Real engagements

What the work actually looks like.

Every engagement below involved a real organisation with a real security problem. Client names are shown where permitted. The situations, approaches, and outcomes are accurate. Prior to independent consulting, security consultation was also delivered through a Microsoft Enterprise Partner — working directly with Microsoft's enterprise customer base.

All case studies

Named client UAE Real estate 100–250 users
Aqaar
Real estate operations · UAE · Most recent engagement
Challenge

Document approval workflows were inconsistent. Sensitive documents moved through approval stages without a defined process or audit record. Heavy helpdesk dependency for routine email recovery. Inconsistent MFA enforcement across branches with no centralised visibility. SharePoint external sharing configured to allow anonymous "anyone with the link" access — property documents and client files silently exposed without IT awareness.

Solution

Designed and built a SharePoint governance automation platform using Power Automate for approval orchestration, Power Apps for operational dashboards, and Microsoft Graph API for email management. Metadata-driven document lifecycle tracking. Staged tenant-wide MFA rollout implemented in parallel. SharePoint external sharing policy tightened — anonymous link sharing disabled, external access restricted to named guests with expiry controls.

Outcomes
Helpdesk dependency for routine email recovery eliminated
Document approval workflow standardised across all teams
Every lifecycle action logged with approver and timestamp
MFA enforced consistently across all branch locations
Anonymous external sharing disabled — file exposure risk closed
Named client United States Software development 300–500 users
Salzer Technologies
Software development & IT services · US
Challenge

Developers accessing tenant resources from unmanaged endpoints without device trust enforcement. Legacy authentication still active. Standing Global Admin privileges assigned long-term to accounts used for daily operations. Conditional Access deployed inconsistently with no structured access model.

Solution

Full Conditional Access architecture redesign. Device-trust enforcement for engineering workflows — managed devices accessing all resources, unmanaged devices restricted to browser-only for non-sensitive workloads. Legacy authentication eliminated safely. MFA enforced across all privileged roles. Admin privilege surface reduced through role segmentation.

Outcomes
Legacy authentication removed without service disruption
MFA enforced across all admin and privileged roles
Unmanaged endpoint exposure significantly reduced
Global Admin accounts audited and separated from daily-use accounts
Tenant moved from feature-enabled to architecture-driven identity enforcement
Named client United States Professional services 400–600 users
SmithGardner Inc
Professional services · US · Multi-location operations
Challenge

MFA partially deployed but not enforced consistently — exceptions covered some of the highest-risk accounts. Legacy protocols still active. No structured access model separating admins and standard users. Identity security controls implemented reactively rather than strategically. Email authentication records absent — SPF misconfigured, DKIM unsigned, DMARC not published — leaving the domain open to spoofing and impersonation of client-facing email.

Solution

Staged Conditional Access rollout with role-based policy layers for standard users, admins, and service accounts separately. Tenant-wide MFA standardisation with break-glass account strategy. Legacy authentication retired using staged block with dependent application identification. Session controls aligned with device posture. SPF record corrected, DKIM signing enabled across all sending domains, DMARC policy published and progressed to enforcement with reporting configured.

Outcomes
Full MFA enforcement achieved without operational disruption
Legacy authentication eliminated across 400–600 users
Privileged access boundaries introduced and documented
Domain spoofing exposure closed — SPF, DKIM, and DMARC fully enforced
Repeatable identity governance baseline created for IT continuity
Named client United States Healthcare 200–350 users
Bronzeville Healthcare Solutions Inc
Healthcare services · US · Clinical coordination & patient workflows
Challenge

Shared workstations in clinical environments with multiple users authenticating from the same device throughout shifts. No device trust enforcement. Permanent privileged admin assignments. Inconsistent MFA rollout across departments. Elevated exposure risk around identity-layer access to patient-related communication workflows.

Solution

Conditional Access designed specifically for shared workstation usage patterns — session time limits, re-authentication triggers for sensitive applications, browser session controls. Privileged role segmentation through PIM-ready structure. MFA standardised across all tenant roles. Identity security baseline documented for internal IT team maintenance.

Outcomes
Shared endpoint exposure reduced without disrupting clinical workflows
Privileged role misuse surface minimised
Identity controls aligned with healthcare data sensitivity expectations
Compliance review readiness significantly improved
Anonymous Australia BFSI 150–300 users
Meridian Advisory Group
Banking, financial services & insurance · Australia · 150–300 users
Challenge

Legacy authentication still active despite known risk. MFA partially deployed with exceptions covering highest-risk accounts. No admin isolation strategy — Global Admin permanently assigned to accounts used for daily IT operations. Unified audit logging disabled, making it impossible to reconstruct access history or respond to regulatory queries. No structured identity-risk enforcement model aligned with financial sector expectations.

