We start every engagement by understanding your environment as it actually is — not as it should be. Our onboarding process builds a clear, evidence-based security picture before any recommendations are made.
Security improvements only work when they're based on evidence. Guesswork leads to unnecessary tools, complexity, and cost — and often misses the actual risks.
We assess what is actually configured in your environment — not what should be there, or what similar organisations have. Your baseline is specific to you.
We prioritise issues that materially reduce the likelihood and impact of common cyber attacks — not compliance theatre or vendor-preferred solutions.
Modern Microsoft environments are complex and varied. Our onboarding focuses on what is actually deployed — across identity, devices, cloud services, and network access.
Two structured steps. One clear picture of where you are, what gaps exist, and what to do next.
Using Microsoft's Zero Trust framework, we assess your environment across the six core pillars — giving a complete, configuration-based view of your current security posture.
The assessment is non-intrusive. We review policies, access controls, and security posture without disrupting your live systems or requiring downtime.
Findings from the Zero Trust assessment are mapped directly to the five Cyber Essentials controls. This produces a structured gap analysis that's honest about where you stand.
We identify which controls already meet the standard, which are partially implemented, and which present certification blockers or material risk — before any remediation work begins.
Traditional perimeter security assumes that everything inside the network is safe. Zero Trust removes that assumption — it requires explicit verification for every access request, regardless of location or device.
Microsoft's Zero Trust framework is the natural starting point for organisations running on Microsoft 365 and Azure. The NCSC has confirmed that Cyber Essentials is compatible with Zero Trust architecture — and the assessment findings map well onto the five CE controls.
This dual-framework approach means your onboarding produces two clear outputs from a single assessment: a modern security posture view, and a practical compliance picture against the UK government standard.
Verify every user. Always. MFA, conditional access, and privileged identity management.
Ensure every device meets compliance requirements before granting access to data or services.
Control access to apps and discover shadow IT. Only approved apps, properly governed.
Know where your data is, classify it, and apply appropriate protection policies.
Segment networks, control remote access, and harden servers against common attack vectors.
Microsoft's Zero Trust approach is publicly documented and aligned to NIST and NCSC guidance. It provides a practical structure for assessing Microsoft 365 and Azure environments against modern security principles. For more, see Microsoft's Zero Trust documentation and the NCSC's Zero Trust architecture guidance.
At the end of onboarding, you have a documented picture of your current posture, what needs to change, and in what order — without the jargon.
A documented view of your current security posture across Microsoft services — identity, devices, applications, data, and network.
A structured comparison against all five CE controls, with each control clearly marked as met, partial, or a blocker — with evidence.
Risk-based recommendations in order of impact — not vendor preference or what's easiest to sell. Each item is explained in plain language.
If Cyber Essentials is your goal, you leave onboarding knowing exactly what needs to happen, how long it will take, and what we'll do together to get there.
A one-time baseline tells you where you are. Ongoing support keeps you there — and keeps you certified.
We don't just identify gaps and hand you a to-do list. We fix them — configuring controls, rolling out MFA, hardening devices, and managing patches on your behalf.
Security posture changes every time a user joins, a device is added, or a policy is updated. We monitor continuously so your controls stay aligned to Cyber Essentials requirements.
With ongoing support in place, your annual Cyber Essentials renewal becomes a formality — not a scramble to discover gaps you didn't know existed.
Whether you're preparing for Cyber Essentials certification or want a clearer picture of your Microsoft security posture, we start with evidence — not assumptions. And we don't sell tools.
Contact Us 📅 Book a Short Call About Cyber Essentials