What we deliver
Most Canadian small businesses don’t need a security operations centre. They need the Microsoft 365 baseline configured properly, multi-factor authentication that actually works, and a plan for the day someone clicks the wrong link.
We focus on practical, Microsoft-stack security that an SMB can afford to maintain. No fear-selling, no over-engineered solutions, no telling you to buy six tools when one would do.
Where we usually start
A free 30-minute call, then a focused security assessment that maps to the controls your insurer or auditor is most likely to ask about:
- Identity — MFA coverage, conditional access policies, admin role hygiene, break-glass accounts.
- Endpoints — Defender configuration, baseline hardening, patch state.
- Email — anti-phishing, anti-malware, safe links, safe attachments.
- Data — sharing controls, sensitivity labels, retention, and PIPEDA-aware handling of personal information.
- Backups and recovery — what would actually happen if today were ransomware day.
You leave with a written report, prioritised by impact, and an honest list of what we’d do first.
Common engagements
MFA and conditional access rollout. The single highest-value thing most SMBs can do. We design the policies, plan the rollout so it doesn’t lock people out, and document what we changed.
Microsoft 365 security baseline. Defender for Office, Defender for Business, Intune compliance, sharing controls — configured to a sensible baseline rather than the laissez-faire defaults.
Cyber-insurance support. The documentation, control evidence, and configuration tweaks that insurers and auditors actually ask for. We’ve seen the questionnaires.