Our Security Assessment covers a comprehensive review of your Microsoft 365 and Azure environment, including identity configuration, conditional access policies, data protection controls, and compliance posture. You receive a detailed report with prioritised recommendations.
A standard Security Assessment typically takes 2–3 weeks, depending on the size and complexity of your environment. We begin with a kickoff meeting, followed by data collection and analysis, and conclude with a findings presentation.
We provide a pre-engagement checklist covering tenant access, stakeholder contacts, and documentation of your current configuration. Most preparation takes less than a day for your IT team.
Our tiers reflect scope and depth. The foundational tier focuses on quick wins and critical gaps, while premium tiers include ongoing governance support, architecture reviews, and strategic roadmap planning.
Yes. We offer retainer-based advisory packages for continuous improvement, quarterly reviews, and incident response guidance. Many clients choose ongoing support to maintain their security posture over time.
Haggeburger is an independent advisory firm specialising in Microsoft cloud environments. We help organisations strengthen their security, optimise their Microsoft 365 and Azure investments, and navigate regulatory requirements like NIS2.
We work across industries including manufacturing, professional services, healthcare, and public sector. Our expertise in Microsoft environments and regulatory compliance is applicable regardless of sector.
Yes. Our consultants hold current Microsoft certifications across security, compliance, and identity domains. We maintain our certifications through continuous professional development and hands-on project experience.
NIS2 (EU Directive 2022/2555) applies to essential and important entities across 18 sectors, including energy, transport, health, and digital infrastructure. If your organisation operates in the EU and meets the size thresholds, you are likely in scope. We can help you assess your obligations.
NIS2 requires in-scope entities to manage cybersecurity risks in their supply chains. This means your suppliers and service providers may need to demonstrate adequate security measures, even if they are not directly regulated. The cascade effect extends compliance obligations throughout the value chain.
We offer 30-day payment terms for advisory engagements. For larger projects, we can arrange milestone-based billing. All terms are outlined in our engagement agreement before work begins.
Yes, our Security Assessments and defined-scope projects are available at fixed prices. For ongoing advisory or variable-scope work, we offer retainer or time-and-materials arrangements.
Invoices are issued monthly or upon project milestones, depending on the engagement type. We provide detailed time and activity reports with each invoice for full transparency.
We offer a curated selection of security-focused hardware, including hardware security keys, secure networking equipment, and endpoint protection devices. All products are sourced from trusted vendors and tested for enterprise use.
Yes. If you need a specific product that is not in our current catalogue, contact us and we will do our best to source it through our vendor network. Lead times vary depending on availability.