Learn how this Australian not-for-profit partnered with Devicie to strengthen Level 1 Essential Eight maturity, automate application updates, and unlock IT capacity:
40 percentage-point increase in Essential Eight Level 1 coverage
“Instead of spending hours on manual compliance work, we're now driving key initiatives across the organisation, all thanks to Devicie’s proven, streamlined endpoint management.” – Aaron Roper, Head of Information Technology at Sacred Heart Mission
About
Sacred Heart Mission is a Melbourne-based not-for-profit organisation offering a diverse range
of support services, including a meals program, housing support, and women's services. The
organisation has grown from modest beginnings serving food from a Presbytery kitchen to
employing 500 staff members and working with 1,200 volunteers.
The Challenge
Achieving Essential Eight Compliance Stretched Operational Capacity
To protect the sensitive data of the vulnerable populations it serves, Sacred Heart continuously
bolsters its security infrastructure. One of its 2026 initiatives is to implement the Essential Eight
mitigation strategies, Australia’s widely adopted cybersecurity standard. However, achieving
this goal came with significant complexity.
Each strategy is deliberately defined in broad, outcome-based terms. This design enables IT
teams to implement Essential Eight controls as they best see fit for their environments—but in
practice, flexibility quickly became a double-edged sword.
Aaron Roper, Head of Technology, estimated that identifying the right security baselines,
application restrictions, and policies would take weeks of research and validation. Because
compliance requires extensive documentation, his team would also have to spend significant
time detailing what each setting does and why it was chosen.
Operating these controls—sometimes over a thousand per policy—added another layer of
complexity. Aaron’s IT team was lean, yet they were already manually managing 500+ endpoints
on Microsoft Intune. This workload left little room for additional work.
Application patches alone—tracking updates, testing patches for compatibility, and
deployment—consumed hours every month, even before aligning them with Essential Eight’s
requirements. Maintenance activities like device warranty lookups filled the rest of their time.
And that work was just the starting point. The Essential Eight framework includes three maturity
levels, each building on the previous one with increasingly stringent security requirements.
Sacred Heart determined Level 1 was the right fit for their environment, but advancing toward
higher levels would demand significant ongoing resources.
All of these operational necessities meant that transformational projects, like improving Sacred
Heart's data classification processes, remained on the back burner. One thing was clear: to
implement Essential Eight controls effectively, Aaron needed an external solution.
Soon after, Aaron connected with Crayon, Sacred Heart’s trusted Microsoft partner. After their
security team helped clarify the organisation’s Essential Eight roadmap, they introduced Devicie,
an Intune-native solution best suited to Sacred Heart’s environment and risk profile.
With its automated endpoint management, pre-configured security baselines, and policy
templates, the platform was exactly what Sacred Heart needed to achieve its Essential Eight
goals.
“Our small team was trying to do everything internally, from interpreting Essential Eight’s requirements to warranty management. We needed a more efficient way to push the organisation’s compliance initiatives forward.”
The Solution
Pre-Configured Security Baselines and Automated Compliance Workflows
After integrating Devicie into Sacred Heart’s Microsoft Intune setup, Aaron ran a short pilot
across select devices to see how the platform streamlines manual security workflows. When
the pilot proved successful without disrupting users, he deployed Devicie across Sacred Heart’s
fleet to strengthen their Level 1 maturity.
AInstead of researching and configuring each Intune setting by hand, the team now relies on
Devicie’s pre-built templates. These templates bundle hundreds of proven security controls
aligned with key security benchmarks, including Essential Eight and Microsoft’s
recommendations. As a result, Aaron and his team operate with most level requirements
automated.
While Sacred Heart began at Level 1, Aaron also valued that Devicie’s controls extend into
higher maturity levels, allowing his team to progressively harden security as capacity grows.
Comprehensive documentation is also built in at every step, providing audit-ready evidence
without manual effort.
These “always-on” settings save Sacred Heart’s IT team significant time. With its catalogue of
400 pre-packaged applications, Devicie fully handles application updates: monitoring platforms,
testing updates, and orchestrating deployment.
Because this process is customisable, Aaron can schedule staged rollouts across specific
endpoint groups to align with operational priorities. This flexibility eliminates potential
vulnerabilities while preserving Aaron's control over Sacred Heart's application updates.
Analytics on the health and compliance status of every endpoint are available in Devicie’s
centralised dashboard. Among these insights, Aaron and his team especially benefit from its
Warranty Graph. By pulling warranty data from manufacturers, Devicie highlights devices with
warranties that expire in 90 days, streamlining operations through proactive hardware refreshes.
By reclaiming hours previously spent on manual patching and documentation, Aaronn's team
gains capacity for other strategic initiatives, such as their data classification project. This work
directly strengthens Sacred Heart's protection of sensitive information, improving data
governance in a way that supports the organisation's mission.
Between weekly check-ins and thorough technical resources, Sacred Heart always receives
answers when they need them. As a result, Aaron and his small team never lose productivity
waiting for support or researching solutions externally.
Crayon’s partnership amplifies this comprehensive support. As Devicie leads the day-to-day
rollout of Essential Eight controls, Crayon helps drive Sacred Heart’s wider security roadmap.
Their team checks in regularly to review progress, interpret Intune changes, and even identify
new ways Devicie can further reduce risk—consistently strengthening Sacred Heart’s security
posture.
"With Devicie’s expert-validated security baselines and automated documentation, meeting our compliance targets was quick and easy.”
The Results
200 Hours Saved on Essential Eight Compliance Evidence with Devicie
With Devicie, Sacred Heart now meets almost all of the Essential Eight’s Level 1 technical
requirements. Automated workflows replaced manual processes, freeing Aaron's team to focus
on strategic security initiatives that further advance their mission.
40 percentage-point increase in Essential Eight Level 1 coverage
20 hours saved on monthly vulnerability management
200 hours saved on Essential Eight compliance documentation
“With Devicie, we don't have to spend hours trying to understand endpoint security controls to the depths needed to implement them. Having a partner who can do this for us is truly amazing.”