Portfolio Diversified Enterprise Group (Sudan)
Modern Workplace Diversified Conglomerate Sudan

Zero Trust Security Transformation for Sudanese Enterprise

Diversified Enterprise Group (Sudan)

100%
MFA adoption
↑ from 20% at baseline
520
Devices under Defender
Real-time threat visibility
2M+
Events/day in Sentinel
Full SOC visibility
8 wks
Time to full deployment
Zero disruption to operations

The Challenge

A diversified enterprise group with operations across manufacturing, logistics, and financial services came to us following a near-miss security incident. A phishing attack had compromised three employee accounts — and while the breach was contained before serious damage occurred, it exposed just how vulnerable the organisation was.

Their security posture was built on perimeter defences from a decade earlier: a firewall, basic antivirus, and the hope that staff wouldn’t click the wrong link. In a world where the perimeter no longer exists, this wasn’t enough.

Our Approach

We conducted a full security assessment over two weeks — mapping their identity landscape, device estate, data flows, and third-party access patterns. The findings were sobering but not unusual: 73% of users had excessive permissions, MFA was enabled for fewer than 20% of accounts, and there was no visibility into what was happening across the environment.

Our recommendation was a Zero Trust transformation built on the Microsoft security stack — phased over 12 weeks to minimise operational disruption.

What We Built

Identity & Access Management

  • Microsoft Entra ID (Azure AD) as the identity foundation
  • MFA enforced for 100% of users within four weeks
  • Conditional Access policies — blocking access from unmanaged or non-compliant devices
  • Privileged Identity Management — just-in-time access for admin accounts

Endpoint Security

  • Microsoft Defender for Endpoint deployed across 520 devices
  • Intune-managed device compliance policies
  • Automated remediation for common threat scenarios

Threat Detection & Response

  • Microsoft Sentinel SIEM — aggregating signals from identity, endpoints, and network
  • Custom detection rules tuned to the organisation’s environment
  • 24-hour incident response runbooks established and tested

The Outcomes

Eight weeks after engagement start, the organisation had a security posture it could stand behind:

  • 100% MFA adoption across all users (vs 20% at baseline)
  • 520 devices under Defender management with real-time threat visibility
  • Microsoft Sentinel SIEM operational, processing 2M+ events/day
  • MTTR for security incidents reduced from “unknown” to under 4 hours
  • Conditional Access blocking an average of 340 suspicious sign-in attempts per week

The CISO described the engagement as “not just a technical upgrade — it changed how our entire organisation thinks about security.”