Plans & Services

Every layer secured. Every plan evidenced.

From Microsoft 365 to your servers and network perimeter — structured plans per domain, each collecting compliance evidence from day one. Choose your starting point. Build at your pace.

Your Digital Workspace

Microsoft 365 Security Plans

Three plans that build on each other — from email and identity protection to full ISO 27001 certification. Explore the M365 solution →

Secure your front door

Typical delivery: 2-4 weeks

Protection against the most common attack vectors. Email authentication, CIS baselines, and identity controls that stop the majority of threats.

Email authentication locked down (SPF, DKIM, DMARC)
Conditional Access policies for users, admins, and devices
CIS security baselines configured and validated
Anti-phishing and safe link protection
Evidence collection begins from day one

✓ Evidence collected · Corrective actions tracked

Security baseline CIS benchmarks · Email authentication · Access control

Secure my environment

Control your estate

Typical delivery: 4-6 weeks

Every device managed, every identity protected. Defender for Endpoint, Intune compliance, privileged access, and threat detection via Sentinel.

Every device managed and compliant via Intune
Threats detected in real time (Defender for Endpoint)
Privileged access controlled and time-limited (PIM)
Application catalogue — your users install from a secure source
Microsoft Sentinel for security monitoring

✓ Evidence collected · Corrective actions tracked

ISO 27001 gap analysis Preparing for compliance · Gaps identified · Roadmap provided

Take control

Get Copilot ready

Typical delivery: 6-8 weeks

Full ISO 27001 ISMS, data classification, DLP, and AI governance. Your data needs to be classified, labelled, and governed before Copilot touches it. Plan 3 gets you there.

Your data classified and labelled automatically
Data Loss Prevention policies enforced across M365
Full ISO 27001 ISMS with audit-ready evidence
Copilot-ready data governance
Secure Score consistently above 75

✓ Evidence collected · Corrective actions tracked

Full ISO 27001 ISMS Policies · SoA · Risk register · Management review · Audit preparation

Get certified

Your Infrastructure

Server Security Plans

The same maturity journey applied to every Windows, Linux, and SQL Server — on-premises, in Azure, or multi-cloud. Explore server protection →

See everything

Deployment: 1-2 weeks

Every server onboarded into a single management plane. Baseline security monitoring deployed. Automated patching established. You see everything. We operate it.

All servers onboarded and inventoried
Defender for Cloud security posture assessment
Centralised patch management deployed
Azure Monitor agent for log collection
Baseline policy compliance reporting
Monthly security posture review

✓ Compliance reporting · Patch status tracked

Baseline governance Inventory · Patching · Security posture

Start with visibility

Harden, detect, and prove

Deployment: 2-4 weeks

CIS hardening baselines deployed and enforced. Advanced threat protection with automated drift detection. When configurations change, we know. When threats appear, we respond.

Everything in Plan 1
CIS benchmark hardening deployed and enforced
Defender for Servers P2 (full threat protection)
Configuration drift detection & auto-remediation
File integrity monitoring & adaptive app controls
Just-in-time administrative access
Hotpatching for Windows Server (no reboots)
Daily automated evidence collection

✓ Evidence collected · Corrective actions tracked

ISO 27001 ready CIS hardening · Drift detection · Automated evidence

Protect my servers

Full estate compliance

Deployment: 4-6 weeks

Complete hybrid governance — servers, SQL databases, and M365 under one compliance framework. Unified evidence trail, unified audit, unified corrective actions.

Everything in Plan 2
SQL Server security & best practice assessment
SQL migration readiness & estate visibility
Change tracking across all servers
Advanced monitoring & custom dashboards
Windows Admin Centre remote management
Disaster recovery configuration
Unified compliance: M365 + servers in one audit

✓ Full evidence trail · ISO 27001 certification support

Complete hybrid compliance Servers · SQL · M365 · Unified audit

Achieve governance

Your Perimeter & Cloud

Managed Network & Infrastructure Services

Not every offering fits a tier model. These are fully managed services — engineered, operated, and evidenced by the same team.

Managed Network Security

Your entire Fortinet estate — FortiGate firewalls, FortiSwitch, and FortiAP — deployed, managed, and unified with Microsoft Sentinel for a single SOC view across every layer.

Fortinet FortiGate Microsoft Sentinel Defender XDR

Explore network security →

Azure Migration & Modernisation

Architecture-first cloud adoption using Microsoft's Cloud Adoption Framework. Landing Zones, cost modelling, and governance baked in from day one.

Azure Migrate Landing Zones CAF

Explore migration →

Cloud PC

Windows 365 Cloud PCs managed through Intune, delivered on Link thin-client devices as hardware-as-a-service. Desktop as a managed service, integrated into your Azure Landing Zone.

Windows 365 Intune Windows 365 Link

Explore Cloud PC →

Evidence from day one

Every plan — not just Plan 3 — collects compliance evidence and opens corrective actions when issues are found. Whether it's your M365 tenant, your server estate, or your network perimeter, the evidence trail starts immediately. Your history becomes your certification accelerator.

Automated collection

Evidence gathered directly from your environment — no manual screenshots or spreadsheets.

Corrective actions

Non-compliant findings automatically generate tickets with remediation guidance.

Audit-ready reports

When you reach Plan 3, your evidence history feeds directly into auditor-grade reports.

M365 Service Areas

Capabilities across the M365 plans

Each service maps to specific ISO 27001 controls, risk categories, and delivery packages within the M365 plans above.

Secure Secure Services

Email Security

SPF, DKIM, DMARC, anti-phishing, and safe attachments — extended with court-admissible proof of encrypted external delivery.

