Microsoft Entra ID (Azure AD) consulting for Swiss enterprises: Conditional Access, MFA, PIM, Identity Governance and Zero Trust. CNEXT – Entra ID specialist from Bern.
CNEXT implements Microsoft Entra ID (formerly Azure Active Directory) as the identity foundation for Swiss organisations – Conditional Access policies, MFA rollout, Privileged Identity Management (PIM), Identity Governance (access reviews, lifecycle) and hybrid AD synchronisation.
Entra ID P1/P2 implementation, FADP-compliant. Microsoft 365 Security overview | Security resources | Free identity assessment →
Microsoft Entra ID is Microsoft's cloud identity and access management platform – the authentication and authorisation layer for Microsoft 365, Azure and thousands of third-party apps. It is the foundation of Zero Trust security: controlling who can access what, based on identity, device health, location and risk signals.
CNEXT Entra ID services: Entra ID P1/P2 setup and migration from on-premises AD, Conditional Access policy design, MFA rollout (Authenticator app, FIDO2, SMS), Privileged Identity Management (PIM) for admin accounts, Identity Governance (access reviews, lifecycle workflows), B2B/B2C guest access management and hybrid identity (AD Connect).
Conditional Access is an Entra ID policy engine that grants/blocks access based on conditions: user identity, device compliance (Intune), location (IP/country), application risk and sign-in risk (AI-based). Example: 'Require MFA for all cloud apps when signing in from outside Switzerland.' CNEXT designs the full Conditional Access policy set for Swiss clients.
CNEXT's MFA rollout: (1) Identify service accounts and shared accounts that need exceptions. (2) Design Conditional Access policies (MFA requirements per app and risk level). (3) Communicate to end users (email template, FAQ, support info). (4) Pilot with IT team, then waves of users. (5) Monitor and tune. Typically 4–6 weeks for 100–500 users.
PIM provides just-in-time (JIT) privileged access: admins request elevated permissions for a time-limited window, requiring approval and MFA. This drastically reduces the attack surface from standing admin accounts. CNEXT implements PIM for Global Admin, SharePoint Admin, Exchange Admin and Azure subscription roles.
Entra ID Identity Governance manages identity lifecycle at scale: Access Reviews (regular audits of who has access to what), Entitlement Management (access packages for projects/teams), Lifecycle Workflows (automated on/offboarding) and Privileged Identity Management. CNEXT implements Identity Governance for organisations with 200+ users.
CNEXT uses Entra Connect (formerly AD Connect) for hybrid identity: passwords and group memberships sync from on-premises AD to Entra ID. For pure cloud migration, CNEXT migrates users, groups, app registrations and security policies to Entra ID only, then decommissions on-premises AD. Timeline: 4–12 weeks.
SSPR lets users reset their own Entra ID passwords without calling the helpdesk – via authenticator app, mobile number or security questions. CNEXT enables SSPR for all users by default, reducing helpdesk password reset tickets by 40–60% in our clients' environments.
Entra ID Protection uses AI to detect sign-in anomalies (impossible travel, anonymous IP, leaked credentials) and can automatically block or require MFA for risky sign-ins. CNEXT configures Identity Protection risk policies, integrates alerts with Microsoft Sentinel and builds incident response playbooks for account compromise.
Yes. Entra ID External Identities covers B2B (guest access for partners, suppliers, board members) and B2C (customer-facing identity for portals). CNEXT configures B2B cross-tenant access, guest lifecycle policies, branded sign-in experiences and MFA requirements for external users – FADP-compliant.