraging that in the very near future so we can maintain our end-user experience and consistently make applications available [to students and staff] as we move to Zero Trust over the next five to 10 years,” he says.