
Case Study: Achieving PCI Compliance in the Cloud
Industry: Insurance
Company Size: Mid-sized subsidiary of a large national insurance group
Location: Omaha, NE
Operations: Primarily operates on-premises with Active Directory servers
Overview
A mid-sized insurance company in Omaha, NE, operating as part of a large national group, faced two pressing challenges: passing a PCI compliance audit and strengthening its Microsoft 365 security posture. Partnering with Lumis IT, the company implemented targeted security controls and hybrid integration with Entra ID Connect. The result? A successful PCI audit, a Microsoft Secure Score above 85%, and a more confident, capable internal IT team.
Challenges:
The client was preparing for a PCI compliance audit while rapidly expanding Microsoft 365 adoption. Their largely on-premises Active Directory setup lacked some of the advanced protections required by PCI standards.
Gaps included:
Weak identity protection controls
Limited email security
Absence of Data Loss Prevention (DLP) measures
Without upgrades, the company risked failing its audit—potentially facing fines, operational disruption, and reputational damage.
The Lumis IT Solution
Lumis IT designed and executed a security enhancement program focused on Microsoft 365 and PCI compliance. Our goal: strengthen controls without disrupting daily operations.
Key Measures Implemented:
Conditional Access Policies: Restricting access by device compliance, location, and risk signals.
Multi-Factor Authentication (MFA): Enforced organization-wide to eliminate credential theft.
Data Loss Prevention (DLP) Policies: Preventing accidental or malicious sharing of sensitive data.
Email Encryption: Protecting customer and company communications.
Audit Logging & Monitoring: Capturing activities for compliance reporting.
To ensure seamless integration, Lumis IT implemented a hybrid identity model with Entra ID Connect, bridging on-premises Active Directory with Microsoft 365 cloud security features.
Results
The initiative delivered measurable outcomes:
PCI Audit Success: Passed on the first attempt with all compliance requirements met.
100% MFA Adoption: Reducing risk of credential-based cyberattacks.
Microsoft Secure Score >85%: Surpassing industry averages for insurance firms.
Empowered IT Team: Internal staff trained and confident in managing hybrid AD and Intune.
By aligning Microsoft 365 with PCI standards, Lumis IT not only helped this insurer achieve compliance but also strengthened its long-term security posture. The project highlights the power of targeted security enhancements, hybrid integration, and close collaboration with client IT teams.
For regulated industries like insurance, Lumis IT’s approach ensures compliance readiness while building a sustainable, future-proof security framework.

