Stop identity-based attacks before they start.

Identity & Access Management built for modern organisations facing real risk. Cybercrime costs have reached $60B annually and the cost of inaction is too high.

Get in touch

Identity & Access Management

Why and why now

Identity is the front door to your organisation – and attackers know it. According to the NCSC, 50% of businesses and 32% of charities report a cyber security breach or attack in the last 12 months, rising to 70% of medium businesses and 74% of large businesses.

The most common attack type is phishing (84% of businesses, 83% of charities), followed by impersonation (35% of businesses, 37% of charities) and malware (17% of businesses, 14% of charities).

When identity controls are weak, the impact is measurable: in the UK, the average cost of a data breach is £3.58m, and ransomware downtime averages 24 days – a direct hit to operations and trust.

Service overview

As a trusted Microsoft Solutions Provider, Wanstor delivers IAM implementation + ongoing managed service using Microsoft’s security stack- Microsoft Entra ID, Azure, Microsoft 365, and Active Directory – to strengthen your Microsoft-focused defences.


Whether you’re operating in Microsoft 365, on-prem Active Directory, or a hybrid mix, our identity specialists design and deliver a secure IAM foundation tailored to your environment and compliance requirements.

What we deliver

IAM Assessment & Planning

We analyse your current identity environment, identify security goals and compliance requirements, and design a customised IAM plan for hybrid or cloud-only environments.

 

Microsoft Entra ID Review

We review Entra configuration across user identities, licence assignments, and external collaboration settings – including invitations and cross-tenant access where applicable.

 

Authentication & Access Management

We review user authentication methods, Conditional Access policies, and (where available) risk controls using Microsoft Entra ID Protection, plus access management for Azure resources using Azure roles – aligning configuration to best-practice settings.

 

Cloud Applications Review

We review new app registrations, report on apps due to expire, review and configure consent settings, role assignments, monitoring and auditing – plus recommend integrations such as Microsoft Entra Application Proxy when applicable.

 

Identity Governance (Privileged Access)

We strengthen privileged access across your environment with governance controls including:

  • Privileged access review across M365 tenant, Active Directory, Entra ID, Azure, and subscriptions
  • Microsoft Entra Privileged Identity Management (PIM): roles, resources, privileged groups, approval processes, audit history, and break-glass accounts
  • Reviews of PIM/JIT elevation logs to validate whether privileged access is being used appropriately
  • Review of LAPS / Cloud LAPS status to protect local admin accounts
  • Planning and oversight of access reviews in Microsoft Entra
  • Auditing tools to baseline Entra ID and AD configuration against best practice

Managed IAM (monthly service)

Wanstor’s IAM managed service delivers a suite of checks and improvements every month, covering these areas:

Monthly coverage includes:

⋅ Assessment & planning: ongoing alignment to security goals and compliance requirements, with a plan for changes to meet industry standards (hybrid or cloud-only).

⋅ Microsoft Entra ID review: user identities, licences, external collaboration, plus Conditional Access review and guidance to align policies with industry guidelines.

⋅ Cloud applications review: new registrations, expiry reporting, consent configuration, role assignments, monitoring/auditing, and recommended integrations (e.g., Entra App Proxy where applicable).

⋅ Secure Cloud Provider review: identify and report non-compliance against controls from frameworks such as CIS-2.0, MITRE ATTACK, PCI-4.0 and more; track improvements and identify attack paths in Entra ID or AD tenancy.

⋅ Identity governance: PIM, JIT review, break-glass controls, LAPS/Cloud LAPS status, access reviews, and auditing to benchmark against best practice.

⋅ On-Prem Active Directory IAM (if applicable): review AD configuration, access review for Domain Admins, audit service accounts for least privilege, and plan upgrades/replacements for legacy systems that don’t meet current security standards.

Outcomes & benefits

By partnering with Wanstor for IAM implementation and ongoing management, you can expect:

  • Secure access management and privileged identity management
  • Risk mitigation, compliance and governance improvements
  • Seamless hybrid integration (on-prem + cloud) and monthly review with reporting back to you.

Why Wanstor

When it comes to security, you need an experienced partner. Wanstor is a Microsoft Partner for Security with a Microsoft advanced security specialisation in Identity and Access Management. Our cyber security team includes Microsoft Certified Security Architects and Cyber Essentials Lead Auditors to guide you to a stronger security posture.

Prerequisites

Licensing requirements

  • Microsoft 365 Business Premium or Microsoft 365 E3 with EMS, or Microsoft 365 E5 licences for all users
  • Entra ID P2 is required for PIM and Identity Protection features (not included in all licences above)
  • Azure Subscription (for workload identities and Azure resource management)

 

Environment requirements

  • Existing on-prem Active Directory (if implementing hybrid)
  • Azure subscription and required permissions for deployment
  • Access to existing IAM infrastructure (if applicable)
  • Network connectivity between on-prem and cloud (for hybrid scenarios)

 

Scope, assumptions, exclusions

  • Estimated time covers implementation of core IAM services outlined in the overview
  • Client provides necessary access, information and resources; no significant infra/network changes required; identities are ready for migration/sync
  • Licensing procurement is excluded (unless managed by Wanstor)

Pricing

One-off setup & configuration example

  • Project Manager: 0.5 day @ £1,000 = £500
  • Senior Security Engineer: 1.5 days @ £1,000 = £1,500

Total one-off: £2,000

 

Recurring managed service

  • IAM Service (Entra ID P1): £1,200/month (£14,400/year)
  • IAM Service (Entra ID P2): £1,500/month (£18,000/year)

P1 vs P2: P1 is for organisations without Entra ID Plan 2 (so no PIM/Identity Protection); P2 supports PIM and Identity Protection features.

Ready to reduce identity risk and prove control?

Talk to Wanstor about hardening identity, locking down privileged access, and putting governance around who gets in - without slowing your people down.