Service 3.1: Identity, Endpoint & Workplace
Separate identities cleanly — keep people working through cutover.
We deliver the identity, device and collaboration foundations that make Day-1 real: clean tenant/directory separation, secure access, compliant endpoints, and a workplace experience that keeps users productive—while building a clear, auditable path to TSA exit.
domain expertise
- Day-1 identity & workplace readiness assessment (shared tenants, access sprawl, critical apps)
- Directory / tenant separation or consolidation (target state, sequencing, coexistence)
- IAM foundations (SSO, MFA, conditional access, lifecycle JML, access recertification)
- Privileged Access Management (PAM) (admin separation, break-glass, vaulting, logging)
- Endpoint strategy & execution (enrolment, compliance baselines, encryption, patching, EDR)
- Workplace cutover (email, collaboration, file sharing, calendaring, telephony where needed)
- App access & packaging (SaaS onboarding, VDI/app streaming if required, legacy access paths)
- Security + compliance embedded (audit trails, DLP alignment, device posture, policy enforcement)
- Hypercare for users (floor-walking model, service desk surge, comms, adoption + training)
Support — standards, assurance & partners
- Identity platforms aligned to your environment (Azure AD/Entra, Okta or equivalent)
- Endpoint management (Intune/Endpoint Manager or equivalent) + standardised device baselines
- Collaboration / productivity suites (Microsoft 365 / Google Workspace as applicable)
- Workplace security controls (EDR, MDM, compliance policies, DLP coordination with Security)
- Cutover governance (readiness gates, comms plans, rollback paths, command centre cadence)