EntraID Audit

EntraID (Microsoft Entra ID) is Microsoft’s central identity and access management (IAM) solution—especially in Microsoft 365 environments—and forms the basis for single sign-on (SSO) and access control. A misconfiguration can lead to unauthorized access to company resources or facilitate social engineering attacks. Therefore, this component must be thoroughly tested.

Scope

This type of test is typically performed as white-box, meaning that the testers receive full access to the tested system and its documentation. This allows a comprehensive analysis of vulnerabilities and misconfigurations in a short time frame. These are the main focus points of the test:

• Audit of the implementation status of the tier model and possible vulnerabilities
• Review of all accounts and their password age
• Review of the permissions of users, computers, and groups
• Review of group memberships of highly privileged groups
• Interview with administrators on how they typically administer the system
• Conditional access policies
• Verification against best practices
• The link to the on-premise Active Directory

Typical Price

from 7,000 €

The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.

Related Services

• Cloud Infrastructure Audit