Capabilities Accreditation M365 E7 Partnering About Engage
Northforge / Capabilities
What we deliver

From SECRET on-prem
to sovereign cloud —
the full spectrum.

Northforge's capability spans the complete lifecycle of secure Defence digital environments — grounded in real classified-environment experience and delivered through deep Microsoft platform specialisation.

Core capabilities
full lifecycle
On-premises & classified environment capability
Before cloud, there was classified. Northforge's team has delivered SECRET-level on-premises Defence environments — air-gapped networks, hardened infrastructure, mission-critical systems operating under the most demanding security requirements in Australia. This experience is the foundation of everything we do in cloud — and it's what sets us apart from vendors who have only ever worked at PROTECTED.
Secure cloud platforms
Landing zones · Sovereign hosting
Design and build of ISM-aligned cloud landing zones on Azure. Includes network segmentation, hub-spoke architectures, identity-first security models, private endpoints and workload isolation — suited to PROTECTED and mission-critical systems.
AzureISMPROTECTEDLanding zoneSovereign
Identity & access management
Zero trust · Privileged access
End-to-end identity architecture using Entra ID, Conditional Access and Privileged Identity Management. Zero-trust principles with MFA, device compliance and role-based access controls — the same identity discipline we apply at SECRET, delivered in cloud.
Entra IDZero trustPIMMFAEssential 8
Endpoint security
Intune · Defender · Hardening
Device management and hardening using Intune and Defender for Endpoint. Configuration baselines aligned to ACSC hardening guides. Automated compliance enforcement and threat detection — on managed endpoints and in distributed mission environments.
IntuneDefenderACSCHardeningMDM
Secure collaboration
M365 · Teams · SharePoint · Copilot
Microsoft 365 environments configured for classified workloads — sensitivity labels, DLP, Teams governance and SharePoint architecture. Includes Copilot for M365 deployment within sovereign data boundaries and ISM-aligned governance controls.
M365TeamsSharePointPurviewCopilot
Governance & risk
Frameworks · Policies · Uplift
Security governance frameworks, policy uplift and risk management programmes tailored to ISM, PSPF and DSPF obligations. Includes third-party risk management, ongoing assurance reporting and security posture monitoring for operational environments.
ISMPSPFDSPFRiskAssurance
IRAP assessment support
Preparation · Artefacts · Remediation
End-to-end IRAP preparation — control evidence packages, SSPS, SRA, risk register and SoA produced concurrently with design. Pre-assessment gap analysis, post-assessment remediation and re-submission support. Accreditation built in, not bolted on.
IRAPSSPSSRAGap analysisRemediation
Microsoft platform expertise
deep specialisation
Northforge specialises in the full Microsoft security and productivity stack for Defence and regulated environments — including Copilot for M365, deployed within sovereign data boundaries and ISM-aligned governance controls. Our Microsoft expertise is backed by real classified-environment experience that informs every configuration decision we make.
Azure Microsoft 365 Entra ID Intune Defender for Endpoint Teams SharePoint Purview Copilot for M365 Sentinel Defender XDR
How capabilities are delivered
engagement models
01
Programme embedding
Northforge architects and engineers embedded within existing Defence programme teams — delivering alongside, not separately. Including within prime contractor led consortia.
02
Standalone delivery
Northforge leads end-to-end capability delivery from assess through to operate — scoped, owned and delivered by our sovereign Australian team.
03
Advisory & uplift
Targeted engagements — architecture reviews, accreditation preparation, governance uplift, on-prem to cloud transition planning.

Need a specific capability scoped?

Engage Northforge to scope your programme requirements.

Start a conversation →