View capabilities →

Identity & Access Management

Conditional Access, MFA, Privileged Identity Management, and passwordless authentication.

View capabilities →

Endpoint Security

Microsoft Defender for Endpoint, Intune compliance, attack surface reduction, and device management.

View capabilities →

Threat Detection & Response

Microsoft Sentinel SIEM, Defender for Identity, incident response, and advanced threat analytics.

View capabilities →

Security Awareness & Human Risk

Awareness training, phishing simulations, and automated A.6.3 compliance evidence.

View capabilities →

Managed Device Rental

Pre-configured, manufacturer-direct devices that eliminate supply chain risk and simplify ISO 27001 asset management.

View capabilities →

Compliant Telephony

Teams-based telephony with CallCabinet compliance recording — 256-bit AES encryption, dual capture, and data sovereignty across six continents.

View capabilities →

24 risks directly mitigated

Identity compromise (9 risks), endpoint threats (10), email attacks (2), and network exposure (3) — each mapped to specific M365 capabilities with residual risk scoring after deployment.

Key stakeholders: IT Admin, SOC, Security Analyst

Every Secure capability maps to a Statement of Work with named stakeholder roles. Your IT team deploys alongside our engineers — no black-box handover.

Evidence from day one

Conditional Access policy compliance, Defender alert resolution, CIS benchmark scores — all collected automatically. When you're ready for ISO 27001, the Secure evidence trail is already months deep.

22 capabilities in Plan 1 → 46 by Plan 2

Start with email authentication, CIS benchmarks, and Conditional Access. Plan 2 adds Intune, Defender for Endpoint, PIM, and Sentinel. Each capability weighted by risk reduction impact.

Comply Comply Services

Data Protection & Governance

Data Loss Prevention, sensitivity labels, information protection, and retention policies.

View capabilities →

Compliance Benchmarks

CIS Microsoft 365 benchmarks, security baselines, and compliance scoring.

View capabilities →

Backup & Disaster Recovery

Microsoft 365 backup, business continuity planning, and disaster recovery validation.

View capabilities →

33 risks in governance, compliance, and data protection

Policy gaps (16 risks), regulatory exposure (7), and data handling failures (10) — all traced to specific controls with CIA impact scoring. Residual risk drops to 2-3 after deployment.

Key stakeholders: CISO, Legal, DPO, Data Owners

Compliance isn't just IT. We map 179 legal requirements across 12 jurisdictions to your controls — and ensure Legal, HR, and Data Protection Officers are engaged at the right stages.

93 controls with automated evidence

DLP policy enforcement logs, sensitivity label application rates, retention policy compliance, access review completions — all fed into auditor-grade reports that pass ISO 27001 surveillance.

Plan 3 unlocks full data governance — 78 capabilities

Sensitivity labels, DLP across all M365 workloads, insider risk management, advanced audit, lifecycle workflows. This is where ISO 27001 certification becomes achievable — and sustainable.

Succeed Succeed Services

Cloud & AI Security

Cloud app security, AI governance, Microsoft Defender for Cloud Apps, and lifecycle workflows.

View capabilities →

31 risks in infrastructure, insider threats, and monitoring

Cloud infrastructure gaps (19 risks), insider abuse (6), and detection blind spots (5) — addressed through Defender for Cloud, Sentinel advanced analytics, and AI governance controls.

Key stakeholders: Board, DevOps, Application Owners

Succeed is where security becomes strategic. We engage your Board with governance dashboards, your DevOps teams with AI agent identity controls, and Application Owners with workload identity governance.

Evidence for strategic decisions, not just auditors

Sentinel incident trends, risk register movements, stakeholder engagement status, Secure Score trajectory — data that drives board-level security investment decisions, not just compliance checkboxes.

24 delivery packages across the full maturity journey

From email security (3-8 days) to AI governance (8-20 days). Each package has defined capabilities, stakeholder roles, delivery estimates, and prerequisites — a structured path from Traditional (0-39%) to Optimal (90%+) maturity.

Need to comply with more than ISO 27001? We've got you covered.

We don't try to be a multi-framework GRC tool. Instead, we natively integrate with Microsoft Purview Compliance Manager — the compliance platform already in your M365 tenant. All evidence we collect is tagged and uploaded to Compliance Manager, where Microsoft automatically maps it against 300+ regulatory standards. You implement ISO 27001. Compliance Manager does the rest.

ISO 27001 Evidence

93 controls collected from your M365 tenant

Microsoft Purview Compliance Manager

Automatic mapping & continuously updated by Microsoft

300+ Regulatory Standards

Visible in your existing M365 portal

GDPR NIS2 DORA POPIA CCPA PCI DSS SOX HIPAA UK GDPR ISO 22301 + 290 more via Compliance Manager

No manual re-tagging. No separate GRC platform. Microsoft maintains the regulatory mappings — your evidence flows automatically.

How we work with you

Project delivery

Fixed-scope deployment of security controls and ISMS documentation. Ideal for initial certification.

8-12 weeks typical

Managed service

Ongoing evidence collection, drift detection, corrective actions, and surveillance audit support.

Monthly retainer

Advisory

Strategic guidance on Zero Trust maturity, regulatory alignment, and M365 security architecture.

Ad-hoc or quarterly

Pricing is based on user count, plan scope, and engagement model. Get your free assessment — we'll recommend the right approach.

Not sure where to start?

Our free assessment maps your security posture across M365, servers, and network — then recommends the right starting point and plan for your environment.

Discover Your Security Gaps