A service from LUMRA · For IT consultants and MSPs

PIANOLA, security you can deliver to your clients from day one.

If you manage Microsoft 365 for clients, there is no easy way to deliver real security. PIANOLA is the tool that lets you offer ongoing security as a service without building your own platform. You get the dashboard, the reports and the action engine. Your clients get peace of mind.

About LUMRA Book a walkthrough

A partner programme is in the works. Reach out if you want to talk white label, volume pricing or co-branding.

Tailored for your industry

Industry perspective

What we see when IT consultants scan their clients

The pattern is the same regardless of industry. Three findings show up in almost every first scan.

Security controls 'on' but not actually working

Conditional Access policies left in report-only. MFA on paper but with exception groups covering half the organisation. You cannot see this without a systematic scan.

Forgotten admin accounts from previous providers

Local administrators left over from a previous IT firm, support accounts from a tool that was decommissioned long ago. PIANOLA flags them for you.

Drift since the last security review

The problem is rarely the original setup, the problem is drift. Settings change quietly, by other consultants, by users, by Microsoft itself.

What PIANOLA gives the consulting business

Recurring revenue per client PIANOLA is subscription based. Every client gives you recurring revenue without you maintaining your own platform.
Ready-made delivery Scan, report, action and follow-up are already built. You add your strategic IT expertise on top.
Co-branding possible Partner mode is being built. White-label reports and volume pricing are coming next.
Fast client onboarding A new client is up and running in 10 minutes. You do not have to schedule one of your engineers.
Start a free scan

Microsoft 365 in reality

You think you have control. But how do you actually know?

Organisations that have hired IT consultants, ticked off Secure Score recommendations and said "Microsoft handles this" usually believe they're secure. PIANOLA is the extra pair of glasses that shows what's actually going on, continuously and not just at audit time.

A scan is a snapshot. A day later, someone has changed a policy, granted a new app or invited a guest, and the picture is already out of date. Documentation that isn't kept up ages just as fast. Security keeps moving, and PIANOLA keeps the picture alive.

What leadership often believes

  • "We've got MFA on"
  • "Microsoft handles cybersecurity"
  • "Our IT consultant has it covered"
  • "We do an audit once a year"

What PIANOLA actually measures

  • MFA is often not even enforced for admins
  • Microsoft ships tools, not configuration
  • The consultant saw the picture in March, not today
  • Drift happens every week, not at audit time
Sample view

Risk index via PIANOLA · 4 environments

Care services, ~80 employees

48

A common pattern in the sector: no enforced MFA policy, external sharing wide open, guests not reviewed in months.

Critical action

Logistics, ~150 employees

64

Even with E5 licensing, PIANOLA can find: MFA not enforced for admins, OAuth consent open to all, weak DMARC policies.

Needs work

Construction, ~50 employees

78

Drift can creep in after a consulting engagement. PIANOLA typically catches new open items around sharing and app consent in the months that follow.

Stable, drift remains

Consulting firm, ~30 employees

86

Continuous work leaves only minor cleanup, typically documentation and quarterly review.

Strong foundation

Risk index 0–100. The colour tells leadership where to look first. The view shows typical patterns across four sectors, not specific customers. PIANOLA is the extra pair of glasses, every week and not just at audit.

What makes us different

Other tools alert. PIANOLA acts.

Most security tools fill the IT inbox with warnings and leave the investigation to you. That is where security work tends to stall, not at detection, but at everything that follows. PIANOLA closes the loop.

The usual path

The alerts are left to you

  • The inbox fills constantly. Warnings from different systems, around the clock.
  • Assessment takes time. Someone has to react, even in the middle of the night.
  • Investigation is manual. Log digging, correlation, situational analysis, all on your own.
  • The team takes the hit. Volume always wins in the end.

The PIANOLA path

Decisions are already made

  • PIANOLA acts on its own. Decisions execute automatically, with a 24-hour window to undo.
  • We measure continuously. Nine security areas in Microsoft 365, all the time.
  • The report arrives in your inbox. A monthly snapshot, not a nightly flood of alerts.
  • You get time to think. Security no longer requires someone to keep watch.

The difference between chasing security and owning it.

The status view, in two seconds

A glimpse of what leadership sees in the report. Together, the three panels give a quick read on how the environment is doing. The depth is there when you need it.

Open findings

What needs attention right now

Findings are prioritised by severity, from critical risks down to lower-priority observations.

0

Critical

2

High

8

Medium

15

Low

Top actions

What to take on first

With reasoning, expected impact, and a suggested owner.

1 Restrict external sharing
2 Disable legacy auth protocols
3 Revoke risky app consents

Status by area

Where the focus is right now

Security posture per area. Green = under control, yellow or red = needs attention.

Identity and MFA OK
Email and forwarding 2 to review
Sharing in SharePoint OK
Apps and OAuth consents 1 priority
Endpoint and Defender OK

One report, four auditors

The same underlying control data, expressed in the language each framework speaks: NIS2 for regulatory compliance, CIS for technical hardening, NIST for risk governance, and ISO for management systems. Whoever asks, you respond from a single report.

EU · Directive

NIS2

10 measures in Article 21.2. Evidence report per measure shows exactly where you stand for the supervisory authority.

Risk management Art. 21.2.a
Access control Art. 21.2.d
MFA and authentication Art. 21.2.j
+ 7 more points Art. 21.2

CIS · Technical

CIS Controls v8

Eight priority control domains mapped. Shows which security baselines you actually meet in Microsoft 365.

Data assets CIS 3
Accounts and privileges CIS 5-6
Email and web CIS 9
+ 5 more domains CIS 4-17

NIST · Strategy

NIST CSF 2.0

Five core functions mapped directly to your Microsoft 365 environment. The language leadership and the board expect.

Govern GV
Identify · Protect ID · PR
Detect · Respond DE · RS
Recover RC

ISO · Management

ISO 27001:2022

Annex A controls mapped per organizational and technical domain. Provides traceability for ISMS audits.

Identity management A.5.16
Access control A.5.15
Secure config A.8.9
+ more Annex A A.8.x

Whether your IT partner, auditor or insurer asks, you respond from the same source. PIANOLA automatically maps 109 security controls on every assessment - no separate investigation needed for each framework.

NIS2 from 2026, your biggest driver right now

The new cybersecurity law raises the bar for your Microsoft 365 environment

The ten areas the directive requires, what PIANOLA handles for you continuously, and what remains the leadership's responsibility. Clear, honest, and straight to the point.

The same underlying data also maps to CIS Controls, NIST CSF and ISO 27001. See the frameworks below.

Read our NIS2 walkthrough

About the company

LUMRA is the company behind PIANOLA

LUMRA is a Swedish IT security company that builds PIANOLA. We specialise in Microsoft 365 security and serve small and medium-sized Swedish businesses and their IT partners.

Instead of one-off reports that go stale the day they're filed, we keep the conversation flowing year-round between leadership, IT, and your partner. PIANOLA is how we put that into practice: regular reports, a clear status view, and actions the service can apply directly or hand back to you.

  • CompanyLUMRA
  • ServicePIANOLA
  • FocusMicrosoft 365 security
  • AudienceSwedish small and medium-sized businesses
  • Contacthej@lumrait.se
The company lumrait.se About LUMRA, the incident calculator, contact, and how to book a call. Existing customer Sign in to PIANOLA For customers who want to see the status of their own Microsoft 365 environment.

PIANOLA maps to

NIS2 (EU 2022/2555) CIS Controls v8 NIST CSF 2.0 ISO 27001:2022