A service by LUMRA

PIANOLA, self-playing security for your Microsoft 365.

PIANOLA makes Microsoft 365 security easy to grasp and act on. Leadership, IT and any IT partner see the same picture of how your environment is doing, what has happened, and what to prioritise first. Once you approve, PIANOLA carries out the change for you. Once you've confirmed the change behaves as expected, you make it permanent.

About LUMRA Book a walkthrough

Built and operated by LUMRA, a Swedish IT security company specialising in Microsoft 365 for small and medium-sized businesses.

NIS2 from 2026, your biggest driver right now

The new cybersecurity law raises the bar for your Microsoft 365 environment

The ten areas the directive requires, what PIANOLA handles for you continuously, and what remains the leadership's responsibility. Clear, honest, and straight to the point.

Read our NIS2 walkthrough

The status view, in two seconds

A glimpse of what leadership sees in the report. Together, the three panels give a quick read on how the environment is doing. The depth is there when you need it.

Open findings

What needs attention right now

Findings are prioritised by severity, from critical risks down to lower-priority observations.

0

Critical

2

High

8

Medium

15

Low

Top actions

What to take on first

With reasoning, expected impact, and a suggested owner.

1 Restrict external sharing
2 Disable legacy auth protocols
3 Revoke risky app consents

Status by area

Where the focus is right now

Security posture per area. Green = under control, yellow or red = needs attention.

Identity and MFA OK
Email and forwarding 2 to review
Sharing in SharePoint OK
Apps and OAuth consents 1 priority
Endpoint and Defender OK

What makes the difference

Four principles that shape how PIANOLA is built and how the service is delivered.

Decisions, not alerts

Every finding becomes a concrete decision, with reasoning, consequence, and a clear suggestion for how to resolve it. You choose whether to act yourselves, let PIANOLA handle it, or hold off intentionally.

Apply on your own terms

Once you approve, PIANOLA applies the change in a controlled way. Once you've confirmed the change behaves as expected, you make it permanent. Everything is documented before, during, and after.

The history is the proof

Every decision and action is timestamped to the second. The export is formatted for board minutes, insurance questions, and auditors who want it in black and white.

Least privilege by default

No global admin credentials are shared. Once you've approved PIANOLA once, the service works with exactly the permissions each action requires, nothing more. Access can be revoked in one click.

A typical sequence

This is a blind spot most teams miss. PIANOLA catches it automatically, no one has to go in and check by hand.

03:17
Scan finds an admin account excluded from the MFA policy Of the five admin accounts in the environment, four are covered by the Conditional Access policy for MFA. The fifth is listed as an exclusion, is not documented as break-the-glass, and also lacks a phishing-resistant authentication method (FIDO2 or passkey).
03:17
PIANOLA classifies the risk High. A single compromised exclusion at admin level is enough for a full tenant takeover. Leadership often assumes "everyone has MFA" because Security Defaults or CA is on, but exclusions and legacy auth methods don't surface without active review.
03:18
PIANOLA proposes an action Document the account as a verified break-the-glass or include it in the CA policy for admin roles. Raise the bar to phishing-resistant MFA. A snapshot of the current policy is saved beforehand. Once you've confirmed the change behaves as expected, you make it permanent.
07:42
Approved by operator The decision was approved from a mobile.
07:42
Applied and verified The policy now covers every admin account and requires a phishing-resistant authentication method. PIANOLA verifies via Microsoft Graph and confirms that no admin account is left without strong protection. The evidence is saved for the auditor and insurance.
After
Once you've confirmed the change behaves as expected, you make it permanent You decide when the action becomes permanent. Everything stays in the history either way.

What's at stake

The sequence above avoids this kind of cost

Three figures that put PIANOLA's preventive work in financial perspective. The full analysis is in the monthly report, mapped to your environment.

Typical cost range for a cyber incident

€0.45M-€2.65M

Truesec Threat Intelligence and Länsförsäkringar cyber incident study for Nordic SMBs, 2024-25

NIS2 sanction ceiling for non-compliance

1.4% of revenue

NIS2 directive, article 34

Avoided consultancy fees for NIS2 documentation

€2.7K-€7K / year

Market average 2026

An ongoing PIANOLA subscription is a negligible operating cost compared to the typical cost range of a cyber incident in the same segment.

Sources: IBM Cost of a Data Breach Report 2024 (global average 4.88 MUSD, 3.31 MUSD for organisations under 500 employees), Sophos State of Ransomware 2024, FBI IC3 Internet Crime Report 2023, and Truesec Threat Intelligence.

What the threat actually looks like

Microsoft 365 is attacked differently from on-prem servers

Because your data is already replicated in the cloud, classic file encryption is uncommon. The damage comes instead from extortion, leaked data, broken customer trust, and lost brand value, often without a single file being deleted.

Business Email Compromise

An attacker hijacks an ongoing email thread and redirects a payment. The direct cost is low compared to the damage to customer and supplier trust once it surfaces.

Source: FBI IC3 Internet Crime Report 2023 (21,489 BEC reports, ~2.9 billion USD in losses).

Tenant takeover and extortion

Stolen credentials or social engineering of the helpdesk give the attacker access to the entire environment. Your data is held for ransom under the threat of public leaks. The real cost shows up in negotiation, legal counsel, communications, and lost business.

Source: MGM Resorts SEC 8-K filing September 2023 (Scattered Spider, social engineering of the helpdesk).

Data exfiltration via OAuth or Graph

Files from SharePoint and OneDrive are exfiltrated via legitimate API calls, often without leaving a visible trace. By the time the leak is reported, the damage to the brand is already done.

Source: Cyber Safety Review Board Report April 2024 on Storm-0558 (the incident was described as "preventable").

When does what fit?

PIANOLA brings order to your Microsoft 365 security posture before something happens. Microsoft Security Copilot is the AI assistant for analysis and investigation after an incident.

PIANOLA

  • Before an incident
  • Structure and prioritisation
  • Quick to roll out
  • Built for Swedish small and medium-sized businesses

Security Copilot

  • After an incident
  • Analysis and investigation
  • Requires licensing and a certain maturity
  • Built for more advanced environments

Most small and medium-sized businesses benefit from getting structure, prioritisation, and control in place first. That's where PIANOLA fits best. When the need for deep analysis grows, Security Copilot becomes a natural complement.

About the company

LUMRA is the company behind PIANOLA

LUMRA is a Swedish IT security company that builds PIANOLA. We specialise in Microsoft 365 security and serve small and medium-sized Swedish businesses and their IT partners.

Instead of one-off reports that go stale the day they're filed, we keep the conversation flowing year-round between leadership, IT, and your partner. PIANOLA is how we put that into practice: regular reports, a clear status view, and actions the service can apply directly or hand back to you.

  • CompanyLUMRA
  • ServicePIANOLA
  • FocusMicrosoft 365 security
  • AudienceSwedish small and medium-sized businesses
  • Contacthej@lumrait.se
The company lumrait.se About LUMRA, the incident calculator, contact, and how to book a call. Existing customer Sign in to PIANOLA For customers who want to see the status of their own Microsoft 365 environment.