Enhancing Access Control, Device Authentication, and Email Security for External Use of Microsoft 365 with HENNGE One
Kawaijuku Group, which develops various educational businesses and services and continues to work on new areas beyond cram schools and preparatory schools. In 2021, the company adopted Microsoft 365, and due to the need to strengthen access control and authentication from outside the company, the company adopted HENNGE One. At the same time, they have improved the convenience and security of email operations, such as eliminating PPAP, creating a mechanism for sending and receiving large files, and preventing email misdirection.
This time, we interviewed Ms. Mika Ito, Manager of the Strategic Planning Department’s Management Strategy Promotion Office, who promoted the introduction project, Mr. Tomoki Matsuhira, Research Officer of the same department, Mr. Shinichi Inoue, General Chief of the IT Strategy Promotion Department of the Education Research and Development Department, and Mr. Masami Ito of the same department.
Consideration for External Access Control and Email Security Enhancement for Microsoft 365
— Could you please give us an overview of your company’s business?
Kawaijuku Group, since its establishment in 1933, has been developing various educational businesses and services under the school motto of “Seek for thyself,” with the aim of “Supporting people who continually aspire to learn,” providing new educational value to society, and fostering next-generation talent who will pioneer the future. In recent years, the company has been expanding its educational services into new areas, not only in its core business of cram schools and preparatory schools, but also by targeting a wider range of educational needs and markets, expanding the target age range, and looking to expand its business overseas. In the future, the Group intends to contribute to solving various social issues in Japan and overseas through the power of education, while bringing together the know-how and assets that it has cultivated within the Group. (Ms. Mika Ito)
— What were the circumstances that led you to consider implementing HENNGE One?
In the past, our company used a combination of various tools, including email, web conferencing, chat tools, and file servers. However, in 2021, we decided to migrate to Microsoft 365 in order to strengthen group synergy, reduce costs, and improve efficiency. On the other hand, since the standard functions of Microsoft 365 can be used not only from the company’s intranet environment but also from the external Internet environment, it was necessary to take some measures to prevent information leakage. Specifically, we were looking for a mechanism to allow external connections only from some approved employees and terminals, and to restrict access from other environments. (Mr. Shinichi Inoue)
— What were you aiming for in email operations at that time?
Prevention of email misdelivery and elimination of PPAP, which is sending an encrypted password-protected zip file by email and then sending the password for decompression in a separate email. Also, when sending large files, each employee was using a different external service, so we were looking for a common secure system. (Mr. Shinichi Inoue)
— Please tell us why you chose HENNGE One.
We compared HENNGE One and Microsoft Intune in terms of both cost and functionality. We evaluated that HENNGE One could realize IdP and various email security functions in one package while suppressing costs, and decided to adopt it. The fact that our group company was already using it also gave us a sense of security. (Mr. Masami Ito)
Achieve enhanced email security and convenience in addition to access control and device authentication
— About two years have passed since the deployment. Please tell us about the results so far by each HENNGE One feature.
HENNGE Access Control (IdP)
We are now able to control external access using the global IP address associated with the Kawaijuku proxy server. For IDs, based on personnel information, we create, suspend, and delete Active Directory domain accounts and create, discontinue, and change members of domain groups via the access control server, and assign licenses to Microsoft Entra ID.
HENNGE Device Certificate (Device Certificate Option)
To improve work-life balance, Kawaijuku Group is implementing device authentication on company-issued smartphones and PCs, as well as personal smartphones, for approved employees. (Mr. Masami Ito)
HENNGE Email DLP (Misdirected email prevention / de-PPAP)
As a measure against misdirected emails, we have adopted a system that holds emails for 5 minutes after the sending operation, and this has been widely accepted by many users. If we notice a typo after the operation, we can correct it, which gives us a sense of security. Regarding de-PPAP, attached files are automatically converted to URLs, eliminating the need for manual zip encryption, separate password transmission, and other troublesome tasks, leading to reduced workload. (Ms. Mika Ito)
HENNGE Secure Transfer (Large File Transfer Tool)
Before the introduction of this tool, our employees were free to choose and use external cloud storage services for sending large files. Since our company handles a lot of personal information due to the nature of our business, this needed to be corrected. By standardizing on Secure Transfer, users are no longer confused about how to send files, and the management side can now grasp file transfer logs, and some necessary information. That has ensured a certain level of governance. (Mr. Shinichi Inoue)
Secure Transfer not only allows us to replace files after sending them, but it is also effective when sending files during web conferences using such as Teams. Even in cases where we cannot share files directly with guests invited to a web conference from outside the company, we can create a link to the file with Secure Transfer, and send the URL via chat to securely transfer files. (Mr. Tomoki Matsuhira)
HENNGE Email Archive
This function is mainly used when investigating the sending/receiving logs or the content of emails of retired employees. Compared to the archive function of Microsoft 365, the user interface is well-designed and intuitive to use, so the searchability is high and it is very useful. (Mr. Masami Ito)
Satisfied with the functions and operability.
Expect earlier notifications for feature updates and further improvements in usability.
— Please tell us your overall evaluation of HENNGE One and your expectations for our company.
We are getting the expected results from the introduction of HENNGE One. We are especially satisfied with the fact that we can use highly secure functions without being aware of them. We are looking forward to future function updates, which is a benefit of cloud services, but we would appreciate it if you could notify us in advance earlier when there are major updates. This is because the impact is large, including internal announcements, manual changes, and system responses. (Mr. Shinichi Inoue)
I am satisfied with the ease of use of HENNGE One for daily work. However, the initial certificate installation process varies depending on the device, and some users with lower IT literacy find it a bit difficult. I look forward to further improvements in usability in the future. (Ms. Mika Ito)