What we offer

Clear focus, deep expertise, and a partnership built on handshake quality.

Assessments for Entra ID & Azure Cloud

For many companies, Microsoft Entra ID and Azure are the new Active Directory. We identify attack paths that attackers could use to compromise your cloud environment, and in hybrid environments we also show possible ways into your on-prem infrastructure.

01

Scenario

A stolen cloud account or an admin role that is too broad is often enough to compromise sensitive data and resources. We look for attack paths to compromise your cloud environment and its resources: for example ways around multi-factor authentication, weak Conditional Access policies, and rewarding targets with broad permissions. In hybrid environments this may also reveal ways into your on-prem environment.

02

Preparation

Up front we agree on scope and access: read-only roles in Entra ID and Azure plus the relevant subscriptions and resources. For hybrid environments we also look at the link to your on-prem Active Directory.

03

Checklist

We inventory users, roles, access policies, and app registrations, and check your Azure resources for unsafe settings. We also look at privileged accounts, service accounts, and typical Microsoft 365 misconfigurations. In hybrid environments we test attack paths between cloud and on-prem.

04

Scope

Depending on tenant size and the existing Azure resources, plan for roughly 5-10 person-days at €1,600 each.

6 steps to your pentest

How we work

1

We gather your requirements

In a scoping call we define the scope and framework of the pentest together. We agree on what is in scope and what is explicitly excluded.

2

We prepare your offer

Based on your requirements we prepare a tailored offer. You receive it promptly, with a clear breakdown.

3

We clarify all prerequisites

After you engage us, we prepare the pentest in a kickoff. We align on access, test accounts, time windows, and communication channels.

4

We deliver the best pentest for you

We test within the agreed scope and timeframe. During the engagement we stay in contact and report critical findings through the agreed channels. When testing is complete, you receive the report as a secured PDF.

5

We discuss the results

Pentest reports are often extensive. After delivery we remain your point of contact and are happy to walk through the results and priorities with you.

6

We retest for free

So you can act on the report, we retest remediated vulnerabilities once at no charge if fixes are completed within eight weeks of report delivery.

Ready to work with us ?

We go on the offensive for you and uncover vulnerabilities in your applications and infrastructure so attacks never get a chance.