Entra ID Audit

EntraID Audit – Azure AD / Microsoft Entra ID configuration review, identity management

Diese Seite ist auch auf Deutsch verfügbar.


EntraID (Microsoft Entra ID) is Microsoft’s central identity and access management (IAM) solution—especially in Microsoft 365 environments—and forms the basis for single sign-on (SSO) and access control. A misconfiguration can lead to unauthorized access to company resources or facilitate social engineering attacks. Therefore, this component must be thoroughly tested.

Scope

This type of test is typically performed as white-box, meaning that the testers receive full access to the tested system and its documentation. This allows a comprehensive analysis of vulnerabilities and misconfigurations in a short time frame. These are the main focus points of the test:

  • Audit of the implementation status of the tier model and possible vulnerabilities
  • Review of all accounts and their password age
  • Review of the permissions of users, computers, and groups
  • Review of group memberships of highly privileged groups
  • Interview with administrators on how they typically administer the system
  • Conditional access policies
  • Verification against best practices
  • The link to the on-premise Active Directory

Typical Duration

3–5 days (scope-dependent). Reporting takes roughly 30–50% of the test time on top.

Typical Price

from 7,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Deliverables

Every engagement includes:

  • Written findings report with all misconfigurations, prioritized by severity, with remediation steps
  • Management summary tailored to your audience (technical or executive)
  • Live debriefing to walk through findings and answer questions
  • Retesting after remediation available on request

See example reports for what a VidraSec report looks like.

Compliance

Directly relevant for NIS2, ISO 27001, and TISAX. Identity and access management is a core control domain in all major security frameworks.

martin​@​vidrasec.com

+43 670 3081275

+43 670 3081275

Book appointment

Related Blog Post