A service from LUMRA · For law firms

PIANOLA, privilege protection where it actually lives: your Microsoft 365.

Law firms carry a legal obligation to protect privileged communications. Email, documents and notes all live inside Microsoft 365. PIANOLA finds where privilege actually leaks, fixes it for you, and gives you documentation to share with the bar association, your clients or your insurer.

About LUMRA Book a walkthrough

PIANOLA fits law firms from solo practice up to mid-size offices. Your data stays in your Microsoft 365, we never copy it.

Tailored for your industry

Industry perspective

Three things we often find in law firms

These are common findings when we run a first scan of a law firm Microsoft 365 environment.

Client mail forwarded to personal addresses

A partner who wants to read mail from home sets up forwarding to a personal Gmail account. Privileged communications leave your domain, often without encryption.

Documents shared with anyone-with-the-link

Lawyers and paralegals share documents quickly and pragmatically. The link stays alive forever and can be reused by anyone who has it.

Former staff still hold full access

An associate who left six months ago can still reach client matters. This is not hypothetical, we see it.

Documentation the legal industry actually needs

Code of Judicial Procedure The duty of confidentiality and the bar association guidance. PIANOLA helps you prove you took reasonable steps.
GDPR + Data Protection Act Client data carries elevated protection. Article 32 requires technical safeguards, documented and dated.
Bar association IT guidance We map our actions to the bar association recommendations so you have a concrete reference to point to.
Cyber insurance terms Many firms have clauses requiring active security oversight. The PIANOLA report attaches directly.
Start a free scan

Microsoft 365 in reality

You think you have control. But how do you actually know?

Organisations that have hired IT consultants, ticked off Secure Score recommendations and said "Microsoft handles this" usually believe they're secure. PIANOLA is the extra pair of glasses that shows what's actually going on, continuously and not just at audit time.

A scan is a snapshot. A day later, someone has changed a policy, granted a new app or invited a guest, and the picture is already out of date. Documentation that isn't kept up ages just as fast. Security keeps moving, and PIANOLA keeps the picture alive.

What leadership often believes

  • "We've got MFA on"
  • "Microsoft handles cybersecurity"
  • "Our IT consultant has it covered"
  • "We do an audit once a year"

What PIANOLA actually measures

  • MFA is often not even enforced for admins
  • Microsoft ships tools, not configuration
  • The consultant saw the picture in March, not today
  • Drift happens every week, not at audit time
Sample view

Risk index via PIANOLA · 4 environments

Care services, ~80 employees

48

A common pattern in the sector: no enforced MFA policy, external sharing wide open, guests not reviewed in months.

Critical action

Logistics, ~150 employees

64

Even with E5 licensing, PIANOLA can find: MFA not enforced for admins, OAuth consent open to all, weak DMARC policies.

Needs work

Construction, ~50 employees

78

Drift can creep in after a consulting engagement. PIANOLA typically catches new open items around sharing and app consent in the months that follow.

Stable, drift remains

Consulting firm, ~30 employees

86

Continuous work leaves only minor cleanup, typically documentation and quarterly review.

Strong foundation

Risk index 0–100. The colour tells leadership where to look first. The view shows typical patterns across four sectors, not specific customers. PIANOLA is the extra pair of glasses, every week and not just at audit.

What makes us different

Other tools alert. PIANOLA acts.

Most security tools fill the IT inbox with warnings and leave the investigation to you. That is where security work tends to stall, not at detection, but at everything that follows. PIANOLA closes the loop.

The usual path

The alerts are left to you

  • The inbox fills constantly. Warnings from different systems, around the clock.
  • Assessment takes time. Someone has to react, even in the middle of the night.
  • Investigation is manual. Log digging, correlation, situational analysis, all on your own.
  • The team takes the hit. Volume always wins in the end.

The PIANOLA path

Decisions are already made

  • PIANOLA acts on its own. Decisions execute automatically, with a 24-hour window to undo.
  • We measure continuously. Nine security areas in Microsoft 365, all the time.
  • The report arrives in your inbox. A monthly snapshot, not a nightly flood of alerts.
  • You get time to think. Security no longer requires someone to keep watch.

The difference between chasing security and owning it.

The status view, in two seconds

A glimpse of what leadership sees in the report. Together, the three panels give a quick read on how the environment is doing. The depth is there when you need it.

Open findings

What needs attention right now

Findings are prioritised by severity, from critical risks down to lower-priority observations.

0

Critical

2

High

8

Medium

15

Low

Top actions

What to take on first

With reasoning, expected impact, and a suggested owner.

1 Restrict external sharing
2 Disable legacy auth protocols
3 Revoke risky app consents

Status by area

Where the focus is right now

Security posture per area. Green = under control, yellow or red = needs attention.

Identity and MFA OK
Email and forwarding 2 to review
Sharing in SharePoint OK
Apps and OAuth consents 1 priority
Endpoint and Defender OK

One report, four auditors

The same underlying control data, expressed in the language each framework speaks: NIS2 for regulatory compliance, CIS for technical hardening, NIST for risk governance, and ISO for management systems. Whoever asks, you respond from a single report.

EU · Directive

NIS2

10 measures in Article 21.2. Evidence report per measure shows exactly where you stand for the supervisory authority.

Risk management Art. 21.2.a
Access control Art. 21.2.d
MFA and authentication Art. 21.2.j
+ 7 more points Art. 21.2

CIS · Technical

CIS Controls v8

Eight priority control domains mapped. Shows which security baselines you actually meet in Microsoft 365.

Data assets CIS 3
Accounts and privileges CIS 5-6
Email and web CIS 9
+ 5 more domains CIS 4-17

NIST · Strategy

NIST CSF 2.0

Five core functions mapped directly to your Microsoft 365 environment. The language leadership and the board expect.

Govern GV
Identify · Protect ID · PR
Detect · Respond DE · RS
Recover RC

ISO · Management

ISO 27001:2022

Annex A controls mapped per organizational and technical domain. Provides traceability for ISMS audits.

Identity management A.5.16
Access control A.5.15
Secure config A.8.9
+ more Annex A A.8.x

Whether your IT partner, auditor or insurer asks, you respond from the same source. PIANOLA automatically maps 109 security controls on every assessment - no separate investigation needed for each framework.

NIS2 from 2026, your biggest driver right now

The new cybersecurity law raises the bar for your Microsoft 365 environment

The ten areas the directive requires, what PIANOLA handles for you continuously, and what remains the leadership's responsibility. Clear, honest, and straight to the point.

The same underlying data also maps to CIS Controls, NIST CSF and ISO 27001. See the frameworks below.

Read our NIS2 walkthrough

About the company

LUMRA is the company behind PIANOLA

LUMRA is a Swedish IT security company that builds PIANOLA. We specialise in Microsoft 365 security and serve small and medium-sized Swedish businesses and their IT partners.

Instead of one-off reports that go stale the day they're filed, we keep the conversation flowing year-round between leadership, IT, and your partner. PIANOLA is how we put that into practice: regular reports, a clear status view, and actions the service can apply directly or hand back to you.

  • CompanyLUMRA
  • ServicePIANOLA
  • FocusMicrosoft 365 security
  • AudienceSwedish small and medium-sized businesses
  • Contacthej@lumrait.se
The company lumrait.se About LUMRA, the incident calculator, contact, and how to book a call. Existing customer Sign in to PIANOLA For customers who want to see the status of their own Microsoft 365 environment.

PIANOLA maps to

NIS2 (EU 2022/2555) CIS Controls v8 NIST CSF 2.0 ISO 27001:2022