Purpose
This pilot is for organisations that want stronger sign-in protection and cleaner identity controls, but are not looking for a tenant-wide rollout or full identity programme on day one. It is aimed at establishing core identity hygiene and baseline Conditional Access controls for a defined pilot cohort, with MFA, break-glass protection, sign-in visibility, and a practical rollout path.
What you get
- Tenant and cohort readiness review
- Protected break-glass approach and pilot cohort definition
- Baseline MFA and Conditional Access controls for the agreed pilot scope
- Sign-in visibility, alert routing, user communications, and clear next-step recommendations
Typical outcomes
- Better control over risky sign-ins and account-takeover exposure
- A validated pilot cohort with baseline MFA and Conditional Access working as intended
- A clearer staged rollout path with known exceptions, risks, and dependencies
Typical pilot scope
A focused identity hardening pilot for one agreed tenant and one defined user / group / device cohort. Final scope is confirmed through intake and the engagement SoW.
Best fit
- Businesses running Microsoft 365 / Entra ID or an equivalent managed identity platform
- Teams that want quick wins against account takeover and risky sign-ins
- Environments where MFA or Conditional Access exists in part, but coverage, exceptions, or visibility are weak
Prerequisites
- Global admin, security admin, or equivalent delegated access to the tenant
- Pilot cohort, change window, and validation contacts agreed in advance
- Alert destination, break-glass approach, and change approval path available before implementation
Assumptions and boundaries
- One tenant and one defined pilot cohort in scope
- Licensing required for the selected controls is available or already approved
- No full identity-lifecycle redesign, broad SSO onboarding, or tenant-wide rollout in this pilot
- Final engagement detail, scope, assumptions, and exclusions are confirmed in the SoW before work begins
Common risks we look for
- User lockout caused by policy error or missing exception handling
- Legacy clients or protocols that do not behave cleanly with MFA / Conditional Access
- Alert noise that creates distraction without useful action
- Device-state or licensing assumptions proving false during delivery
What happens after the pilot
If the pilot confirms the right direction, Virtus can help you extend the outcome into broader rollout, better control hygiene, or a suitable managed identity path where relevant.
Roll into managed → Identity & Access Management
Start pilot scoping
Use the intake form to tell us about your tenant, pilot cohort, current identity controls, and the outcome you want to achieve. If the scope looks suitable, we will confirm the next step and send the SoW for approval.
Start pilot scoping
