CloudShield: Your security and cloud, monitored, protected, governed.

Endpoint security, detection & response, identity security, compliance, resilience, and Azure operations — on the Microsoft security stack. The natural next step after your workplace is stable.

See features Talk to us

24/7 SOC

Human analysts, not just automated alerts.

CAF-mapped

Compliance evidence as a byproduct, not a project.

G-Cloud 14

On G-Cloud. No “call for a quote.”

Defender + Sentinel native

One Microsoft security graph. No bolt-ons.

3-month exit clause

Modular tiers. No lock-in.

Three tiers. Start where your risk profile demands.

Essentials

The security baseline. Defender XDR, Sentinel monitoring, identity protection, Secure Score tracking, and backup. For organisations that need foundational cyber hygiene managed properly.

See G-Cloud 14

Talk to us

Advanced

Proactive security. MDR with SOAR playbooks, PIM governance, compliance mapping, DRaaS, and FinOps. For organisations facing regulatory pressure or growing threat exposure.

See G-Cloud 14

Talk to us

Complete

Full security operations. 24/7 SOC, managed threat hunting, Zero Trust blueprint, automated failover, and continuous compliance. For regulated public sector demanding the highest assurance.

See G-Cloud 14

Talk to us

Capability breakdown by tier

Select a capability area to see what’s included at each tier.

Protect / Defender XDR

Every device in your estate — protected, monitored, and hardened against attack. Built on Microsoft Defender XDR with policies tuned for public sector threat landscapes, not generic defaults.

	Essentials	Advanced	Complete
Defender XDR (desktops, laptops, mobile)	✓	✓	✓
Vulnerability management (risk-based)	✓	✓	✓
Email protection (Safe Attachments/Links)	✓	✓	✓
Web content filtering	✓	✓	✓
Threat alert triage & action	✓	✓	✓
Vulnerability reporting	Monthly	Monthly	Monthly
Attack surface reduction (app control, exploit guard)	—	✓	✓
Threat intelligence feeds (UK public sector IoCs)	—	✓	✓
Automated investigation & remediation	—	✓	✓
Attack surface reviews	—	Quarterly	Quarterly
Managed threat hunting (hypothesis-driven)	—	—	✓
MITRE ATT&CK mapping to risk profile	—	—	✓
Containment, investigation & remediation	—	—	✓
Hunt reports with findings	—	—	Monthly

Sentinel MDR

When something gets past prevention, speed of detection and response is everything. Built on Microsoft Sentinel with analytics rules tuned for public sector environments — not a generic SIEM deployment generating noise.

	Essentials	Advanced	Complete
Microsoft Sentinel deployment & configuration	✓	✓	✓
Log ingestion (Entra ID, M365, Defender, firewall)	✓	✓	✓
Analytics rules (tuned, low false-positive)	✓	✓	✓
Monitoring coverage	Business hours + critical OOH	24/7 (automated)	24/7 (human + automated)
Incident triage & classification	✓	✓	✓
Security posture reports	Monthly	Monthly	Monthly
MDR with SOAR playbooks	—	✓	✓
Automated response (lockout, quarantine, isolate)	—	✓	✓
Custom detection rules (insider threat, exfiltration)	—	✓	✓
Forensic investigation	—	✓	✓
24/7 SOC (human analysts)	—	—	✓
Full incident response & remediation	—	—	✓
Root cause analysis & post-incident reports	—	—	✓
Retainer-based major incident response	—	—	✓
Sector-specific threat briefings	—	—	✓

Identity security

Identity is the new perimeter. This is not about provisioning accounts (that’s ModernWork) — it’s about protecting privileged access, detecting credential abuse, and governing entitlements. The security layer on top of your identity operations.

CloudShield Identity Security covers the protection layer — threat detection, privileged identity management, and governance. Day-to-day identity operations (provisioning, JML, SSO) sit within ModernWork 365.

	Essentials	Advanced	Complete
Entra ID Protection (configured & monitored)	✓	✓	✓
Risk-based conditional access (sign-in & user risk)	✓	✓	✓
MFA effectiveness monitoring	✓	✓	✓
Risky sign-in investigation	✓	✓	✓
Compromised credential detection (dark web)	✓	✓	✓
Identity risk reports	Monthly	Monthly	Continuous
PIM governance (just-in-time access)	—	✓	✓
Approval workflows for elevation	—	✓	✓
Privileged role access reviews	—	Quarterly	Quarterly
Conditional access hardening (device/network/session)	—	✓	✓
Break-glass account monitoring	—	✓	✓
Privileged access audits with drift detection	—	Quarterly	Quarterly
Identity governance at scale (full directory)	—	—	✓
Separation of duties enforcement	—	—	✓
Identity threat detection (OAuth, token replay, SPN abuse)	—	—	✓
SOC integration (identity signals to threat hunting)	—	—	✓
Continuous compliance evidence (ISO/CAF/CE+)	—	—	✓

Govern / Zero Trust

Frameworks are only useful if someone maintains them continuously. We map your controls, track your posture, and produce audit evidence — so compliance is a byproduct of operations, not a separate annual exercise.

