Cloudservices Secure gives NZ businesses a strong Microsoft 365 security baseline, then monitors it continuously to make sure it stays that way. We work alongside your existing IT provider — we do not replace them.
If you are comparing options, see how we handle security drift in day-to-day controls, where Conditional Access and policy depth sit across plans, and how ongoing reviews and Secure Score reporting fit into the wider governance process.
We secure the core settings attackers look for first, including sign-ins, admin access, email protection, and the policies that stop weak defaults from slipping through.
Your approved Microsoft 365 baseline is monitored continuously so important protections do not quietly change over time without anyone noticing.
This service focuses on Microsoft 365 security governance. Your existing provider can keep handling helpdesk, licensing, and wider infrastructure while we stay focused on security posture.
You get monthly Secure Score reporting that shows what improved, what changed, and where stronger controls may be needed next.
A managed Microsoft 365 security service helps reduce the risk of phishing, credential theft, and unauthorised access without forcing you to replace your existing IT provider. You get a stronger security baseline, continuous monitoring, and clear reporting so important controls stay in place as your business changes.
Each plan builds on the one before it. Most businesses start on Secure+ because it covers the controls most commonly required by cyber insurers and the threats NZ SMBs face most often.
$459/month up to 10 users
+$6/user from user 11
For businesses that want strong, reliable Microsoft 365 security without complexity. Covers the fundamentals that protect against credential theft, phishing, and unauthorised access.
$899/month up to 10 users
+$10/user from user 11
For businesses that handle sensitive client information, operate across multiple locations, or want stronger email protection and deeper Microsoft 365 hardening.
$1,739/month up to 10 users
+$14/user from user 11
For professional services firms, regulated organisations, and businesses with Privacy Act, FMA, insurance, or due diligence obligations.
Cloudservices Microsoft 365 Security strengthens and monitors your Microsoft 365 environment. It can work alongside your current IT provider or sit on top of a Cloudservices Managed IT plan, but it does not replace day-to-day IT support, devices, licensing, or helpdesk. It focuses on hardening, drift monitoring, Conditional Access, email protection, audit logging, Secure Score reporting, and governance controls.
Cloudservices Secure focuses on Microsoft 365 configuration, hardening, and monitoring. Your existing IT provider keeps handling everyday support, licensing, and infrastructure unless you agree otherwise.
We configure Microsoft 365 to a strong security baseline that matches the plan you choose and the way your business works.
We secure logins, admin access, email protections, and device controls so common attack paths are closed off early.
We continuously watch for security settings that change or fall out of line with your approved baseline, then act on alerts.
You receive a monthly Secure Score summary so you can see what changed, what improved, and what needs attention next.
A filled circle means the feature is included in that plan. This table is written in plain language so you can see what each control means for your business, not just the Microsoft feature name.
| Feature | What it means for your business | Secure | Secure+ | Secure Pro |
|---|---|---|---|---|
| Multi-factor authentication (MFA) | Every user verifies their identity with a second step before accessing Microsoft 365, so a stolen password alone is not enough. | ● | ● | ● |
| MFA for administrators | Admin accounts are protected by stricter sign-in rules because they are a higher-value target for attackers. | ● | ● | ● |
| Block old-style login methods | Legacy username-and-password sign-ins are disabled so attackers cannot bypass modern security checks. | ● | ● | ● |
| Automatic risk detection | Microsoft sign-in risk signals can block or challenge suspicious logins automatically when compromise is detected. | ● | ● | ● |
| Block unauthorised app connections | Stops third-party apps getting access to your Microsoft 365 data without approval, which is a common phishing trick. | ● | ● | ● |
| Restrict who can create apps | Limits who can register new apps in your Microsoft 365 tenant, reducing accidental or malicious data exposure. | ● | ● | ● |
| Geographic access controls | Blocks sign-ins from countries you have not approved, cutting down a large amount of opportunistic attack traffic. | ✕ | ● | ● |
| Admin portal lockdown | Restricts access to the Microsoft 365 admin centre and applies tighter controls even when approved admins sign in. | ✕ | ● | ● |
| Require approved devices | Only managed devices that meet your security standard can access Microsoft 365 services and data. | ✕ | ✕ | ● |
