Entra ID isn't a product you configure once — it's a platform Microsoft changes every month. LakeForest operates your tenant: the daily, weekly and monthly work that keeps identity secure, compliant and understood.
Deep expertise. Delivered monthly.
Most organizations configured Entra ID once — during a migration, by a partner, years ago. Since then: new apps, new admins, exceptions that became permanent, Conditional Access policies nobody dares to touch. The tenant drifts — and the platform keeps changing underneath it.
Not a one-time hardening project. A continuous service that keeps the tenant secure as your organization changes.
Policies designed, tested in report-only mode, deployed, documented and reviewed on a schedule — not set once and feared forever.
Standing admin rights eliminated. Role activations with justification, approval flows where they matter, and access reviews that actually run.
Risk signals, Identity Protection detections and audit events reviewed as part of the operations rhythm — handled with context, escalated when it's beyond scope.
Enterprise apps and app registrations inventoried, owners assigned, expiring secrets and certificates flagged before they take production down.
Security defaults done properly: authentication methods, legacy auth shutdown, break-glass accounts, admin unit scoping, guest access policy.
Posture, incidents handled, changes made, what's expiring next — written for both your IT lead and your auditor.
A tenant isn't run by reacting to alerts. It's run on a rhythm — and security is woven through all of it, not bolted on top.
A structured review of the tenant: Conditional Access coverage, privileged roles, app credentials, authentication methods, monitoring gaps. You get a written findings report — yours to keep either way.
Findings turned into changes, deployed in controlled stages with report-only validation first. No big-bang lockouts, no broken Monday mornings. Everything documented.
The ongoing service begins: monitoring, triage, change management, governance and reporting. The tenant stays hardened as people, apps and policies change.
Managed services live or die on trust, and trust needs evidence. You see exactly what happens in your identity layer: what was detected, what was changed, what's coming up.
No dashboard you'll never open — reporting that's readable in three minutes, with the detail behind it when you need it.
| Tenant posture score | 87 / 100 (+2) |
| Risky sign-ins (7d) | 3 detected · 0 open |
| Conditional Access changes | 1 — phishing-resistant MFA scoped to finance apps |
| App credentials expiring ≤ 30d | 2 — owners notified |
| PIM activations | 14 · all within policy |
| Break-glass accounts | verified ✓ |
A managed service is only as good as its weakest hour. Ours is built so there isn't one.
Purpose-built monitoring checks the tenant continuously — sign-in risk, connector and data-flow health, credential expiry, policy drift. Detection never depends on someone being at a desk. It runs at 3 AM the same as at 3 PM.
Triage, judgement and change belong to our engineering team — MVP-led, building the tooling this service runs on. Every change is documented, every runbook lives in your environment, and nothing critical lives in anyone's head.
Least privilege, always. Day-to-day work runs under scoped roles activated through PIM with justification — no standing Global Administrator. Every activation is logged in your tenant, visible to you, and shows up in your reporting.
No. A SOC watches alerts across your whole estate in shifts. This is identity operations: the structured daily, weekly and monthly work of running Entra ID well — security included, because a well-operated tenant is a secure tenant. What we bring is the know-how to navigate a platform that changes every month. If you need full SOC coverage, we'll tell you straight.
A project secures the tenant as it exists on delivery day. Six months later you have new apps, new staff, new exceptions — and nobody watching. This service exists for everything that happens after the project would have ended.
Entra ID P1 covers the Conditional Access foundation; P2 (or Microsoft 365 E5) unlocks PIM, Identity Protection and access reviews — the full service. During the assessment we'll tell you exactly what your current licensing supports and whether an upgrade is actually worth it for you.
No. All configuration, runbooks and documentation live in your tenant and your repository — not ours. If you ever take the service in-house or elsewhere, everything needed to run it is already where it belongs.
The assessment takes one to two weeks depending on tenant size. Hardening runs in controlled stages over the following month. Most organizations are in steady-state operations within six weeks of the first call.
Tell us about your tenant and your situation. We'll tell you honestly whether this service fits — and if it doesn't, what to do instead. No deck, no pressure.