Services / Identity & Access
MFA Deployment Sprint
Organization-wide MFA enforced — or upgraded from SMS to phishing-resistant methods.
MFA is table stakes, but most orgs still have gaps: accounts on password-only, SMS-based MFA that's trivially phishable, or MFA that's enabled but not enforced via Conditional Access. This sprint closes all three scenarios: MFA enablement for orgs starting from scratch, hardening for orgs upgrading from weak methods, and CA policy design to enforce MFA intelligently.
What's Included
- MFA enablement for all users not yet enrolled
- Migration from SMS/voice to Microsoft Authenticator or FIDO2/passkeys
- Conditional Access policies that enforce MFA — not just request it
- Per-app and risk-based MFA requirements
- User communication templates and rollout plan
- Exclusion and exception documentation
- Break-glass account setup
Engagement Details
Deliverable: MFA enforced org-wide. Weak methods eliminated. CA policies live and tested.
Duration: 2–4 weeks
Price: $4,000-$7,500
Notes: Tiered by user count.