Currently fully booked. New engagements onboard from early 2027.Join the 2027 waitlist
Active Directory
Security Assessment
A focused review of the directory that holds your identities, admin rights, and access.
Most of the issues ransomware relies on sit in a handful of well-known Active Directory misconfigurations - this finds the critical ones fast.
Read-only access · prioritised hardening report · fixed scope · from €1,900
This assessment is available on its own - the better path is the Retained Security Partner retainer, where you get it automatically once your security maturity is ready.
The Challenge
Why Active Directory drifts
Stale admin accounts, weak service accounts, legacy authentication, risky delegation, and over-broad permissions build up quietly in Active Directory. These are the exact paths ransomware uses to move from one machine to the whole domain. A short, focused assessment surfaces around 80% of the critical issues in roughly 20% of the time a full project would take.
Phase 1
Never Reviewed
Identity and access have never been checked. Misconfigurations accumulate and stay invisible until an incident exposes them.
Phase 2
One-Off Snapshot
A single assessment names the issues, but it does not fix them. Remediation takes real work over time, and the environment keeps drifting as accounts, devices, and policies change.
Phase 3
Scheduled in a Retainer
The assessment repeats on a sensible cadence inside a retainer, so identity hygiene keeps pace with the business.
Scope
What's in scope
A configuration-and-exposure assessment of Active Directory - not a full internal network penetration test.
- Privileged account hygiene and admin sprawl
- Weak, stale, and over-privileged service accounts
- Legacy authentication and outdated protocols
- Kerberos exposure and risky delegation
- Trust relationships across domains and forests
- Group policy weaknesses and insecure settings
- Password policy and credential exposure
- Stale objects, inactive accounts, and clean-up debt
Microsoft 365 / Entra ID hardening is handled as ongoing consultation rather than a fixed-scope audit - see the Retained Security Partner retainer.
Requirements
Access and accounts I need
- One read-only domain account, or a domain-joined machine I can run the assessment from.
- A short scoping call to confirm domain size, access method, and scheduling.
- One technical contact available for the debrief.
Pricing
Indicative pricing
What affects the final price
Environment Size
The number of domains and forests in scope. A single domain is quicker to assess than a multi-forest estate with several trusts.
Documentation & Access
Existing network diagrams, an asset register, and ready access to a privileged read account let the assessment start faster and go deeper.
Lead Time saves money
Booking at least 3 weeks ahead allows proper preparation and is reflected in the quote. Urgent engagements carry a premium.
Process
How We Collaborate
We confirm the size of your environment, how I will access it, and the schedule. Usually 30 minutes.
I run the assessment across Active Directory and collect the configuration and exposure data.
I prioritise the findings by real-world risk and write a hardening report with concrete, ordered steps.
We walk through the findings together, focus on what reduces ransomware risk first, and agree the next steps.
A one-off assessment answers a single question. A Retained Security Partner retainer schedules these assessments for you at the best time and budget, so identity hygiene keeps pace with how your business changes.
2027 waitlist
Scope an assessment
Prefer a steady monthly rhythm over one-off invoices? See the Retained Security Partner retainer.