| Just-in-time admin access (PIM) | No one keeps permanent admin rights. Access is requested for a task, time-limited, and fully logged. | ✕ | ✕ | ● |
| Scheduled access reviews | Regular reviews help confirm people still need the access they have, supporting good governance and Privacy Act obligations. | ✕ | ✕ | ● |
| Phishing-resistant login (hardware MFA) | Stronger MFA methods reduce the chance of attackers intercepting or tricking users into approving a login. | ✕ | ✕ | ● |
| Remove phone and text MFA | Moves users away from weaker SMS and voice methods to more secure authenticator-app sign-ins. | ✕ | ✕ | ● |
| Feature | What it means for your business | Secure | Secure+ | Secure Pro |
|---|---|---|---|---|
| External email warning labels | Messages from outside your business are clearly marked so staff can spot phishing and impersonation attempts faster. | ● | ● | ● |
| Block dangerous attachments | Executable files are blocked before they reach inboxes, reducing a common malware delivery path. | ● | ● | ● |
| Stop emails forwarding outside the business | Blocks automatic forwarding to external addresses, which helps prevent quiet data leakage during email compromise. | ✕ | ● | ● |
| Email domain authentication (DMARC) | Makes it far harder for someone to send messages pretending to come from your business domain. | ✕ | ● | ● |
| Anti-impersonation protection | Detects email that looks like it is from an executive, supplier, or trusted contact when it is not. | ✕ | ● | ● |
| Safe link and attachment scanning | Links and attachments are checked in a secure environment before staff open them, helping catch newer threats. | ✕ | ● | ● |
| Automatic threat containment | When a threat is detected, Microsoft can start automated investigation and containment much faster than a manual review. | ✕ | ● | ● |
| Feature | What it means for your business | Secure | Secure+ | Secure Pro |
|---|---|---|---|---|
| Antivirus and endpoint protection | Microsoft Defender is configured across managed devices to protect against malware, ransomware, and other threats. | ● | ● | ● |
| Automatic Windows updates | Security patches are applied promptly so known vulnerabilities are closed before they can be exploited. | ● | ● | ● |
| Full-disk encryption | Data on a lost or stolen device stays unreadable without the correct credentials. | ● | ● | ● |
| Tamper protection | Helps prevent security software from being switched off by mistake or by malware. | ● | ● | ● |
| Credential Guard | Protects Windows credentials stored in memory, making it harder for malware to extract and reuse them. | ✕ | ● | ● |
| Attack surface reduction | Blocks common attack techniques such as suspicious macros, script abuse, and unexpected process launches. | ✕ | ● | ● |
| Advanced attack surface reduction | Adds stronger protection for higher-risk scenarios, including persistence and process-injection techniques. | ✕ | ✕ | ● |
| Control PowerShell and scripting tools | Applies tighter controls to admin scripting tools that attackers often abuse to move through a network. | ✕ | ✕ | ● |
| Feature | What it means for your business | Secure | Secure+ | Secure Pro |
|---|---|---|---|---|
| Full audit logging | Keeps a record of who signed in, what changed, and what activity took place across Microsoft 365. | ● | ● | ● |
| Mailbox activity logging | Records key mailbox activity so email-based incidents can be investigated with a proper evidence trail. | ● | ● | ● |
| Configuration drift monitoring | Continuously checks your settings against the approved security baseline and alerts us if something changes. | ● | ● | ● |
| Monthly Secure Score report | Provides a plain-English monthly summary of Microsoft Secure Score, changes made, and areas to consider next. | ● | ● | ● |
| Extended audit retention | Retains logs for 90 days instead of the standard 30 days, helping with investigations and compliance evidence. | ✕ | ✕ | ● |
You can upgrade at any time. These are the common triggers we see when a business has outgrown its current Microsoft 365 security plan.
Quick answers to the questions businesses usually ask when comparing Secure, Secure+, and Secure Pro.
No. Cloudservices Secure works alongside your current IT provider. We focus on Microsoft 365 security, while your provider can still handle helpdesk support, licensing, and the rest of your IT.
No. Microsoft 365 licences are bought separately through your current IT provider. Our monthly fee covers the security setup, ongoing checks, and monitoring.
It is designed for businesses with at least 5 users. Pricing covers up to 10 users, then adds a small per-user charge from user 11 onward.
Yes. You can move from Secure to Secure+ or Secure Pro at any time. Each plan adds more protection, so you can step up as your team grows or your security needs change.
Most businesses start with Secure+ because it covers the protections many insurers expect and helps deal with the most common real-world threats for NZ businesses.
Talk to Cloudservices about your current setup and we will recommend the right starting point for your users, risk level, and compliance obligations.
