A structured audit of your Microsoft Entra environment
The Identity Assessment is a paid, scoped engagement — not a free consultation. You get a written report, a tenant health score, and a clear remediation roadmap. No obligation to engage further.
Eight identity domains
The assessment covers all material identity risk areas in a Microsoft Entra environment. Each domain is reviewed against a documented baseline. Findings are graded by severity.
MFA enforcement
Are all users required to use MFA? We verify enforcement through conditional access policies, not just per-user MFA status — a common gap that leaves organizations exposed.
Conditional access
Conditional access policies control how and when users can authenticate. We assess coverage, policy logic, exclusions, and whether legacy authentication is blocked.
Admin privilege review
Who holds Global Administrator, Privileged Role Administrator, and other high-impact roles? We document every assignment and flag unnecessary or excessive privilege.
Guest access
External collaborators accumulate over time. We identify all guest accounts, their last activity, and what they have access to — including any that have outlived their purpose.
Legacy authentication
Protocols like basic auth, SMTP AUTH, and POP3 bypass modern authentication controls entirely. We identify whether legacy authentication is blocked and flag any active usage.
Lifecycle and offboarding
Is there a documented offboarding process? We review whether departed users are fully disabled, their sessions revoked, OAuth grants removed, and licenses reassigned.
SSO coverage
Which applications are integrated with Entra ID for single sign-on — and which are not? Disconnected apps are outside your identity governance perimeter entirely.
Monitoring and alerting
Are sign-in risks, admin activity, and policy failures being monitored? We assess your Entra ID diagnostic settings, alert configuration, and whether any SIEM integration is in place.
What you receive
The assessment delivers a written report — not a slide deck, not a verbal briefing. The report is structured so it can be shared with your board, auditors, or cyber insurance provider.
A single score summarizing your identity posture across all eight domains. Benchmarked against our baseline for organizations of your size.
Each identity domain is graded and findings are documented — what we found, what it means, and why it matters.
Critical, high, and medium-priority items. Each includes a description, recommended action, and estimated effort.
Based on the environment complexity and gaps identified, we recommend the Identefi service tier that fits your needs.
$750–$1,500
Priced based on tenant size (number of licensed users) and environment complexity. The exact price is confirmed before work begins.
What happens next: After you submit the form below, we schedule a 30-minute scoping call, confirm the price, and send a simple service agreement. Work begins after the agreement is signed and a 50% deposit is received.
Request an Identity Assessment
Fill out the form below. We will follow up within one business day to schedule a scoping call and confirm pricing.
Do I need to sign up for ongoing services?
No. The assessment is a standalone engagement. You receive the report and are under no obligation to engage further. Many clients use the report to validate their current posture or to brief their board.
What access do you need?
Read-only access to your Microsoft Entra tenant is sufficient for the assessment. We will provide specific instructions before work begins. We do not require Global Administrator privileges.
How long does the assessment take?
Typically 5–10 business days from access grant to report delivery, depending on environment complexity. We confirm the timeline during the scoping call.
Is the report suitable for auditors or insurers?
Yes. The report is structured to be shared with compliance auditors, cyber insurance carriers, and boards. It documents controls, gaps, and remediation steps in plain language.