Zero Trust Remediation Planner

Answer the same questions as the Zero Trust Scorecard and get a prioritised remediation runbook — with step-by-step instructions, admin portal links, and effort estimates for every gap identified.

Identity & MFA

How identities are secured and whether MFA can withstand modern phishing attacks.

How many Global Admin accounts exist?

Are admin accounts separated from standard user accounts?

What type of MFA is enforced for admin accounts?

Phish-resistant = FIDO2 keys, WHfB, passkeys, CBA. Standard = push, OTP, SMS, phone call.

What type of MFA is enforced for standard user accounts?

MFA registration coverage across enabled accounts?

Conditional Access

Policies that govern how and when access is granted.

Is Conditional Access used?

Is legacy authentication blocked?

Are admin portals restricted?

Risk-based Conditional Access policies?

Device compliance required for access?

Session controls configured?

Privileged Access

How privileged roles are managed, scoped, and reviewed.

Is PIM (Privileged Identity Management) used?

Regular access reviews in place?

Break-glass accounts documented and tested?

Scoped admin roles used instead of Global Admin?

Device & Endpoint

Device identity, management, and access restrictions.

Devices required to be Entra ID joined?

MDM (Intune) enforced?

Unmanaged devices restricted?

Data Protection

Classification, labelling, and data loss prevention.

Sensitivity labels in use?

DLP policies configured?