// service · security audits
"We've got Microsoft, so we're fine." Are you, though?
Most SMEs have no real picture of their exposure — until an insurer, a customer questionnaire or an incident forces the question. We give you the honest read: where you're at risk, what to fix first, and proof it stays fixed.
// the usual gaps
What we tend to find.
- No idea of actual exposure"We have Microsoft, so we're fine" — with nothing measured to back it up.
- Questions you can't answerCyber-insurance forms and customer security questionnaires that stall the deal.
- Stale, over-privileged accessMFA gaps, legacy auth left open, admin rights that sprawled and never got cleaned up.
- One-off reports that gather dustA pentest from two years ago that no one has re-checked since.
// what we deliver
Posture you can see and prove.
-
Step 1
Baseline audit
Your Microsoft 365 and Entra posture measured against recognised benchmarks — Microsoft Secure Score, the CIS Microsoft 365 Benchmark, and NZ-relevant guidance (NCSC / Essential Eight). The real number, not a vibe.
-
Step 2
Prioritised remediation
The cheap, high-impact fixes first: close MFA gaps, kill legacy auth, rein in admin sprawl, tighten sharing. You get a plain-English list ordered by impact, not a 90-page PDF.
-
Step 3
Recurring assurance
A monthly or quarterly report showing the posture trend and that access is still correct — the evidence you hand to an insurer, an auditor or a customer.
// joined-up by design
Offboarding is a security control.
When someone leaves, that's not just HR — it's the most common way access goes stale. If we also run your joiners, movers and leavers, the leaver evidence feeds straight into "access is correct" every month. One joined-up answer: we manage your people changes and prove your access is right.
- → Read-only tenant posture pull
- → Same engine every client, your tenant
- → Identity assurance, monthly
- → Deep network pentest referred out
// start a conversation
Start with the baseline.
A fixed-price baseline audit is the front door — you'll know exactly where you stand and what's worth fixing first. No scare tactics, no upsell to things you don't need.