Universitätsspital Basel: Healthcare M365 Governance at Scale

Challenge

Universitätsspital Basel (USB), one of Switzerland’s leading university hospitals, serves as both a major clinical care facility and a research institution. Starting in 2020, USB embarked on a four-phase Microsoft 365 modernization that scaled the environment to 12,000 internal users and 3,600 external collaborators, including researchers, partner institutions, and medical specialists.

Healthcare environments present governance challenges that compound at this scale. Patient data protection requirements under Swiss data protection law demand strict access controls and audit evidence. External users collaborating on research projects need carefully scoped access that does not expose clinical systems. The mix of clinical staff, researchers, administrative employees, and external partners creates complex user lifecycle requirements, people join, change roles, and leave across multiple departments and affiliations.

As the environment grew through each modernization phase, manual governance processes could not keep pace. The IT team lacked a unified view across SharePoint, Teams, OneDrive, and Exchange, making it difficult to identify orphaned resources, track external user access, or enforce consistent policies across 12,000 users.

Solution

USB deployed Rencore Governance to establish centralized visibility and automated policy enforcement across their Microsoft 365 environment. The platform connected to the tenant and provided a consolidated inventory of all users, groups, teams, SharePoint sites, and external access relationships.

For lifecycle management, Rencore automated the detection of orphaned resources, teams without active owners, SharePoint sites with no recent activity, and external user accounts that had not been accessed within policy-defined periods. Instead of relying on departmental managers to report changes manually, the system identified lifecycle events automatically and routed them for review.

Cross-service visibility was critical for the security team. Rencore surfaced a unified view of external sharing across SharePoint, OneDrive, and Teams, showing exactly which external users had access to which resources. This replaced manual audits that had previously required pulling data from multiple admin centers and correlating it in spreadsheets.

For AI readiness, USB used Rencore to assess their data governance posture ahead of potential Microsoft 365 Copilot adoption, identifying oversharing patterns and permission gaps that would need remediation before enabling AI-powered search across the tenant.

Results

USB achieved measurable return on investment within three months of deployment. The platform provided governance coverage across all 12,000 internal users and 3,600 external users from a single console. Manual audit processes that had previously consumed days of IT effort were replaced with automated monitoring and reporting. The lifecycle management automation systematically addressed orphaned teams, inactive SharePoint sites, and stale external user accounts, reducing the accumulated governance debt from five years of rapid Microsoft 365 growth. The security and compliance team gained the audit evidence and access visibility required under Swiss data protection regulations.