Bringing people together for good—around the world

United Kingdom-based global telecommunications and digital services provider BT Group believes that connections hold the key to doing good, whether helping a neighbor or solving the most pressing problems on the planet. Its founders couldn’t have imagined that the telegraph company they started in 1846 would grow into one of today’s leading global telcos. Today, BT Group provides cutting-edge communications technologies in about 180 countries around the world, serving millions of consumers and organizations every day. In addition to the communications services it provides to business customers as BT and the UK telco market via its Openreach, its fiber business, BT Group is the parent company for its consumer-facing brands: EE, newly announced as its primary brand, as well as Plusnet and BT. 

It was EE, the BT Group flagship consumer-facing brand, that sparked a program to reimagine the customer authentication experience. A provider of broadband, landline, mobile, gaming, TV, and entertainment services, BT’s consumer brands serve about 25 million customers. As the gateway to more than 100 consumer services, EE typified the registration experience for popular offerings like TNT Sports (formerly BT Sport) and a range of TV and radio channels. But the need to repeat the process for every new service dampened customer enthusiasm, resulting in abandoned registrations. 

The company envisioned a seamless experience that would welcome, not deter, its customers. “We aim to treat every customer as an individual. Building and nurturing that relationship is crucial to the way we do business,” says Roy Corneloues, Enterprise Architect at BT Group. “Asking for a lot of information up front discourages engagement. We needed to simplify the customer experience.” Each line of business at BT Group had its own way of capturing customer information and authenticating them into services. “Our vision was to build a next-generation customer registration experience that could be adopted by every one of our lines of business, yet provide world-class security and modern authentication using open industry standards,” continues Corneloues. “And the technology we chose needed to have a clear path toward distributed, verified identities.” 

Realizing that vision was as essential to the BT Group commitment to customer service as it was to the company’s goal of continued growth and innovation. The company is evolving from a “telco” to a “tech-co,” a provider of identity solutions to other businesses and agencies. “Using the same credentials to log in anywhere is part of our strategy and the future of identity,” asserts Corneloues. “Why stop at our own brands?”

Reimagining customer authentication with Microsoft Entra ID

BT Group embarked on a company-wide rework of its customer registration experience that would launch at EE. First, Corneloues and his team brought multiple internal teams to the table to collaborate with the DevOps team that BT Group created to minimize its need for external development teams. A longtime Microsoft Azure customer, BT Group based its design on Azure technologies. Next, Corneloues engaged with Microsoft partner Kocho, a United Kingdom–based provider of managed services and an authority on Microsoft cloud technology, identity, and cybersecurity, to upskill his team. BT Group and Kocho also collaborated with their local Microsoft team.

The BT Group customer registration vision coalesced in the solution Corneloues and his team dubbed “single authentication framework” (SAF). Based on Microsoft Entra ID, a family of identity products under the Microsoft Security solutions umbrella, the solution hinges on the Microsoft Entra single sign-on (SSO). Thanks to SSO, EE customers no longer need to keep multiple credentials and passwords. SAF also uses several Azure services, notably Azure Front Door, a modern cloud content delivery service that heightens security for applications while providing scalable, high performance. 

Building in transparent security 

With the SAF front end defined, Corneloues and the team focused on the supporting technology: a matrix of other Microsoft Security solutions, including more Microsoft Entra ID products like Conditional Access, which bases access decisions on a comparison of signals from the enterprise to organizational policies. It deepens protection against account takeovers with Microsoft Entra ID Protection, which uses AI to identify and block suspicious sign-ins. The SAF solution is a major user of P2, the most advanced Entra ID Protection tier. The same Microsoft Entra ID components that speed authentication when a customer signs in to a service with the same device, billing information, location, and other details come together when a suspicious attempt occurs. “When a customer’s usual authentication details change, we introduce friction so that our teams can assess the situation before allowing a transaction to complete,” explains Corneloues. “We orchestrate the authentication experience with Microsoft Entra ID to let valid customers seamlessly enter our services, while keeping malicious actors out.” 

BT Group simplifies administration and security by consolidating its customer identities and access policies in one place. Corneloues and his team gain overall visibility into their estate with Microsoft Sentinel, a cloud-based security information and event management (SIEM) system. “We get so much telemetry from Microsoft Sentinel about user behavior that we can resolve those situations in real time. We react faster to those alerts faster than ever before.” 

The resulting SAF solution combines the ease and elegance customers appreciate with a sophisticated underlying layer of security-enhancing tools that can be tailored to the branding and business needs of any BT Group product.

Translating customer ease into success

Talk may be cheap. But for Corneloues, hard numbers tell a compelling story. “We went from 6 million to 10 million IDs in a couple of months after implementing our SAF solution based on Microsoft Entra ID and Azure technologies,” he recalls. “Our monthly active users went from two and a half million to three and a half million.” EE customers—and the legion of customers of the other BT Group brands soon to enjoy SAF—will be largely oblivious to the state-of-the-art technologies behind their seamless experience. But the drop in registration abandonments speaks volumes. “We need to bring customers on this security journey with us,” Corneloues emphasizes. “With Microsoft technologies like Entra ID, we’ve put our customers first with authentication that is both frictionless and highly secure.”

And malicious attacks fell sharply along with EE’s increased customer registrations. “We stopped 33,000 challenges to the antibot system during our first six weeks of using Conditional Access policies in Microsoft Entra ID,” reports Corneloues. “We also stopped 96,000 brute force attacks.” 

The economics of the solution sweeten the deal. “One of the reasons we chose Microsoft Entra ID is that we’re only charged for monthly active users,” says Corneloues. “Microsoft cloud-native solutions help us reduce costs by only paying for what we consume.”

The final validation of the system played out during the 2023 broadcast of the Champions League final and the Europa League final, for which BT Group owns the exclusive rights. It was early days for SAF, and Corneloues and his local Microsoft contacts assembled a top-notch team to resolve any issues for the high-stakes event. At a minimum, Corneloues expected that he might have to turn off authentication temporarily. “We processed over a million IDs in about four minutes,” he recalls. “It just worked brilliantly, proving that our cloud-native Microsoft-based technologies scale exactly as we want them to.”

Mapping out a blueprint for tomorrow 

Corneloues looks forward to coming identity and security innovations that will advance BT Group’s tech-co evolution. “We’re introducing multifactor authentication and encouraging customers to strengthen their own authentication with whatever processes make them comfortable,” says Corneloues. “Microsoft Entra ID aligns with the direction we advocate: people will carry their identity with them as they would a passport.” BT Group’s plan to accelerate its vision needs a technology partner that’s on the same page. “Microsoft is working hard to innovate and evolve, just as we are at BT Group,” concludes Corneloues. “We both want to be best in class to help everyone achieve the most and connect for good. A rising tide lifts all boats.”