internship project

Privilege Management Modernization at Soudal

Evaluated, tested, and deployed a just-in-time privilege elevation solution to replace permanent local admin rights across Soudal's Microsoft Intune-managed endpoint fleet โ€” improving security posture, audit compliance, and operational control.

Soudal NV Logo
24
Tests Executed
100%
Pass Rate
39+
Evidence Screenshots
4
User Groups Defined
the challenge

Permanent admin rights across hundreds of endpoints

Soudal NV's Microsoft Intune-managed devices had accumulated permanent local administrator rights across Engineering, Service Desk, and power user groups โ€” creating an expanding attack surface with no audit trail, no revocation process, and no compliance evidence under ISO 27001 and GDPR.

๐ŸŽฏ

Objective

Replace permanent local admin rights with controlled, temporary, auditable just-in-time elevation workflows.

๐Ÿ”ฌ

Approach

Hands-on lab testing of two candidate tools โ€” Admin By Request and Microsoft EPM โ€” across 24 structured tests.

๐Ÿš€

Outcome

ABR recommended and deployed with phased rollout strategy, tailored access models for 4 user groups, and full audit coverage.

methodology

Three-phase approach

Weeks 1โ€“6 ยท Research & Evaluation

Phase 1: Analysis

  • Deep-dive analysis of Soudal's hybrid identity architecture
  • Hands-on lab testing: 6 ABR tests + 18 EPM tests
  • Feature comparison matrix with weighted scoring
  • Tool recommendation to leadership (March 20, 2026)
Weeks 7โ€“10 ยท Pilot Deployment

Phase 2: Pilot

  • ABR deployed to pilot group (App department)
  • Expanded to 30โ€“50 power users and developers
  • Permission revocation begun
  • User feedback collected and monitored
Weeks 11โ€“13 ยท Full Rollout

Phase 3: Production

  • App-specific elevation rules deployed across all endpoints
  • Remaining legacy admin rights revoked systematically
  • Training materials and documentation delivered
  • Final realization report compiled and archived
technologies

Tech stack

Microsoft Intune Microsoft Entra ID Conditional Access Windows Autopilot Admin By Request Microsoft EPM Intune RBAC PowerShell Windows 11 Pro SIEM Integration
deliverables

Project documentation

Complete set of deliverables produced during the 13-week placement. Click Download on each card to access the file.

๐Ÿ“„

Realization Document

Full thesis โ€” 72 pages covering analysis, testing, comparison, deployment strategy, and stakeholder communication.

Open
๐Ÿ“‹

Project Plan

13-week project plan with phased methodology, success criteria, risk register, and responsibilities.

Open
๐Ÿงช

ABR Testing Report

Complete lab testing documentation for all six Admin By Request tests with evidence.

Open
โš–๏ธ

ABR vs EPM Comparison

Feature comparison and evidence-based recommendation against requirements.

Open
๐Ÿ‘ฅ

Use Case Documentation

Five use cases, four user group mappings, and access model specifications.

Open
supervision

Project team

MZ

Muhammad Zubair

IT Infrastructure Intern

Thomas More ยท Soudal NV

DW

Dries Wuyts

Work Placement Mentor

Soudal NV

EC

Eduard Claessen

Work Placement Mentor

Soudal NV

RV

Rob Verbiest

Work Placement Mentor

Soudal NV

BP

Brent Pulmans

Academic Supervisor

Thomas More