	Essentials	Advanced	Complete
Microsoft Secure Score tracking & improvement	✓	✓	✓
Baseline policies (password, legacy auth, MFA, device)	✓	✓	✓
Secure Score reports with recommendations	Monthly	Monthly	Real-time
Basic policy documentation	✓	✓	✓
Framework mapping (CAF/DSPT/ISO/CE+/PSN)	—	✓	Multi-framework
Policy automation (Azure Policy, Intune, Purview)	—	✓	✓
Gap analysis with prioritised remediation	—	✓	✓
Compliance posture reports with evidence packs	—	Quarterly	Continuous
Audit support (evidence in auditor format)	—	✓	✓
Zero Trust architecture blueprint	—	—	✓
Continuous compliance (real-time control monitoring)	—	—	✓
Compliance-as-code (version-controlled, auditable)	—	—	✓
Regulatory change monitoring (NCSC, framework updates)	—	—	✓

Resilience / Backup & DR

When things go wrong — ransomware, hardware failure, natural disaster — how fast can you recover? We build, test, and maintain your recovery capability so it actually works when you need it, not just on paper.

	Essentials	Advanced	Complete
Backup management (Veeam / Azure Backup)	✓	✓	✓
Daily backups (M365, Azure VMs, SQL)	✓	✓	✓
Backup health monitoring & failure alerts	✓	✓	✓
Restore testing	Monthly (sample)	Monthly (sample)	Monthly (sample)
Retention policies (aligned to governance)	✓	✓	✓
Backup reporting (RPO/RTO status)	✓	✓	✓
DRaaS (Azure Site Recovery, defined RPO/RTO)	—	✓	✓
Ransomware recovery (immutable/air-gapped backups)	—	✓	✓
DR tabletop exercises	—	Quarterly	Quarterly
Recovery runbooks (maintained & tested)	—	✓	✓
Failover testing	—	✓	✓
Automated failover (no manual intervention)	—	—	✓
Full-scale DR tests (actual failover)	—	—	Annual
Multi-region redundancy architecture	—	—	✓
Recovery orchestration (sequenced multi-system)	—	—	✓
BC/DR posture scoring & board reporting	—	—	✓

AzureOps

Your cloud infrastructure — governed, optimised, and operated. This module can be scoped per user or per environment, because a 500-person organisation might have 20 Azure resources or 500.

Per-environment bands:

Small (1–20 resources)
Medium (21–100 resources)
Large (101–500 resources)
Enterprise (500+ resources): Custom

All tiers published on G-Cloud 14.

	Essentials	Advanced	Complete
Azure Landing Zone (CAF-aligned)	✓	✓	✓
Basic CloudOps (monitoring, alerts, patching)	✓	✓	✓
Azure Advisor recommendations actioned	Monthly	Monthly	Continuous
Cost visibility (spend reports, trend analysis)	✓	✓	✓
Basic governance (naming, tagging, resource groups)	✓	✓	✓
FinOps (right-sizing, RI planning, orphan cleanup)	—	✓	✓
Azure Policy enforcement (custom, auto-remediation)	—	✓	✓
Network security (NSG review, firewall audit)	—	✓	✓
Performance optimisation (cost + performance tuning)	—	✓	✓
Full IaaS/PaaS management (provisioning, change, capacity)	—	—	✓
Infrastructure as Code (pipelines, version-controlled)	—	—	✓
Well-Architected Framework reviews	—	—	✓
Cost forecasting & budget management	—	—	✓
Configuration baseline enforcement & drift detection	—	—	✓

“We needed 24/7 security monitoring and CAF compliance — but couldn’t recruit SOC analysts at our pay grades. Agilisys gave us both without the headcount problem.”

70+

councils served

24/7

SOC coverage

Apr 2026

CAF deadline covered

G-Cloud 14

published on Digital Marketplace

Why councils switch

“We can’t afford a SOC.”

CloudShield Essentials costs less than hiring SOC analysts at council pay grades. You get Sentinel, Defender XDR, and identity protection managed together. A 1,000-user council gets full security operations for a fraction of in-house cost.

“We already have antivirus and a firewall.”

Prevention isn’t enough. Modern attacks bypass endpoint protection. You need detection, response, and recovery — not just a perimeter. CloudShield adds the monitoring, investigation, and remediation layer that turns point tools into a security posture.

“Our IT team handles security.”

Can they watch 24/7? Run SOAR playbooks? Produce CAF evidence quarterly? Councils that try to do security in-house find it consumes their best people. We free your team to focus on transformation, not alert triage.

What happens next

Assess

Security posture review, tooling audit, and compliance gap analysis. No charge.

Recommend

Tier recommendation mapped to your risk profile, regulatory requirements, and budget.

Deploy

Sentinel configured, Defender tuned, ServiceControl governance applied. Parallel running with existing tools.

Protect

24/7 monitoring active. SLAs live. First compliance evidence pack within 90 days.

Tell us your current setup — what you’re running, what compliance frameworks you need to meet, what keeps you up at night. We’ll come back with a gap assessment and a costed proposal within a week. Cyber Essentials to full 24/7 SOC — priced on G-Cloud.

Email us directly: info@agilisys.co.uk