Security Baselines
Choose the right security baseline for your organization. Each level builds on the previous, adding more controls and stricter enforcement.
Recommended Secure
Most organizations. Ideal starting point.
Protects against common attacks without disrupting daily work. Blocks credential theft, legacy vulnerabilities, and unauthorized access.
- Stops common identity attacks
- Aligns with CIS and Microsoft defaults
- Avoids lockouts
- Builds trust in TrueConfig recommendations
Enhanced Security
Security-conscious teams ready for just-in-time access.
Adds time-limited admin access and advanced threat detection. Admins activate permissions only when needed, reducing your attack window.
- Everything in Level 1
- PIM required for privileged roles
- Phishing-resistant MFA for admins
- Device compliance requirements
Maximum Security
Regulated industries, government, or high-risk targets.
Hardware-backed authentication, real-time threat containment, and continuous monitoring. Designed for zero-tolerance security requirements.
- Everything in Level 2
- Phishing-resistant MFA for all users
- Hardware security key requirements for admins
- Full just-in-time access for all privileged roles
Quick Comparison
| Feature | Level 1 | Level 2 | Level 3 |
|---|---|---|---|
| Enforcement Mode | Advisory | Auto-Remediate | Strict |
| PIM Required | - | ||
| Phishing-Resistant MFA | - | Admins Only | All Users |
| Device Compliance | - | Admins Only | All Access |
| License Required | Free | P1/P2 | P2 |
Not sure which baseline to choose?
Start with Level 1 (Recommended Secure) and let TrueConfig guide you. You can always upgrade to a higher level as your security program matures.