Allostasis/Services/Track 01 — Foundations/F.01
F.01 · FOUNDATIONS

Microsoft Security &
Identity Assessment and Remediation.

Identity is the perimeter. Most mid-market tenants have a Conditional Access policy set, an MFA story and a privileged access posture — none of which has been formally reviewed in eighteen months. We assess what's there, then fix what matters.

ServiceF.01 — Security & Identity Assessment and Remediation
TrackFoundations
Typical scope2–4 weeks assess · 4–10 weeks remediate
EngagementSenior security architect-led
FrameworksEssential Eight · SMB1001 · ISO 27001 · NIST CSF · Microsoft Zero Trust

Why this matters

Identity is the perimeter — and almost no one has assessed theirs.

Most Conditional Access policy sets we review were authored years ago, by someone who's since left, against a tenant that's since changed shape. Privileged accounts have accumulated without owners. Legacy authentication is quietly still on.

We assess against the frameworks Australian mid-market organisations actually have to evidence — Essential Eight, SMB1001, ISO 27001, NIST CSF — prioritise findings against actual exposure, and remediate. Without ripping up what's already working.

What it includes

Six work-streams, scoped to your environment.

01

Conditional Access review

Every CA policy reviewed against intent, coverage gaps and conflicts; a target policy set designed and documented.

02

Privileged access posture

Privileged Identity Management, role assignments, break-glass design and approval workflows assessed and remediated.

03

MFA & passwordless

MFA coverage, phishing-resistant methods (FIDO2, Windows Hello), and a path off SMS where applicable.

04

Defender posture

Microsoft Defender for Identity, Endpoint and Cloud Apps reviewed; secure score and exposure findings prioritised.

05

Framework mapping

Current maturity mapped to Essential Eight, SMB1001 and ISO 27001 — with a remediation plan to a target level boards and cyber insurers will accept.

06

Remediation delivery

Engineering delivery of the highest-priority findings, with internal IT in the room throughout.

Engagement sequence

How an identity engagement runs.

STEP 01 · WEEKS 1–2

Discovery

Tenant configuration, CA policies, privileged roles and MFA coverage extracted and analysed.

→ Configuration baseline
STEP 02 · WEEKS 2–4

Findings & plan

Findings prioritised against exposure and Essential Eight maturity. Remediation plan signed off.

→ Prioritised findings report
STEP 03 · WEEKS 4–8

Remediation — high priority

CA target policy set, PIM, break-glass and phishing-resistant MFA delivered.

→ Hardened identity baseline
STEP 04 · WEEKS 8–14

Remediation — uplift & handover

Defender tuning, Essential Eight / SMB1001 / ISO 27001 uplift, and operating model handed to internal IT.

→ Defensible posture, owned

Outcomes

What you have at the end.

EVIDENCE

A documented identity posture.

Configuration, findings and remediation evidenced — defensible to a board, an auditor, or a cyber insurer.

MATURITY

A measurable uplift against the frameworks that matter.

Current and target maturity mapped against Essential Eight, SMB1001 and ISO 27001 — with the gap closed where it matters most.

READINESS

An identity baseline AI workloads can sit on.

Copilot and other AI workloads inherit a tenant that has been assessed — not assumed.

Other foundations services

What sits alongside.

F.02Data Estate Readiness & GovernanceView →F.03AI-Ready Architecture ReviewView →All servicesView →

The next step

Identity is the perimeter. Make sure yours is one.

Forty-five minutes with a senior architect. We'll ask about your tenant, your Conditional Access posture and your privileged access reality — and tell you honestly where the gaps are most likely to be.