Secure
Threat Detection & Response
Microsoft Sentinel SIEM, Defender for Identity, incident response, and advanced threat analytics.
Organisations without centralised threat detection discover breaches an average of 204 days after initial compromise. Twenty-four monitoring and infrastructure risks in our register require continuous visibility — from Active Directory reconnaissance to lateral movement across cloud workloads. Microsoft Sentinel and Defender for Identity provide the correlated intelligence needed to detect, investigate, and respond to threats before they escalate into incidents.
Added in Endpoint (Plan 2)
- Sentinel Baseline Connectors — Microsoft Sentinel with baseline M365 data connectors, RBAC, threat analytics, and operational monitoring
- Defender for Identity — Deploy MDI sensors on domain controllers, AD FS, AD CS, and Entra Connect. Configure entity tags, tune alerts, integrate with XDR
- Incident Response Planning — IR plan documentation, playbook inventory, RACI matrices, communication templates, and tabletop exercises
Added in Information Governance (Plan 3)
- Advanced Audit — Microsoft Purview Advanced Audit with extended retention
- Insider Risk Management — Microsoft Purview Insider Risk Management
- Communication Compliance — Microsoft Purview Communication Compliance
- Information Barriers — Microsoft Purview Information Barriers
- Customer Lockbox — Microsoft Purview Customer Lockbox for support access
- Privileged Access Management — Microsoft Purview Privileged Access Management
- Sentinel Advanced Connectors — Additional Sentinel data connectors beyond baseline
- Custom Analytics Rules — Custom Sentinel analytics rules for organisation-specific threats
- SOAR Playbooks — Sentinel automation playbooks for incident response
What you receive
| Delivery Package | Duration | Stakeholders | Key Deliverables |
|---|---|---|---|
| Microsoft Sentinel Deployment | 10–25 days | SOC, CISO, IT Admin | Workspace architecture document; Data connector configuration; Analytics rule set |
| Advanced Compliance | 10–20 days | CISO, Compliance, Legal, HR | Advanced Audit configuration; Insider Risk policies and indicators; Communication Compliance policies |
| Defender for Identity Deployment | 5–12 days | CISO, AD Admin, SOC | Sensor deployment plan (DC inventory); Deployed sensors with health verification; Entity tag configuration |
| Incident Response Planning | 3–8 days | CISO, SOC, Legal, Comms | Incident response plan document; Playbook inventory (per threat type); RACI matrix |
ISO 27001 controls covered
- A.5.19 Information Security in Supplier Relationships
- A.5.24 Information Security Incident Management Planning and Preparation
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
- A.5.27 Learning from Information Security Incidents
- A.5.3 Segregation of Duties
- A.5.31 Legal Statutory Regulatory and Contractual Requirements
- A.5.7 Threat Intelligence
- A.6.8 Information Security Event Reporting
- A.8.15 Logging
- A.8.16 Monitoring Activities
- A.8.2 Privileged Access Rights