PCI Compliance

Case Study: Achieving PCI Compliance in the Cloud

October 01, 20252 min read

Industry: Insurance

Company Size: Mid-sized subsidiary of a large national insurance group

Location: Omaha, NE

Operations: Primarily operates on-premises with Active Directory servers

Overview

A mid-sized insurance company in Omaha, NE, operating as part of a large national group, faced two pressing challenges: passing a PCI compliance audit and strengthening its Microsoft 365 security posture. Partnering with Lumis IT, the company implemented targeted security controls and hybrid integration with Entra ID Connect. The result? A successful PCI audit, a Microsoft Secure Score above 85%, and a more confident, capable internal IT team.

Challenges:

The client was preparing for a PCI compliance audit while rapidly expanding Microsoft 365 adoption. Their largely on-premises Active Directory setup lacked some of the advanced protections required by PCI standards.

Gaps included:

  • Weak identity protection controls

  • Limited email security

  • Absence of Data Loss Prevention (DLP) measures

Without upgrades, the company risked failing its audit—potentially facing fines, operational disruption, and reputational damage.

The Lumis IT Solution

Lumis IT designed and executed a security enhancement program focused on Microsoft 365 and PCI compliance. Our goal: strengthen controls without disrupting daily operations.

Key Measures Implemented:

  • Conditional Access Policies: Restricting access by device compliance, location, and risk signals.

  • Multi-Factor Authentication (MFA): Enforced organization-wide to eliminate credential theft.

  • Data Loss Prevention (DLP) Policies: Preventing accidental or malicious sharing of sensitive data.

  • Email Encryption: Protecting customer and company communications.

  • Audit Logging & Monitoring: Capturing activities for compliance reporting.

To ensure seamless integration, Lumis IT implemented a hybrid identity model with Entra ID Connect, bridging on-premises Active Directory with Microsoft 365 cloud security features.

Results

The initiative delivered measurable outcomes:

  • PCI Audit Success: Passed on the first attempt with all compliance requirements met.

  • 100% MFA Adoption: Reducing risk of credential-based cyberattacks.

  • Microsoft Secure Score >85%: Surpassing industry averages for insurance firms.

  • Empowered IT Team: Internal staff trained and confident in managing hybrid AD and Intune.

By aligning Microsoft 365 with PCI standards, Lumis IT not only helped this insurer achieve compliance but also strengthened its long-term security posture. The project highlights the power of targeted security enhancements, hybrid integration, and close collaboration with client IT teams.

For regulated industries like insurance, Lumis IT’s approach ensures compliance readiness while building a sustainable, future-proof security framework.

Back to Blog