From Governance Risk to Confident Modernization: Kaiser Family Foundation

Company Overview

Kaiser Family Foundation (KFF) is a nationally recognized nonprofit focused on health policy research, data analysis, and journalism. Headquartered in San Francisco with offices in Washington, D.C., KFF informs policymakers, media organizations, and public stakeholders nationwide.

KFF teams use Microsoft 365, SharePoint, and a hybrid identity environment to collaborate securely across departments. As expectations for modernization increased, KFF's leadership needed clarity — not complexity — about how to evolve its Microsoft environment to ensure responsible business outcomes.

Business Challenges

KFF's leadership team faced three intersecting pressures.

1. Responsible Adoption of AI

Internal interest in Microsoft Copilot was growing, but deployment required more than simply turning on the license. The IT team needed to answer critical questions:

• Is our data governance ready?

• Are SharePoint permissions structured correctly?

• Are security groups aligned to business roles?

• Do we have sufficient monitoring to support AI access to enterprise data?

Rolling out Copilot without guardrails risked exposing sensitive information, weakening user trust, and creating compliance concerns.

2. Limited Security Visibility

KFF relied on an on-premises logging solution with limited centralized visibility. When unusual login activity occurred — including a suspicious overseas sign-in attempt to an executive account — there was no efficient way to correlate logs or trigger proactive alerts.

3. Unnecessary Cost and Operational Friction

KFF maintained a third-party board portal at an annual cost of approximately $30,000. The platform was rarely accessed, required external developers for updates, and limited internal flexibility. The organization was paying for unnecessary complexity.

Solutions Implemented

CelesteTek approached the engagement as a strategic advisor first, implementer second — operating under the belief that small and mid-sized organizations should have access to Microsoft-level modernization expertise, without the burden of enterprise-scale overhead.

Phase 1: Governance Before Acceleration

Before activating Copilot, KFF strengthened its foundation. CelesteTek guided the team through:

• Security group cleanup and documentation

• Transitioning from direct SharePoint user assignments to group-based access

• Aligning identity controls to business roles

• Evaluating licensing requirements, including Purview and DLP implications

• Reviewing hybrid identity synchronization practices

KFF gained a structured identity model that reduced long-term management burden and supported future policy enforcement.

Phase 2: Centralized Monitoring and Proactive Security

To improve visibility, CelesteTek implemented:

• Log ingestion into Microsoft Sentinel for centralized security monitoring

• Centralized sign-in monitoring across Entra ID

• Alerting for anomalous login behavior

• Playbooks to automate response actions when needed

Instead of discovering suspicious activity after the fact, KFF gained proactive awareness. Security became measurable and manageable.

Phase 3: Simplified, Cost-Effective Board Portal

CelesteTek replaced the third-party board portal with a SharePoint-based solution, focusing on sustainability:

• Used out-of-the-box functionality where possible

• Avoided unnecessary automation layers

• Structured trustee access through security groups

• Enabled internal IT to manage content without relying on developers

The final solution balanced capability with long-term manageability.

Results Achieved

Stronger Governance and Identity Control

| Before | After |

|--------|-------|

| Inconsistent security groups | Documented, rationalized security groups |

| Direct SharePoint user assignments | Group-based access aligned to business roles |

| Manual onboarding and offboarding | Streamlined trustee onboarding and removal |

| Fragmented identity governance | Improved endpoint rollout alignment |

| Limited monitoring visibility | Cleaner group structures supporting Copilot readiness |

Improved Security Visibility

• Centralized monitoring through Microsoft Sentinel

• Configurable alerts for anomalous login activity

• Foundation for automated response workflows

• Security posture advanced from reactive to proactive

Cost Optimization

• Eliminated approximately $30,000 in annual expenses by replacing the third-party portal

• Restored internal control over content and branding

• Reduced reliance on external developers

Faster Decision-Making

Rather than spending one to two weeks researching licensing or architecture questions internally, KFF's IT team could obtain expert guidance within hours — translating directly into lower internal labor costs, faster technology decisions, and reduced risk of misaligned investments.

Strategic Outcome

What began as a Copilot readiness discussion evolved into a broader modernization path spanning governance restructuring, security visibility improvement, SharePoint architecture simplification, and early-stage Azure migration planning.

Over more than two years, the relationship expanded from advisory support to an implementation partnership. KFF now operates with clear governance guardrails, centralized security visibility, lower operational overhead, and a practical, staged modernization roadmap.

"CelesteTek has been instrumental in helping us modernize our IT environment. From Exchange security to Microsoft Sentinel, their expertise reduces operational overhead and gives our team the confidence to adopt new technologies effectively." — Philip Pedro, Director of IT, Kaiser Family Foundation