BSI-Compliant Endpoint Hardening, SIEM Deployment and Container Security for a Security Authority

Background

A security authority in the public sector needed to bring its Microsoft-based IT infrastructure up to a consistent security standard. The existing environment comprised Azure cloud services, Entra ID as the identity platform, and a growing number of containerised applications. Mandatory BSI baseline protection requirements called for systematic hardening of all endpoints and verifiable security monitoring. At the same time, the authority lacked a centralised system for detecting and analysing security-relevant events.

Measures

Wenske Cyber Solutions was commissioned to address multiple security domains in parallel. Our team began by conducting IT security audits across Microsoft Intune, Azure, and Entra ID to capture the current state in a structured manner. Based on this assessment, we developed hardening baselines for Windows 10/11 and Linux Ubuntu aligned with BSI baseline protection requirements. For endpoint management, we designed a standardised application packaging and update process with automated rollout via Intune. In the area of container security, we developed a security model for Azure Kubernetes Service (AKS) and Azure Container Registry (ACR), including an image scanning pipeline for early detection of vulnerabilities in container images. In parallel, we deployed Microsoft Sentinel as the central SIEM solution (Security Information and Event Management), defined relevant data sources, and developed detection rules based on KQL, systematically mapped to the MITRE ATT&CK framework.

Results

The authority now has a consistently hardened endpoint fleet that meets BSI baseline protection requirements. New applications and updates are rolled out automatically without manual intervention. The SIEM system detects security-relevant events in real time and maps them to defined attack patterns. The container environment is secured through automated checks in the build pipeline. All implemented measures are documented and can be independently maintained by the internal team.