Conditional Access Penetration Test: 4 Days Assessment

In your journey towards a Zero Trust posture in your Microsoft 365 Environment, Conditional Access plays an important role. It allows you to define - in fine detail - the protection of your organization’s most valuable assets, your cloud applications, devices, and data. Configuring these access policies brings a lot of technical challenges. It requires a clear governance vision if you want to do it correctly.

With the Conditional Access Penetration Test, you can validate - in an automated way - what your access policies would permit or not in both common and more extraordinary situations including potentially malicious access. This brings insights in your current attack surface and allows you to finetune existing policies. It can also help you to create new policies to fully suit your vision regarding access. The Conditional Access Penetration Test is an intelligent add-on service to your Microsoft 365 cloud environment. It solves common technical business problems like accurate policy validation, automated documentation of Conditional Access, a concise management overview, and cloud security penetration testing.

As your organization progresses, grows, and transforms, your Conditional Access policies in your Microsoft 365 Environment may also change to comply with new requirements. By recurrent and periodically incorporating the Conditional Access Penetration Test into your way of working, you keep up to date with how your access policies behave and locate the potential security holes. This will assure you that everything is in line with your strategy. That is why we offer this penetration test as a yearly service, allowing you to (re)-evaluate your Zero Trust posture with up to 10 pentest a year.

Don’t have any Conditional Access policies yet but planning to? Let’s start off the right way by using the approach of verifying the organization global impact of each access policy change. By being quick on the draw, open security holes or misconfigurations can be closed immediately.

Software developers take the same approach; they test their application with code to simulate different scenarios. They verify the output, the effectiveness, the security, the robustness, and the overall requirements set. The same rewards can be achieved for your organization’s access, putting you in pole position towards a secure and mature access management.

This service includes:

• Pre-engagement call
• Up to 100 custom simulations
• Overview of past sign-ins per simulation
• Up to 10 Conditional Access Pentests per year
• Gaining valuable insight in your attack surface
• Proof of correct policy configuration
• Align technical configuration on your strategy
• A coaching call on best practices and potential next steps