Tenant administration, license rationalization, governance baselines and incident response — without inflating internal headcount. CIS v3 hardening as the floor, not the ceiling.
CIS M365 v3.0
Microsoft 365 E3/E5/BP
5 business days
ISO 27001 / NIS2 / DORA
If two of these sound familiar, this service is scoped for you. If none of them do, the discovery call is short and we will tell you which service actually fits.
Tenants with stale users, mailboxes and over-assigned SKUs nobody has owned in 18 months.
Inconsistent policies across Exchange, SharePoint, Teams and Entra ID with no documented baseline.
No runbook when a break-glass account or executive mailbox is compromised at 02:00.
No hand-waving. If it is on this list, it is in scope from day one. If it is not, it lives in the out-of-scope section further down or is a separate engagement we will tell you about up front.
Three phases. Named owners per phase. Documented hand-offs. You always know which week of the engagement you are in.
Read-only access to your tenant. CIS v3 posture scan, license-utilization review, identity-risk inventory. Output: prioritized remediation backlog signed off by your IT owner.
Conditional Access deployment in report-only mode, MFA enforcement waves, sharing-policy cleanup, license right-size. Runbook library written alongside the changes.
Every tier ships the same technical depth — the difference is whether we hand the keys back, keep them, or build you a sovereign exit kit. Final scope and fee are quoted after a short discovery call. No hourly billing.
Sub-100-seat tenants needing a hardened baseline and runbooks they can run internally.
We do not resell from a price-comparison engine. Every vendor in this service has a direct partner relationship with us — meaning support tickets escalate, license terms are honoured, and the margin stays inside the same vendor list price you would pay direct.
Honest exclusions are how we keep delivery fast. If something you need is in the out-of-scope column, we will tell you which service or partner picks it up.
REF.ENG_MATRIX // STANDARD_BOUNDARIES_APPLY
No. We augment internal IT — taking the strategic and forensic work that gets parked when the team is firefighting tickets.
Never. Every change ships with a written change request, rollback plan and explicit sign-off from a named approver.
Posture report in 5 business days. Core remediation in 2 weeks. Full governance pack and runbook library in 4 weeks.
30-minute discovery call. We tell you whether this service fits, what the scope looks like, and what the next 4 weeks would deliver. No high-pressure pitch.
Prefer a written scope before a call? Email us
Quarterly drift review + monthly license report on the Operate tier. On Essential we hand the keys back with a 30-day support window. Sovereign clients keep the keys with us under a written exit-kit clause.
Teams of 100-500 that want senior M365 ops capacity without hiring a full-time admin.
Regulated entities (DORA, NIS2, ISO 27001) needing evidence-grade operations with full exit kit.