Winslow Constructors is one of Australia’s largest civil construction contractors, with more than 1,500 employees delivering major roads, bridges, and infrastructure projects across the country. With teams spread across construction sites, regional depots, and corporate offices, Winslow depends on a secure, manageable end-user computing estate to keep its workforce connected, productive, and protected against modern cyber threats.
Winslow Constructors faced a familiar mid-market challenge — a security estate that had grown organically across multiple vendors, with overlapping capability, fragmented management consoles, and visibility gaps that were difficult to defend. Endpoint management was split across legacy MDM tooling and unmanaged devices, slowing both onboarding and patching cycles and making compliance hard to evidence.
Security tooling spanned a stack of third-party products with limited integration, including Proofpoint for email and disparate point tools for endpoint protection. Much of this capability overlapped with the existing Microsoft 365 entitlement, meaning Winslow was paying twice for similar protection. There was also no 24×7 detection capability — alerts were triaged only in business hours, leaving overnight and weekend windows uncovered.
On the identity side, the environment relied on a hybrid Active Directory model with inconsistent MFA coverage and limited Conditional Access enforcement, leaving privileged access exposed across a large, geographically distributed workforce.
Oreta designed a Microsoft-first uplift covering endpoint, identity, email, and security operations, with the goal of consolidating onto Microsoft 365 capability already paid for and retiring overlapping third-party tooling. The endpoint estate was migrated onto Microsoft Intune, with Autopilot enrolment, compliance baselines, and modern application control standardised across the fleet.
Microsoft Sentinel was deployed as the managed SIEM and operated by Oreta’s 24×7 SOC service, with incident-response playbooks and detection rules tuned to Winslow’s risk profile. Defender XDR was rolled out across endpoint, identity, email, and cloud apps to give Winslow a single unified threat-correlation surface, replacing several disconnected third-party consoles.
Identity was uplifted with an Entra ID Conditional Access baseline, phishing-resistant MFA, and privileged identity controls. Overlapping third-party tools were decommissioned, with the security stack aligned to a single Microsoft 365 E5 entitlement.
We empower businesses to thrive by delivering tailored cloud, security, network, and telco solutions. Through advisory, delivery, and managed services, we partner with our customers to innovate, connect, and achieve lasting impact.
Level 7, Tower 2
727 Collins Street
Melbourne, VIC 3000
The Offices 5, Level 3,
Office 303,
One Central Dubai
World Trade Centre
Dubai, United Arab Emirates
