top of page

Technical Roadmap

This document describes the process for upgrading from Legacy to Modern.



  1. Tech Lead identified.

  2. Zoho Vault for secrets management.

  3. Security domains identified and stored with AWS.

  4. All administration to be authenticated via FIDO2 + biometric or pin.

  5. All in-scope devices identified for the organisation.

  6. All in-scope devices brought under Endpoint Management.

  7. Compliance Policy defined and applied to each device.

  8. Configuration Policies defined to enforce compliance.

  9. Users identified and MFA enabled.

  10. Access to devices via Windows Hello for Business (biometric or pin).

  11. Known Folder Move to OneDrive.

  12. Shared data identified and moved to SharePoint Document Libraries.

  13. Decomission on-premise AD (where possible).

  14. Cyber Essentials certification.

Continued support for legacy services

Where it is not possible to remove legacy services:

  1. Perimeter 81 installed and configured to provide network direct line of sight.

  2. Legacy services moved to data centre (where bandwidth requirements allow).

Enhanced Security

For organisations with enhanced security requirements:

  1. Data Protection Officer identified.

  2. Data identified and classified.

  3. Staff to authenticate using FIDO2 key + biometric or pin on any device processing classified data.

  4. Perimeter 81 installed and configured and all traffic routed through Perimeter 81 firewall.

  5. Azure Analytics Workspace configured and receiving device telemetry.

  6. Data Loss Prevention applied to classified data.

  7. Mimecast email gateway installed and Litigation Hold applied to email.

  8. Defender for Endpoint deployed for threat analysis.

  9. MiFID II call recording enabled.

  10. Organisation specific configuration stored in GitHub with SSO.

bottom of page