Buying MDR blind is a $200K/year gamble
Most MDR vendors ask you to sign a multi-year contract based on a demo and a slide deck. You won't see real detection quality, actual response times, or how they handle your specific environment until you're locked in.
By then, switching costs are real. You've onboarded users, integrated alerts into your workflows, and trained your team on their portal. If the vendor underdelivers, you're stuck - or you're starting over.
We think that's backwards.
What you get in 90 days
We deploy our full MDR service on your Microsoft environment - the same service our paying customers receive. For 90 days, there is no service fee and no setup fee. You cover only the Microsoft licensing: Defender for Endpoint P2, Sentinel, and the underlying Log Analytics workspace. We configure Sentinel for cost-optimized ingestion from day one.
24/7 Monitoring & Active Response
We don't just alert you - we isolate compromised endpoints, disable compromised accounts, and block lateral movement without waiting for your approval on high-confidence detections.
Custom Detection Rules
Tuned to your naming conventions, admin tooling, and network patterns. We learn how your organization actually operates and build detections that reflect it. Not generic signatures.
Full Incident Response
High-confidence detections get immediate action. We contain threats in real time - endpoint isolation, account lockdown, network segmentation - without waiting for your approval when seconds count.
Real Performance Data
Incident reports, detection tuning history, false positive rates, mean time to respond. At day 90, you decide based on real data from your environment - not a sales pitch.
How it works
Intro Call
30 minutesWe assess fit together. You need Microsoft 365 with Defender for Endpoint P2 - or willingness to add it. We'll walk through your environment, detection gaps, and what the pilot covers.
Onboarding
1-2 weeksWe connect via Microsoft Lighthouse and GDAP - no agents, no infrastructure changes. We configure Sentinel, deploy baseline detection rules, and establish escalation workflows.
Full MDR Service
90 daysMonitoring, detection, response, and reporting - running on your environment with your data. Monthly security reports, detection tuning, and a direct line to our analysts. At day 90, you decide.
Requirements
What you need
- Microsoft 365 environment
- 50+ users
- Defender for Endpoint P2 licensing
- Azure subscription (for Sentinel & Log Analytics)
- Willingness to grant GDAP access
- Named internal contact for escalations
What you don't need
- No proprietary agents
- No hardware
- No multi-month onboarding project
- No long-term contract
Don't have Defender P2 yet? We can provision it through us at standard Microsoft pricing during onboarding.
Why offer this free?
We're a specialist MDR provider built entirely on the Microsoft security stack. We don't resell another vendor's SOC platform or layer our own agent on top of yours - we operate natively inside the tools you already own.
That's a strong claim. The proof of value lets us back it up with data from your environment instead of asking you to take our word for it.
We'd rather earn a long-term customer through demonstrated results than close a deal through a sales cycle.
Common Questions
You decide. If the results justify it, we transition to a paid MDR engagement on a rolling monthly basis - no multi-year lock-in. If you decide it's not the right fit, we hand back access cleanly and you keep all the detection rules, incident reports, and tuning data from the pilot.
There is no service fee - you pay only the Microsoft licensing required to run the MDR stack. That includes Defender for Endpoint P2 (~$5.20/user/month), Microsoft Sentinel (consumption-based, per GB of log ingestion), and the underlying Log Analytics workspace. For a 50-user company we typically see total Microsoft costs in the range of $400-600/month depending on log volume. We optimize your Sentinel deployment for low ingestion costs from day one - enabling only the data connectors that matter and filtering noise before it hits your workspace. If you already have some of this licensing in place, costs will be lower.
We connect via Microsoft Lighthouse using Granular Delegated Admin Privileges (GDAP) - the same Microsoft-approved model used by managed service providers worldwide. We request only the roles needed for monitoring and response. No agents installed, no VPN tunnels, no infrastructure changes. You can revoke access at any time.
Yes. There's no commitment beyond the Microsoft licensing. If at any point you want to stop, we disconnect and hand over everything we've built - detection rules, incident reports, tuning documentation. No penalties, no awkward conversations.
The pilot is designed for organizations with 50-500 users running Microsoft 365. You need Defender for Endpoint P2 licensing (existing or new). We're particularly well-suited for companies that have outgrown basic antivirus but aren't ready to build an internal SOC.
Free trials give you access to a dashboard and expect you to run it yourself. This is the full managed service - our analysts monitoring your environment 24/7, responding to threats, tuning detections, and reporting results. You're not testing software. You're evaluating a security team.
See what your MDR vendor should actually deliver
We're accepting a limited number of companies for the 90-day proof of value this quarter. If you're running a Microsoft environment with 50+ users and you want to see real MDR performance before committing, let's talk.
Book Your Intro CallOr email us directly: [email protected]