Most of our case studies are about customers we've helped. This one is about us. We deployed Ironscales across our own 160 mailboxes, and these are the results.
INDUSTRY
IT services
SIZE
160 mailboxes
LOCATION
UK, all-remote
DEPLOYED
2026
A managed service provider’s own inboxes are an unusually high-value target. Take ours: 160 mailboxes, dozens of client environments, and one compromised credential away from all of them. The email security in front of those inboxes is the same platform Highgate recommends to its customers: Ironscales.
THE CHALLENGE
Situation
Microsoft 365 provides Highgate’s baseline email protection, catching generic spam and crude phishing. But the targeted attacks an MSP attracts call for a specialist response: business email compromise that mimics a real customer thread, credential-harvesting pages built for IT support staff, and lookalike domains for tooling vendors. The bar for a Highgate-grade decision was higher than for a typical 50-person business.
Pain points
• One compromised credential could expose dozens of client environments
• Targeted phishing, BEC, and lookalike-domain attacks slip past conventional spam filters
• Native Microsoft 365 reporting and admin self-service were limited
• Awareness training needs measurable proof, not a tick on a compliance checklist
THE PLATFORM
Why Ironscales?
After evaluating the alternatives, Highgate chose Ironscales. It bolts onto Microsoft 365 via API rather than replacing it, which kept the rollout fast and reversible. Its Adaptive AI learns from a 17,000-customer dataset, keeping pace with attacks that signature-based filters miss. And detection, reporting, phishing simulation, and awareness training all run from one platform, with the visibility and admin tooling the team was missing. Highgate sells, implements and supports Ironscales for customers; running it in-house was the logical extension.
What we deployed
• Live across the staff and shared mailbox estate
• Adaptive AI filters intercept phishing, BEC, malware, and credential-harvesting attempts at the mailbox layer, before delivery
• Daily digest lists every message Ironscales held back; staff can release a false positive in seconds if needed
RESULTS
Phishing simulations are the cleanest test of whether the training is working. In the latest run, every member of the team identified the simulated attack, and no credentials were compromised. Ironscales reports a 90% reduction in phishing-link clicks across customers running its simulation programme; Highgate sits at the top of that curve.
To date, Ironscales has captured 334 incidents across Highgate’s mailboxes. 305 were confirmed phishing attacks, 18 quarantined as spam, and 11 reviewed and released as false positives.
'Honestly, the toughest email security customer I have is my own team. We see incidents at customer sites every other week, and I knew what I didn’t want. Ironscales is the only platform I’ve been comfortable signing off for our staff. The latest simulation came back without a click, which told me I’d made the right call.'
– Paolo Rodia, Services Director at Highgate IT Solutions
