# How to claim a free identity check via CrowdStrike > A free CrowdStrike Falcon Identity Protection trial that shows your exposed, stale, and over-privileged accounts before you commit to anything. Source: https://fmcybersecurity.com/en/insights/identity/how-to-claim-a-free-crowdstrike-identity-check/ Locale: English Other locale: https://fmcybersecurity.com/insights/identity/gratis-identitetssjekk-via-crowdstrike/ ## Metadata - Date: 2026-05-28 - Author: kenny-le - Topic: identity - Format: guide - Partner: crowdstrike Here is how to get a free identity check on your accounts using [CrowdStrike Falcon Identity Protection](https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/identity-protection/), with FM CyberSecurity setting it up on a trial tenant so you spend zero on the eval. FM CyberSecurity is a certified CrowdStrike partner. That means we can spin up a free trial of Falcon Identity Protection, or any other Falcon module, on a trial tenant for you, run the check against your accounts, and hand you a written summary at the end. You get hands-on time in the console. You do not sign anything to find out what it sees. If you want the wider picture first, read [what CrowdStrike Falcon is, the platform behind modern MDR](/en/insights/endpoint/what-crowdstrike-falcon-is-the-platform-behind-modern-mdr/). These steps assume you run Active Directory, Entra ID, or both. The check works on either. ![CrowdStrike logo and Free Identity Check, FM CyberSecurity](../../../assets/news/how-to-claim-a-free-crowdstrike-identity-check-inline.png) ## What the free identity check covers The check shows you which accounts an attacker would target first, before you have spent a krone. Falcon Identity Protection reads your Active Directory and Entra ID and surfaces the risky accounts: stale accounts nobody uses, over-privileged accounts with more rights than the job needs, service accounts with weak or old credentials, and accounts that show signs of compromise. CrowdStrike also flags lateral-movement risk, the paths an attacker uses to spread from one account to the next ([Falcon Identity Protection](https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/identity-protection/)). Be clear on the scope. This is identity visibility and risk detection, not a password vault or a privileged-access tool. It tells you where the holes are. It does not plug them. ## Step 1, tell FM CyberSecurity which directory you run Send us one line: Active Directory, Entra ID, or both, and roughly how many user accounts. That tells us how to size the trial tenant and what to look for. A 60-person firm with one Active Directory domain is a different read from a firm that moved to Entra ID two years ago. We do not need credentials at this stage. We need the shape of your identity setup. ## Step 2, FM CyberSecurity spins up the trial tenant We open a free Falcon trial tenant and prepare the Identity Protection module so it is ready before you connect anything. This is the part the certified-partner status buys you. We handle the tenant setup and the module configuration, so you are not learning the console from a blank screen. The trial runs on a time limit set by CrowdStrike, so we agree a start date that fits your week rather than burning trial days on scheduling. ## Step 3, connect the sensor to your directory Install the lightweight connector on a domain controller, or authorize the Entra ID read, and let it collect. For Active Directory this is one small program on a domain controller that reads identity activity. For Entra ID it is a read authorization in your tenant. FM CyberSecurity walks you through this on a screen-share. It is read-first: the check observes your accounts, it does not change them. Give it a few days to build a real picture rather than a snapshot. ## Step 4, sit in the console with us Open the console and we walk the findings together, account by account. This is the hands-on part. You see your own accounts ranked by risk, not a demo dataset. We show you the stale accounts, the over-privileged ones, the weak service-account credentials, and any login patterns that look like a stolen password rather than a real user. You drive, we point. The goal is that you can read the console yourself by the end of the session. ## Step 5, get the written summary We send you a short written summary of what the check found and what to fix first. The summary names the highest-risk accounts, groups them by type of problem, and orders them by what an attacker would reach for first. It is plain language, sized for an IT lead to act on or hand to a director. No tool lock-in is implied. The summary is yours whether or not you go further with CrowdStrike or FM CyberSecurity. ## What you do versus what FM CyberSecurity does You provide directory access and an hour of your time. FM CyberSecurity does the setup, the configuration, and the read. FM CyberSecurity handles the trial tenant, the module setup, the connector guidance, and the written summary. You point us at your directory and join the console session. If you decide to move from the trial to a running deployment, FM CyberSecurity does the onboarding and tuning, and CrowdStrike's [Falcon Complete Next-Gen MDR](/en/services/detection-response/) team runs the 24/7 monitoring. We do not staff that overnight bridge ourselves. The free check sits before all of that, with no commitment attached. The reach here is any Falcon module, not only identity. If endpoint or AI traffic is the worry that keeps you up, we can run the same free-trial approach on those modules instead. The identity check is the one most Norwegian SMBs ask for first, because stolen logins are how most attacks start. ## Next action Send Kenny a message with your directory type and account count, and he will set up a trial tenant for your free identity check. See [FM CyberSecurity's detection and response service](/en/services/detection-response/) for how we run onboarding and tuning if you take it further. ## FAQ ### Is the identity check really free? Yes. The Falcon trial tenant is free, and FM CyberSecurity sets it up and runs the check as part of getting to know your stack. You get the console time and the written summary at no cost. There is no obligation to buy anything afterward. ### Do you need our admin passwords? No. The check uses a read connector on a domain controller, or a read authorization in Entra ID. FM CyberSecurity walks you through granting that access yourself on a screen-share. We never ask you to hand over admin passwords. ### How long does the trial run? CrowdStrike sets the trial length, so we agree a start date and run the collection over a few days inside that window. A few days gives a more honest picture than a one-hour snapshot, because it captures real login patterns. ### Can you check more than identity? Yes. FM CyberSecurity is a certified CrowdStrike partner and can spin up a free trial of any Falcon module, including endpoint and AI-traffic detection. The identity check is the most-requested starting point, but the same trial approach covers the rest of the platform. ### What do we get to keep? You keep the written summary of what the check found and what to fix first. That document is yours regardless of whether you continue with CrowdStrike or FM CyberSecurity. The trial tenant itself closes at the end of the trial window. --- For the full documentation index, see https://fmcybersecurity.com/llms.txt For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt