Detection Isn’t Response: What “24/7” Really Means in a Fordway Azure Service Desk
“24/7 support” is often used as a shorthand for reassurance. It suggests availability, coverage and responsiveness. But in practice, it doesn’t guarantee any of those things unless it is backed by the right operational model.
In Azure environments, where identities, workloads and data are active continuously, the difference between availability and action becomes critical. What matters is not whether an alert is generated or a ticket is logged, but whether something is properly investigated and resolved at the point it occurs.
At Fordway, the service desk is designed around that distinction. It is not simply a point of contact. It is the operational layer that connects Azure monitoring, security tooling and real-world outcomes.
Tim Waller, Service Continuity & Security Team Leader at Fordway, describes the gap that often exists:
“A lot of organisations think they’re covered because alerts are being raised or tickets are being created. But unless someone is actually picking that up and investigating it properly, nothing has really changed.”
Azure-native tools such as Microsoft Sentinel and Microsoft Defender are highly effective at generating signals. The challenge is managing what comes next. Detection alone does not reduce risk. It simply identifies that something may require attention.
Tim describes the operational reality behind this:
“The team’s main function is ‘keeping the lights on’ for all systems Fordway manage. As well as handling any issues that might arise out of hours, we’re responsible for everything that can’t be done during the working day for all our customers, such as patching and implementing upgrades. We follow the same processes for everyone, and our goal is always to ensure that all services are fully operational by the time they come to work in the morning.”
He also highlights something that is often overlooked in 24/7 service models: the amount of work that happens behind the scenes.
“Because much of our work is hidden – you could say we work in the dark – I think people underestimate the amount of work we do. We only tend to get feedback when things go wrong. If we’re doing a good job, we go unnoticed, which is fine by me. My team members understand the importance of what they do and the impact on both other team members and ultimately customers. They support each other and do a brilliant job.”
That “invisible” layer of work is what keeps Azure environments stable. It includes planned changes, patching, maintenance, and resolving issues outside core hours so that services are ready for the business day ahead.
Tim explains:
“The tools are very good at surfacing issues. The real value comes from how those signals are handled. If they’re not investigated properly, they just become noise.”
This is why Fordway’s approach centres on a fully ticketed service model delivered through ServiceNow, acting as the operational bridge between Azure monitoring tools and real-world response.
Alerts from Microsoft Sentinel, Microsoft Defender, Azure Monitor and other Azure-native services plus 3rd party tools such as Solarwinds and vendor specific management tools are ingested and automatically converted into structured tickets. From that point onwards, every signal is governed through a single workflow: triaged, prioritised, assigned and tracked through to resolution or escalation.
This integration is important because it turns detection into controlled action. Without it, alerts remain distributed across monitoring tools with no consistent mechanism for ownership or progression.
Within ServiceNow, each alert becomes a managed record of work. That record carries context, severity, history and actions taken, ensuring continuity between engineers and shifts. It also creates a consistent operating model across all customers, regardless of environment complexity or scale.
The ticket is not an administrative step. It is the control mechanism that ensures consistency, ownership and accountability across a 24/7 Azure operation. It also ensures that handovers between shifts are seamless, so context is never lost and incidents are always progressed rather than restarted.
Jo King, Service Delivery and Support Manager, highlights the importance of that continuity:
“Without that structure, you lose context very quickly. One engineer starts investigating, another picks it up later, and key information is missing. That’s where issues get delayed or missed.”
There is also a practical reality behind any effective 24/7 model. It is not automated into existence, and it is not sustained by bots alone but uses them to make the service more efficient.
Many managed services rely on real people, not automation, to deliver meaningful outcomes. Automation has its place for handling routine queries or simple requests, but it cannot troubleshoot complex or ambiguous issues. When something fails in an unexpected way, or when a security alert does not immediately make sense, it requires experience, judgement and critical thinking.
Jo reflects this directly:
“When something unusual happens, you need someone who can look at it properly, ask the right questions and work through it. That’s not something you can automate.”
Behind the scenes, delivering that capability requires careful planning. Round-the-clock service is maintained through structured shift patterns, ensuring that skilled engineers are always available, regardless of time of day. It is not simply about having someone online, but having the right level of capability consistently available.
Tim explains how that translates operationally:
“It’s about making sure there’s always someone alert and capable of picking things up straight away. The consistency of response is what really matters.”
This becomes particularly important when dealing with high-priority incidents. Critical issues cannot wait for the next working day or the next available resource. They require immediate triage, clear ownership and decisive action.
One of Fordway’s clients working within a large-scale operational environment highlights the impact of that approach:
“What stands out is the ownership. Once something is picked up, it’s followed through properly. It doesn’t just sit there waiting for the next shift.”
Fordway’s service desk operates as part of a wider Cloud Operations model, providing 1st, 2nd and 3rd line support with escalation into specialist teams where required. This ensures that incidents are not just acknowledged, but handled with the appropriate level of expertise from the outset.
Alongside response, the service is designed to be proactive. Continuous monitoring, problem management and trend analysis help to identify and address issues before they escalate. Over time, this reduces incident volumes and improves overall service stability.
Threat hunting forms part of this proactive approach. Not all risks present as clear alerts, and some require deeper analysis of logs, behaviours and patterns across the Azure environment. By actively interrogating this data, engineers can identify anomalies that may not yet have triggered formal detection rules.
Tim Waller describes this as an extension of the same process:
“You build an understanding of what normal looks like in an environment. From there, it becomes much easier to spot what doesn’t fit and investigate it before it becomes a bigger issue.”
For many organisations, maintaining this level of consistency internally is challenging. Azure estates are complex, and internal teams are often balancing day-to-day support with project work and strategic change.
Fordway’s model is designed to complement those teams, providing depth, continuity and a consistent operational framework. The focus is not just on handling incidents, but on ensuring they are properly understood, resolved and learned from, following the ITIL process framework underpinned by Fordway’s ISO20000 certification.
The result is a service desk that operates as more than a support function. It becomes a central part of how Azure environments are managed, secured and continuously improved.
The term “24/7 support” on its own does not capture that. A ticket logged overnight is not the same as an issue investigated and resolved. An alert generated is not the same as a risk managed.
In a Fordway’s Service Desk, the focus is on what happens after detection. Every alert is treated as the start of a process, not the end of one.
That is what turns visibility into control, and activity into real operational assurance.
