// m365 · essential eight · remediation · managed

Run a real check on your Microsoft 365 tenant — before something else does.

Sentavo runs the same class of assessment enterprise governance platforms charge $200–300/month for — fixed-price, mapped to the frameworks that actually get asked about, and with no sales call to see the output.

// no login · no agent install · nothing leaves this browser tab

mapped to: ASD Essential Eight CIS Controls NIST CSF ISM Microsoft Secure Score
tenant-check --interactive

question 1 of 5

why-this-exists.md

Governance platforms were compiled for 4,000-seat orgs. You aren't that build target.

The category leaders are genuinely good — and priced for a dedicated M365 admin team with a procurement department. That leaves a gap for everyone else: the 10–200 seat businesses and the small MSPs looking after them.

$0

to run the snapshot above and get a directional read. No demo booking, no email wall for the on-screen score.

fixed

assessments quoted as one flat number up front — not a recurring per-seat licence you'll forget to cancel.

closed

a finding nobody fixes isn't a finding. Every report ships with remediation scoped and quoted, so gaps actually get closed.

tools/

Nothing here requires a sales call

Self-serve checks you can run right now. More get added as they're built — leave an email below to hear when they ship.

tenant-snapshot

live

Five questions, scored instantly — MFA, offboarding, guest access, mail forwarding.

./run ↓

mx-lookup

live

Check mail routing records for any domain.

./run →

spf-lookup

live

Validate SPF and flag the common misconfigurations — including the 10-lookup limit.

./run →

dmarc-lookup

live

Check DMARC policy — flags p=none, meaning no enforcement at all.

./run →

dkim-lookup

live

Check the DKIM record for any domain and selector.

./run →

email-header-analyzer

soon

Paste raw headers — get sender path, auth results and delays.

./notify-me →

ca-policy-check

soon

Read-only Conditional Access review — break-glass exclusions, legacy auth, admin MFA.

./notify-me →

license-comparison

soon

Compare two M365 licence SKUs side by side, in plain language.

./notify-me →
services.json

Four things, done properly

Start with the assessment and let the findings decide the rest.

// security-assessment

Security & Risk Review

  • M365 health check — Exchange, Teams, SharePoint, OneDrive
  • MFA, Conditional Access & privileged exposure
  • Email security — spoofing, forwarding, phishing posture
  • Essential Eight maturity read + Copilot readiness
  • Fix list ranked by risk, not page count
// remediation

Remediation

  • Address findings from your assessment — nothing invented
  • MFA enforcement & Conditional Access rollout
  • Email security config — DKIM, DMARC, anti-phishing
  • Entra ID & guest access cleanup
  • Scoped and quoted per finding
// implementation

Fix & Harden

  • New tenant setup & migration, done to the framework — not around it
  • Backup & recovery configuration
  • Endpoint & Intune policy deployment
  • Documentation handed to your team in full
// managed

Managed & Ongoing

  • Monthly re-assessment against the same baseline
  • Implementation hours included
  • Priority response
  • Cancel anytime — reports are yours either way
partners/msp.md

Run this under your own brand

If you're a small MSP, your clients are already asking about Essential Eight — usually because an insurer or a contract did. Sentavo can run the assessment engine behind your logo.

white-label reports

Assessment reports delivered under your branding, written so your client's director can read them.

you keep the client

Sentavo never contacts your client directly. You own the relationship; we're the bench behind it.

overflow expertise

Principal-level Microsoft, Intune and NetScaler depth on tap for the engagements your team hasn't hit before.

./partner-enquiry

process.log

How an engagement runs

[1/3] free

Snapshot

Answer five questions above, or grant read-only access for the automated version. Directional score in minutes, full breakdown by email.

[2/3] fixed-price

Assessment

One quoted number up front, covering configuration, identity, licensing and security — mapped to Essential Eight, CIS and NIST so the report answers the questions insurers and auditors actually ask.

[3/3] scoped

Implementation

You choose which findings to fix. Each one is scoped and quoted separately — no bundle padding, no retainer required.

pricing.txt

Priced for a company, not a Fortune 500

Real numbers, up front. Scope can move a quote, but you'll always know the number before you commit to anything.

snapshot

$0

self-serve · instant result

  • runs in your browser
  • no account needed
  • full breakdown by email
./run it ↑

starter-scan

A$590 fixed

automated · ~2 days

  • automated tenant scan, read-only
  • summary report with fix order
  • fully credited toward a full assessment
./book it →

full-assessment

A$1,900 fixed

most businesses under 200 seats · ~1 week

  • everything in starter-scan
  • written, prioritised report
  • Essential Eight / CIS / NIST mapping
  • 30-min walkthrough call
  • tells you nothing you didn't know? you don't pay.
./book it →

managed

from A$490/mo

cancel anytime

  • monthly re-assessment
  • implementation hours included
  • priority response
./ask about it →
security-posture.md

How we treat your tenant

You're considering giving a security service access to your environment. Here's exactly what that access is — and isn't.

read-only, always

Automated assessments use read-only Microsoft Graph permissions, listed in full before you consent. Nothing is changed unless you've scoped remediation work.

nothing stored by default

Browser tools run entirely in your tab. Assessment data is processed for your report, then deleted — your tenant, your data.

no lock-in, ever

Findings, configuration docs and evidence are handed over in full. If you leave, you leave with everything.

independent practice

Sentavo is run by a principal-level consultant with 20+ years across Microsoft, security and virtualisation — not a reseller front for an enterprise platform. Reports are written by the person doing the work.

contact.sh

Tell us where it's messy

Prefer to talk it through? Book a free 20-minute slot — no pitch, just a read on where you're at.

./book-a-call

Or email directly:
hello@sentavo.works

Replies usually within one business day, Sydney time.