Skip to content

    Security & Identity

    Identity is your new perimeter — we set it up properly

    Over 90 percent of attacks target stolen credentials, not your firewall. We configure Microsoft Entra ID, MFA and Conditional Access so your people work protected — using what is usually already in your licence. Independent advice, not Microsoft-driven.

    The challenge

    Microsoft 365 is not secure out of the box

    The default settings still allow legacy protocols that bypass MFA entirely, and much of what you pay for sits unused. Only 42 percent of Swiss SMEs feel adequately protected — and those exact gaps are what token theft, consent phishing and CEO fraud exploit. You are paying for protection that was never switched on.

    How it helps

    What changes in your day to day.

    1

    MFA that actually holds

    We enable phishing-resistant multi-factor sign-in via Conditional Access with authentication strengths — not the spoofable SMS method. That stops even the attacks that defeat basic MFA.

    2

    Access only under clear conditions

    Conditional Access checks user, device, location and risk on every sign-in. Access only from managed, patched devices — optionally only from Switzerland. That is Zero Trust in daily practice: verify explicitly, least privilege, assume breach.

    3

    Closing the gaps that bypass MFA

    We disable legacy protocols such as IMAP, POP3 and SMTP Auth, through which attackers slip past every security layer. A quiet but decisive step.

    4

    Passwordless as the goal, not a dream

    Windows Hello, FIDO2 keys and passkeys make the password obsolete — more secure and noticeably easier day to day. Fewer password resets, faster sign-in, no reusing weak passwords.

    5

    Least privilege and a clean lifecycle

    We harden admin roles with PIM, set up access reviews and ensure clean onboarding and offboarding. So if something goes wrong, the damage stays contained — and nothing is left open when someone leaves.

    What's included

    What we deliver.

    Entra ID as your identity control plane

    Setup of Microsoft Entra ID (formerly Azure AD) as the central control over access, sign-ins and identities — the foundation for everything else.

    Conditional Access on Zero Trust principles

    Granular policies over signals like device compliance, location and sign-in risk. Included in M365 Business Premium (Entra ID P1) — we roll them out in report-only mode first, without disrupting your operations.

    MFA and passwordless sign-in

    Authentication strengths, FIDO2 keys, Windows Hello for Business, passkeys, Microsoft Authenticator and Temporary Access Pass — all under Entra ID P1, which you most likely already own.

    Risk-based protection with Entra ID P2

    Where needed we add risk-based Conditional Access and Entra ID Protection (risky users and sign-ins, alerts). This requires Entra ID P2 — available via the Microsoft Defender Suite for Business Premium add-on (formerly Microsoft 365 E5 Security). We tell you honestly when it is worth it.

    Defender and Purview as complementary pillars

    Microsoft Defender (Safe Links, Safe Attachments, anti-phishing) protects against malicious content; Purview handles DLP, sensitivity labels and audit logs for your evidence trail.

    Operational safety and handover

    Break-glass emergency accounts, documented policies and training for your people. Because technology alone changes nothing — adoption across the team is what decides.

    Outcomes

    90%+
    fewer account takeovers with consistent MFA
    Day 1
    baseline protection via Security Defaults active immediately
    revDSG
    demonstrable compliance via audit logs and access control

    FAQ

    Frequently asked questions

    Does our identity data stay in Switzerland?

    Honestly: not exclusively. Entra identity data follows the EU Data Boundary (EU plus EFTA — Switzerland is included), not a Switzerland-only arrangement. Core Office 365 content, by contrast, can be pinned to the Switzerland Geo. One caveat: SMS, voice and push notifications can be processed outside that boundary — OATH hardware tokens keep the data inside. We draw this line correctly for you.

    Do we need expensive add-on licences?

    Usually not. Most of it — Conditional Access, FIDO2, Windows Hello, passkeys, authentication strengths — sits in Entra ID P1, which is included in Microsoft 365 Business Premium. It just needs configuring correctly. Only risk-based protection and Entra ID Protection require P2. We recommend an add-on only when it concretely helps you.

    Will the change disrupt daily operations?

    No. We roll out Conditional Access in report-only mode first and see what would happen before anything is blocked. Emergency break-glass accounts stay excluded so you can never be locked out. The transition is gradual and coordinated.

    Does this help with cyber insurance?

    Yes. Many insurers require MFA and Conditional Access and ask about them in their questionnaires. With protection set up correctly and audit logs in place, you meet these requirements demonstrably — which often lowers the premium and makes the policy possible at all.

    More building blocks

    The modern workplace, end to end.

    Ready for the next step?

    Let's talk about your workplace.

    Whether it's migrating to Microsoft 365, zero-trust security or a Copilot rollout — together we'll find the right path.

    We use cookies and external services (e.g. Google Maps) to provide you with the best experience on our website. For more information, see our Privacy Policy.