Solution

Legacy authentication eliminated using staged block approach — dependent applications identified before access was cut. Role-based Conditional Access segmentation for standard users, admins, and service accounts. Strong MFA enforced across all privileged roles. PIM-ready role structure introduced with activation procedures documented. Unified audit logging enabled across the tenant with retention period aligned to Australian financial sector regulatory expectations. Entra ID sign-in and audit workbooks configured for ongoing monitoring.

Outcomes
Administrative attack surface significantly reduced
External login exposure via legacy protocols closed
Unified audit log activated — full sign-in and access history now retained
Identity posture moved from reactive to policy-driven
Tenant aligned with Australian financial-sector security and compliance expectations
Anonymous Healthcare diagnostics 250–400 users
Healthcare Diagnostics Network
Diagnostics & lab environments · 250–400 users
Challenge

Shared workstation usage across lab environments. No Conditional Access device trust enforcement. Sensitive patient-related email workflows with no session-level controls. Permanent privileged admin assignments. Growing compliance review pressure from regulators.

Solution

Conditional Access policies addressing shared workstation patterns — session time limits, re-authentication for sensitive apps, browser session controls for patient-related workloads. Privileged identity segmentation through PIM-ready structure. Identity security baseline documentation created for internal IT team.

Outcomes
Shared endpoint exposure reduced without disrupting lab workflows
Privileged role misuse surface minimised
Sensitive workload access limited to trusted sessions
Compliance review readiness improved significantly
Anonymous Real estate operations 100–250 users
Email Remediation Automation Platform
Real estate operations · Multi-location · 100–250 users
Challenge

IT team spending significant hours weekly on junk email recovery requests from branch staff. No central visibility into what was being recovered, by whom, or whether it was appropriate. Helpdesk tickets were the only mechanism — no audit trail, no workflow governance.

Solution

Centralised Junk Email Review portal built using Microsoft Graph Mail API for message retrieval, Power Automate for orchestration, SharePoint for metadata tracking and audit logging, and Power Apps for the self-service interface. Branch staff submit recovery requests through a controlled workflow. IT retains approval visibility without being the bottleneck.

Outcomes
Helpdesk dependency for email recovery eliminated
Branch operations standardised across all locations
Every recovery action logged with approver, timestamp, and justification
Full audit trail where none previously existed
Anonymous Professional services 400–600 users
SharePoint Governance Automation Platform
Professional services · 400–600 users
Challenge

Document approval workflows inconsistent across practice teams. Sensitive documents moved through approval stages without a defined process, reliable routing, or audit record. IT had no visibility into document lifecycle status without manual intervention. Management reporting entirely manual.

Solution

Metadata-driven document lifecycle system on SharePoint Online. Power Automate handling approval routing based on document classification and role hierarchy. Power Apps dashboard giving operational managers real-time visibility into document status and pending approvals. Exception handling logic preventing documents from sitting in undefined states.

Outcomes
Approval workflow standardised across all practice teams
Document processing timelines shortened
Every lifecycle action recorded with approver and timestamp
Management visibility achieved without manual reporting overhead
Anonymous Singapore Financial advisory 80–150 users
Veramont Capital Partners
Financial advisory & asset management · Singapore · 80–150 users
Challenge

Third-party application integrations accumulated without governance. Users had granted OAuth consent to external apps without IT visibility — several integrations were accessing mailboxes and calendar data with no record of authorisation. Cross-tenant collaboration with external legal and audit partners set up informally, with no review of trust boundaries or access scope. Unified audit logging not enabled, making it impossible to determine when access was granted or what had been accessed. No app consent policy in place.

Solution

App consent framework implemented — user consent disabled for high-permission scopes, admin consent workflow configured for all third-party integrations. Full OAuth app inventory conducted; unauthorised and dormant app registrations revoked. Cross-tenant access settings reviewed and restructured — external partner access scoped to specific resources with expiry controls. Unified audit logging enabled across the tenant with retention aligned to Singapore MAS financial sector expectations. Entra ID workbook configured for ongoing consent and sign-in anomaly monitoring.

Outcomes
All third-party app access brought under admin consent governance
Unauthorised OAuth integrations identified and revoked
Cross-tenant partner access formally scoped and time-bounded
Unified audit log activated — full sign-in and consent history now retained
Ongoing monitoring baseline established for consent anomaly detection

See how this applies to your environment.

Book a free call Get in touch