Curated demo content by default.
The /demo route group is a public demonstration surface. Its stories, report packs, and portal views are intentionally curated unless a live tenant is explicitly selected.
Three months of repeated review showing trend, evidence quality, recurring MSP value, and board-level control movement. This page uses the current webapp surface and report structure with a fictional UK financial-services scenario kept explicit about representative data, P1-only licensing, and what is and is not yet mature.
Detailed technical findings, attack-path evidence, policy violations, and remediation ownership for engineering and identity operations teams.
Report credibility
Every field is shown explicitly. Items not yet provided are labelled (Roadmap, Unavailable, Not applicable, Missing) rather than hidden.
Demo seed — period derived from synthetic profile, not live tenant telemetry
Reference IF-TECH-MRI-MCFS
No prior version to diff — the public demo regenerates deterministically per request.
Named report owner is captured in webapp tenant scope settings — surfaced once a tenant is provisioned.
Engineering remediation runbooks are reviewed at change-management gate, not via report sign-off.
Substantia signed-evidence chain is exercised in the authenticated webapp, not in the public demo route.
This is the concise answer a buyer expects first: what matters most, which exposure to address now, who owns it, and how much exposure the current remediation plan removes.
Dominant finding
One shared emergency administration pattern still remains in operations
CRITICAL severity on Microsoft Entra ID, owned by Security operations.
Evidence posture
0/6
0 evidence bundle records in this pack. Confidence score: 83%.
Ownership gaps
0
6 findings already have explicit remediation owners.
ROI / exposure
4.6x
2 overdue actions and 7 stale privileged accounts remain in scope.
What the buyer should conclude
A technical buyer expects more than a list of findings. They expect to see scope, assessment confidence, ownership, evidence linkage, and a clear path from finding to action. This section makes that framing explicit so the demo behaves more like an assessment artifact and less like a marketing surface.
Assessment scope
11 sources
1,856 canonical identities assessed across 5 represented platforms.
Evidence posture
0/6
0 evidence bundle records in this pack. Confidence score: 83%.
Ownership
0
Ownerless or unassigned findings reduce accountability. 6 findings already show an explicit owner in this report.
Action value
19
2 overdue actions, 7 stale privileged accounts, and ROI framed at 4.6x.
The highest modelled blast radius in this report is 49/100, spanning 61 reachable identities across up to 3 lateral hops. This is the point of the report: not just to list hygiene issues, but to show how one compromised identity can become consequential reach.
What matters first: Every finding shown here already has an explicit owner.
What proves it: 0 of 6 findings currently carry an evidence-bundle reference.
What changes next: 19 remediation actions are tracked, with 2 overdue and an ROI framing of 4.6x.
These findings are rendered from the MRI demo report pack. The structure is real, but this public report should not imply that every finding row, owner, and due date shown here is already coming from live tenant-backed workflow state.
| Medium | ADFS retirement plan is underway, but two line-of-business trusts still remain active |
| Medium | AWS analytics trust path now bounded but not yet fully retired |
| High | Legacy MIM exception still drives a narrow set of inherited on-prem application roles |
| High | Supplier and guest lifecycle remains the main recurring source of residual access drift |
| Critical | One shared emergency administration pattern still remains in operations |
| Low | P1-based Conditional Access now covers most journeys, with a handful of named exceptions |
Joiners Pending Review
6
Movers Pending Review
18
Leavers Still Active
4
Ghost Accounts
10
Hidden privilege, concentration, and standing access are real MRI themes. In this report they are represented through the demo dataset, but the underlying product pattern is anchored to the privilege inference and posture engine design.
Tier-0 Identities
11
Tier-1 Identities
77
Without JIT
10
Stale Privileged
7
88 total privileged identities across all tiers. Tier-0 accounts hold Domain Admin / Global Admin equivalents.
MITRE mapping and threat-language framing are illustrative on this public route. Treat them as representative detection storytelling rather than a claim that every mapped technique here is already verified from live attack telemetry.
Policy and evidence structure mirrors the live product model. Evidence bundle links and captured artifacts in this public report remain illustrative unless the underlying tenant data source is live and explicitly evidenced.
This is no longer a broad control gap. The remaining exceptions are known, justified, and suitable for monthly challenge rather than crisis handling.
Remediation prioritisation is a real product pattern. On this demo route the playbooks, dates, and ownership are curated so the story stays stable, but the intended live experience is to ground these deltas in blast-radius and simulation-backed consequence changes.
| Severity | Finding | Due Date |
|---|---|---|
| Critical | One shared emergency administration pattern still remains in operationsOverdue | 14 Apr 2026 |
| High | Supplier and guest lifecycle remains the main recurring source of residual access driftOverdue | 18 Apr 2026 |
| Medium | AWS analytics trust path now bounded but not yet fully retiredOverdue | 22 Apr 2026 |
| High | Legacy MIM exception still drives a narrow set of inherited on-prem application rolesOverdue | 25 Apr 2026 |
| Medium | ADFS retirement plan is underway, but two line-of-business trusts still remain activeOverdue | 2 May 2026 |
| Low | P1-based Conditional Access now covers most journeys, with a handful of named exceptionsOverdue | 6 May 2026 |
Compliance snapshot
This appendix exposes the raw MRI demo findings behind the technical report. It is intended for engineering review and filtering, but it remains public demo data rather than a guarantee of live workflow parity on every authenticated route.
| ID | Severity | Platform | Title | Detected |
|---|---|---|---|---|
| MCFS-M-001 | Critical | Microsoft Entra ID | One shared emergency administration pattern still remains in operations Most elevated access has been narrowed, but one shared emergency pattern still exists for weekend branch-servicing support and remains the clearest residual control weakness. | 31 Mar 2026 |
| MCFS-M-002 | High | Microsoft 365 | Supplier and guest lifecycle remains the main recurring source of residual access drift The problem is smaller and better evidenced than in January, but it still recurs around supplier onboarding, tender support, and contract closure. | 31 Mar 2026 |
| MCFS-M-003 | High | MIM | Legacy MIM exception still drives a narrow set of inherited on-prem application roles Only a small number of legacy wealth and servicing apps remain dependent on historic MIM logic, but they still require manual oversight. | 31 Mar 2026 |
| MCFS-M-004 | Medium | AWS IAM | AWS analytics trust path now bounded but not yet fully retired The shared engineering role has been narrowed significantly, though a transitional trust still exists while the analytics service boundary is being completed. | 31 Mar 2026 |
| MCFS-M-005 | Medium | ADFS | ADFS retirement plan is underway, but two line-of-business trusts still remain active The federation footprint is materially smaller, though two regulated servicing applications still require ADFS until final retirement work completes. | 31 Mar 2026 |
| MCFS-M-006 | Low | Microsoft Entra ID | P1-based Conditional Access now covers most journeys, with a handful of named exceptions This is no longer a broad control gap. The remaining exceptions are known, justified, and suitable for monthly challenge rather than crisis handling. | 31 Mar 2026 |
Technical Report · Prepared by IdentityFirst Ltd · Prepared for Meridian Crest Financial Services Ltd · Ref IF-TECH-MRI-MCFS · v1.0 · Confidential - Demonstration Use Only · SAMPLE - SYNTHETIC DATA - NOT FOR DISTRIBUTION