We never ask for the passwords to your accounts. All session work is done through screen-share with you driving.
Why we do not collect passwords
- Passwords leak. The fewer hands they pass through, the smaller the attack surface.
- You retain full audit trail of every action — your account logs show you made every change.
- Cyber-insurance requirements often forbid sharing admin credentials with third parties.
Privileged tasks (M365 conditional access, MFA rollout)
For tasks that require admin privileges, the contractor uses a real-time screen-share session. They guide; you click. You approve every change as it happens.
Post-session
If a finding requires verification that the contractor cannot complete during the session (DNS propagation, mailbox rule deletion verification), they document what to check and follow up at the next session.