Cloudservices Secure gives NZ businesses a strong Microsoft 365 security baseline, then monitors it continuously to make sure it stays that way. We work alongside your existing IT provider — we do not replace them.
Each plan builds on the one before it. Most businesses start on Secure+ because it covers the controls most commonly required by cyber insurers and the threats NZ SMBs face most often.
$459/month up to 10 users
+$6/user from user 11
For businesses that want strong, reliable Microsoft 365 security without complexity. Covers the fundamentals that protect against credential theft, phishing, and unauthorised access.
$899/month up to 10 users
+$10/user from user 11
For businesses that handle sensitive client information, operate across multiple locations, or want stronger email protection and deeper Microsoft 365 hardening.
$1,739/month up to 10 users
+$14/user from user 11
For professional services firms, regulated organisations, and businesses with Privacy Act, FMA, insurance, or due diligence obligations.
All prices are NZD ex-GST. GST-inclusive totals for up to 10 users are $527.85 for Secure, $1,033.85 for Secure+, and $1,999.85 for Secure Pro.
Cloudservices Secure focuses on Microsoft 365 configuration, hardening, and monitoring. Your existing IT provider keeps handling everyday support, licensing, and infrastructure unless you agree otherwise.
We configure Microsoft 365 to a strong security baseline that matches the plan you choose and the way your business works.
We secure logins, admin access, email protections, and device controls so common attack paths are closed off early.
We continuously watch for security settings that change or fall out of line with your approved baseline, then act on alerts.
You receive a monthly Secure Score summary so you can see what changed, what improved, and what needs attention next.
A filled circle means the feature is included in that plan. This table is written in plain language so you can see what each control means for your business, not just the Microsoft feature name.
| Feature | What it means for your business | Secure | Secure+ | Secure Pro |
|---|---|---|---|---|
| Keeping your accounts secure | ||||
| Multi-factor authentication (MFA) | Every user verifies their identity with a second step before accessing Microsoft 365, so a stolen password alone is not enough. | ● | ● | ● |
| MFA for administrators | Admin accounts are protected by stricter sign-in rules because they are a higher-value target for attackers. | ● | ● | ● |
| Block old-style login methods | Legacy username-and-password sign-ins are disabled so attackers cannot bypass modern security checks. | ● | ● | ● |
| Automatic risk detection | Microsoft sign-in risk signals can block or challenge suspicious logins automatically when compromise is detected. | ● | ● | ● |
| Block unauthorised app connections | Stops third-party apps getting access to your Microsoft 365 data without approval, which is a common phishing trick. | ● | ● | ● |
| Restrict who can create apps | Limits who can register new apps in your Microsoft 365 tenant, reducing accidental or malicious data exposure. | ● | ● | ● |
| Geographic access controls | Blocks sign-ins from countries you have not approved, cutting down a large amount of opportunistic attack traffic. | ✕ | ● | ● |
| Admin portal lockdown | Restricts access to the Microsoft 365 admin centre and applies tighter controls even when approved admins sign in. | ✕ | ● | ● |
| Require approved devices | Only managed devices that meet your security standard can access Microsoft 365 services and data. | ✕ | ✕ | ● |
| Just-in-time admin access (PIM) | No one keeps permanent admin rights. Access is requested for a task, time-limited, and fully logged. | ✕ | ✕ | ● |
| Scheduled access reviews | Regular reviews help confirm people still need the access they have, supporting good governance and Privacy Act obligations. | ✕ | ✕ | ● |
| Phishing-resistant login (hardware MFA) | Stronger MFA methods reduce the chance of attackers intercepting or tricking users into approving a login. | ✕ | ✕ | ● |
| Remove phone and text MFA | Moves users away from weaker SMS and voice methods to more secure authenticator-app sign-ins. | ✕ | ✕ | ● |
| Protecting your email | ||||
| External email warning labels | Messages from outside your business are clearly marked so staff can spot phishing and impersonation attempts faster. | ● | ● | ● |
