The Challenge Password‑only security wasn’t keeping up with modern threats. Phishing and credential stuffing were driving repeated incidents. Key Pain Points: Weak authentication and password reuse No insight into risky sign‑ins or legacy auth Remote/multi‑device access without policy controls Exposure to phishing and credential attacks The Solution In this example, the organization adopted a pragmatic Zero Trust approach centered on identity and access controls. Approach: 1. Enforce MFA Conditional Access required MFA; break‑glass accounts documented. 2. Block Legacy Auth Disabled basic/legacy protocols to close easy attack paths. 3. Geo & Risk Controls Restricted high‑risk geographies; added risk‑based policies. 4. Security Awareness Short training to spot and report phishing quickly. Technologies Involved: Microsoft 365 Entra ID Conditional Access Identity Protection MFA Defender for Office 365 The Implementation Week 1 Assessment & Pilot Mapped sign‑in patterns; tested policies with a pilot group. Week 2 Org‑wide Rollout Enabled report‑only, then enforced gradually. Stabilization Monitored signals; tuned exceptions; documented access. The Results Identity controls reduced successful attacks and improved leadership visibility. Account Security Compromise prevented MFA enforced Legacy auth blocked Risky sign‑ins challenged Operational Impact Fewer incidents Reduced phishing fallout Faster response with clear signals Governance Better visibility Auditable access trail Policy‑based access Fewer exceptions Key Takeaways Identity is the perimeter Protect accounts first—network is wherever your people are. Policies before perimeter Conditional Access defines who/where/how. Train the humans People are part of the control plane. Keep it practical. This page summarizes a real‑world industry example (not a Veloxant client) to illustrate what’s possible and how we approach similar projects.