Cloud Security & Identity Review
Where an attacker gets into your Microsoft tenant, found before they do.
A fixed-fee assessment of your Entra ID, Conditional Access, and exposure across Microsoft 365 and Azure. You get the gaps ranked by how an attacker would use them, with the remediation your team can act on.
- Fixed fee
- €7,500
- Duration
- 2 weeks
- Format
- Remote-first
At a glance
- Fixed fee
- €7,500
- Duration
- 2 weeks
- Format
- Remote-first
- Fee credit
- Creditable in full within 8 weeks
- Markets served
- DACH and Benelux
Who it's for
- A cyber-insurance renewal or a customer audit is asking for your identity and access posture in writing.
- You turned on Microsoft 365 and Azure over years and no one has read the whole attack surface since.
- You had a near-miss, or a peer in your sector did, and you want an independent read before the next one.
- A recent breach at a peer company, or in the news, moved this from someday to this quarter on your risk register.
- You are renewing cyber insurance and the underwriter is asking harder questions about identity controls than last year.
Scope and format
What you get
Identity and access assessment
Your Entra ID, Conditional Access, MFA, and privileged access posture, with the gaps named.
Attack-path read
The gaps ranked by how an attacker would chain them, not by tool severity score alone.
Exposure across Microsoft 365 and Azure
The data, sharing, and configuration exposure across the estate, per workload.
Guest and external access audit
Every guest account and external sharing link across Microsoft 365, checked against who actually still needs it.
Prioritised remediation backlog
Every finding ranked by risk and effort, written so your team can pick it up without us.
Readout session
A working session with your team to walk the findings and agree what gets hardened first.
Pricing
The full fee is creditable against a follow-on remediation or platform engagement booked within eight weeks of the readout.
Where your data sits
Governance & compliance
- Read-only access, scoped to the review and revoked on completion.
- No exploitation or changes to live systems. This is an assessment, not a penetration test.
- GDPR Article 32 security-of-processing obligations assessed as part of the review.
- A signed data processing agreement before kickoff, and findings documented to the standard your auditor cites.