Co-Managed IT Partnership for Internal Team

Engagement Overview

Cybernerds was engaged to establish a co-managed IT partnership with a mid-sized manufacturing company that had a two-person internal IT team. The engagement began with IRIS to assess the current environment and define a clear responsibility split, then transitioned into an ongoing co-managed services arrangement where Cybernerds handles cloud infrastructure, endpoint management, and security while the internal team maintains helpdesk and on-premises operations.

Initial State

The organization had a capable internal IT team handling day-to-day operations but was struggling to keep up with security and cloud management responsibilities. Key observations during IRIS included:

• ✓Two-person IT team covering helpdesk, server maintenance, and network operations for 180 users
• ✓Microsoft 365 and Intune licensed but minimally configured — most cloud features unused
• ✓No dedicated security expertise — antivirus deployed but not centrally managed
• ✓Patching inconsistent — IT team unable to maintain a regular cadence while handling tickets
• ✓Azure AD Connect configured but not maintained — sync errors accumulating
• ✓No documentation for cloud configuration or security policies

Key Challenges

• ✓Capacity: Internal team at full capacity with helpdesk and operations — no bandwidth for strategic IT work
• ✓Expertise: Team experienced with on-premises infrastructure but lacked cloud and security specialization
• ✓Scope Clarity: No defined boundary between internal team responsibilities and areas needing external support
• ✓Patching: Inconsistent OS and application patching creating security exposure
• ✓Visibility: No centralized reporting on security posture or endpoint compliance
• ✓Trust: Internal team concerned about losing autonomy or being replaced by an external provider

Solution Design — Co-Managed Framework

• ✓Responsibility Matrix: Documented RACI matrix defining ownership — Cybernerds owns cloud/security, internal team owns helpdesk/on-prem
• ✓Intune Management: Cybernerds manages device configuration, compliance policies, and application deployment
• ✓Security Operations: Cybernerds manages Defender deployment, monitoring, and incident response
• ✓Patch Management: Cybernerds configures and monitors Windows Update for Business and third-party patching
• ✓Identity: Cybernerds manages Entra ID, Conditional Access, and Azure AD Connect health
• ✓Communication: Shared Teams channel with weekly sync and monthly review cadence
• ✓Escalation: Defined escalation path — internal team first contact, Cybernerds for cloud/security issues

Implementation — Transition to Co-Managed

The transition from project-based remediation to ongoing co-managed services occurred over a four-week period with parallel operation to ensure continuity.

• ✓Completed IRIS assessment and delivered prioritized remediation roadmap
• ✓Executed initial remediation — Intune baseline deployment, Defender rollout, Conditional Access enablement
• ✓Resolved Azure AD Connect sync errors and configured health monitoring
• ✓Deployed Windows Update for Business with phased deployment rings
• ✓Created Intune application packages for standard software catalog
• ✓Built shared documentation repository with current configuration and runbooks
• ✓Established shared Teams channel and recurring meeting cadence
• ✓Conducted knowledge-sharing sessions to upskill internal team on Intune and Entra ID basics

Ongoing Operations

• ✓Monthly patch compliance review and remediation
• ✓Quarterly security posture assessment with recommendations
• ✓Defender alert monitoring and incident response
• ✓Intune policy updates and new device onboarding support
• ✓Entra ID and Conditional Access policy management
• ✓Ad hoc cloud infrastructure support and consultation
• ✓Monthly executive summary report for IT director

Outcome

• ✓Clear responsibility split allowing internal team to focus on what they do best
• ✓Cloud and security operations managed by specialists without replacing the internal team
• ✓Patch compliance improved from inconsistent to 95%+ within SLA
• ✓Defender for Endpoint deployed and monitored across all devices
• ✓Conditional Access enforcing MFA and device compliance for all users
• ✓Internal team gaining cloud skills through collaborative working model
• ✓IT director receiving monthly visibility into security posture and compliance status