EMSTEEL · Digital Operations Command Centre

Exec View

Uncontained privileged access during an active production incident is a board-level risk.

Three accounts require immediate action. Auto-execute containment is ready — your approval starts the 3-minute resolution sequence.

Last 24h

↓ -4 pts today (score: 76)Security posture

↑ 2 unresolvedHigh-risk signals

↑ +23Entra CA failures

↑ 8 flaggedRisky sign-ins

↑ 2 · 1 unaccountedPrivileged role activations

Security Situation

G10X Intelligence

Current Threat: Privileged sign-in anomaly linked to Plant 2 operations access
Identity Risk: shift.ops.admin@emsteel.example accessed Plant Operations Analytics from Sign-in from Al Ain (expected: Abu Dhabi Industrial City) at 2026-06-25 07:08 GST — no MFA challenge recorded
Privileged Access: Two PIM elevations to 'Azure IoT Hub Contributor' in the last 24 hours. One matches incident response activity by Platform Engineering. The second (svc.eng.platform.07) has no associated ticket or change reference — flagged for immediate review.
Business Impact: Uncontained privileged access during active Plant 2 incident · potential for broader system compromise if unresolved
Recommended Action: Revoke active sessions for shift.ops.admin + force MFA re-verification (auto-execute ready) · investigate unaccounted privileged activation for svc.eng.platform.07
Containment Estimate: 3 minutes (automated session revoke) · 20 minutes (investigation + policy review)

SEC-EMST-2026-0625-014·Microsoft Entra ID + Microsoft Defender for Cloud·Linked: INC-EMST-2026-0625-PLANT2

Auto-Executing — Security Containment & Identity Hardening

Fully AutonomousView in RefleX →

Security Posture

76/ 100

-4 pts today · trending down

MFA Compliance

91%

9 accounts exempt

High-Risk Signals

open · requires review

Privileged Accounts

under active monitoring

Privileged Access Alert

2 privileged role activations in 24h · 1 unaccounted for · svc.eng.platform.07@emsteel.example

Identity Risk Signals

5 unresolved · sorted by business risk · click to expand evidence

Production System Exposure

OT and production systems with elevated access exposure

Plant Operations Analytics

Privileged admin account accessed from non-standard location during active incident

high

SCADA Console — Plant 2 (Rolling Line 2)

Shared service account still used for OT segment access; no managed identity in place

medium

Hot Strip Mill MES — Production Reporting

All access MFA-protected; last quarterly review 11 days ago — within SLA

low

Quality Inspection Portal

3 dormant accounts with active read permissions — scheduled for deprovisioning

medium

Energy Management System — EMC-P2-11

API key rotation overdue by 12 days

low

Answers:If these identity risks go unaddressed, what happens to our exposure score and compliance posture?

Security Risk Forecast·82% confidence

Historical

Recovery forecast

Cost of inaction

Current State

Identity risk score 74/100 — elevated from 3 uncontained signals

Projected Risk

Score reaches critical (85+) within 48h if signals are not contained

Cost of Inaction

AED 340Kper breach eventstep-up risk

Recovery Forecast

Score falls to 38 (low) within 4 hours after containment actions

Containment Actions

Ordered by severity · auto-execute available for session and policy actions

Revoke active sessions and force MFA re-verification for shift.ops.admin@emsteel.example

Automatable

Open in RefleX

Investigate unaccounted PIM elevation — svc.eng.platform.07@emsteel.example

Manual