Secure
Identity & Access Management
Conditional Access, MFA, Privileged Identity Management, and passwordless authentication.
Identity is the new security perimeter. The compromise of a single privileged account can cascade through cloud services, bypassing network controls entirely. With nine identity-specific risks in our register — and identity involved in virtually every breach chain — establishing Conditional Access, MFA enforcement, just-in-time privileged access, and a strategic passwordless roadmap is not optional. It is the single highest-impact investment an organisation can make toward ISO 27001 compliance and operational resilience.
Foundation (Plan 1)
- Conditional Access - Users — Conditional Access policies for standard users (MFA, device compliance, guest access, risk-based controls)
- Conditional Access - Admins — Conditional Access policies for administrators (enhanced MFA, risk-based CA, session controls, location restrictions)
Added in Endpoint (Plan 2)
- Conditional Access - Devices — Conditional Access policies requiring device compliance
- Privileged Identity Management — Entra ID PIM for just-in-time privileged access, cloud-only accounts, access reviews
- Workload Identity Governance — Discover, remediate, and govern non-human identities including service principals, managed identities, and workload identity federation
- Passwordless & FIDO2 Strategy — Strategic credential roadmap covering FIDO2 keys, Windows Hello for Business, Authenticator passwordless methods, and password elimination
What you receive
| Delivery Package | Duration | Stakeholders | Key Deliverables |
|---|---|---|---|
| Conditional Access Deployment | 5–15 days | CISO, IT Admin, Security Analyst | CA policy matrix document; Deployed CA policies (Report-Only → Enforced); Exception management process and groups |
| Privileged Identity Management | 3–8 days | CISO, IT Admin | PIM role assignment policy; Activation rules per role tier; Access review schedule |
| Workload Identity Governance | 3–10 days | CISO, Application Owners, DevOps | Service principal inventory and risk assessment; Managed identity migration plan; Workload CA policies |
| Passwordless & FIDO2 Strategy | 5–15 days | CISO, IT Admin, End Users | Credential strategy document; Auth method registration policies; FIDO2 key deployment plan |