| Block dangerous attachments | Executable files are blocked before they reach inboxes, reducing a common malware delivery path. | ● | ● | ● |
| Stop emails forwarding outside the business | Blocks automatic forwarding to external addresses, which helps prevent quiet data leakage during email compromise. | ✕ | ● | ● |
| Email domain authentication (DMARC) | Makes it far harder for someone to send messages pretending to come from your business domain. | ✕ | ● | ● |
| Anti-impersonation protection | Detects email that looks like it is from an executive, supplier, or trusted contact when it is not. | ✕ | ● | ● |
| Safe link and attachment scanning | Links and attachments are checked in a secure environment before staff open them, helping catch newer threats. | ✕ | ● | ● |
| Automatic threat containment | When a threat is detected, Microsoft can start automated investigation and containment much faster than a manual review. | ✕ | ● | ● |
| Protecting your devices | ||||
| Antivirus and endpoint protection | Microsoft Defender is configured across managed devices to protect against malware, ransomware, and other threats. | ● | ● | ● |
| Automatic Windows updates | Security patches are applied promptly so known vulnerabilities are closed before they can be exploited. | ● | ● | ● |
| Full-disk encryption | Data on a lost or stolen device stays unreadable without the correct credentials. | ● | ● | ● |
| Tamper protection | Helps prevent security software from being switched off by mistake or by malware. | ● | ● | ● |
| Credential Guard | Protects Windows credentials stored in memory, making it harder for malware to extract and reuse them. | ✕ | ● | ● |
| Attack surface reduction | Blocks common attack techniques such as suspicious macros, script abuse, and unexpected process launches. | ✕ | ● | ● |
| Advanced attack surface reduction | Adds stronger protection for higher-risk scenarios, including persistence and process-injection techniques. | ✕ | ✕ | ● |
| Control PowerShell and scripting tools | Applies tighter controls to admin scripting tools that attackers often abuse to move through a network. | ✕ | ✕ | ● |
| Monitoring and reporting | ||||
| Full audit logging | Keeps a record of who signed in, what changed, and what activity took place across Microsoft 365. | ● | ● | ● |
| Mailbox activity logging | Records key mailbox activity so email-based incidents can be investigated with a proper evidence trail. | ● | ● | ● |
| Configuration drift monitoring | Continuously checks your settings against the approved security baseline and alerts us if something changes. | ● | ● | ● |
| Monthly Secure Score report | Provides a plain-English monthly summary of Microsoft Secure Score, changes made, and areas to consider next. | ● | ● | ● |
| Extended audit retention | Retains logs for 90 days instead of the standard 30 days, helping with investigations and compliance evidence. | ✕ | ✕ | ● |
This service is for Microsoft 365 security governance. It strengthens your security baseline and keeps watch over it, but it does not replace your broader IT agreement.
You can upgrade at any time. These are the common triggers we see when a business has outgrown its current Microsoft 365 security plan.
These are the questions we hear most from businesses comparing Secure, Secure+, and Secure Pro.
No. Cloudservices Secure is a Microsoft 365 security governance service. We work alongside your current IT provider rather than replacing their helpdesk, licensing, or infrastructure role.
No. Microsoft 365 licensing is purchased separately through your existing IT provider. Our fee covers the security configuration, hardening, and ongoing monitoring work only.
The plans have a minimum of 5 users. Pricing covers up to 10 users, then adds a small per-user charge from user 11 onwards.
Yes. Each plan builds on the one before it, and you can upgrade at any time as your team grows, your compliance obligations increase, or your risk profile changes.
Most businesses begin on Secure+ because it covers the protections most commonly required by cyber insurers and addresses the majority of real-world threats faced by NZ SMBs.
Talk to Cloudservices about your current setup and we will recommend the right starting point for your users, risk level, and compliance obligations.
