Microsoft 365.
Properly deployed.
Professionally governed.
Fixed-scope IT services for UK law firms, accountancy practices, and professional services consultancies — from tenant deployment and Cyber Essentials certification to ongoing managed protection. No ambiguity. No open-ended retainers. Everything documented.
IT services built for the way professional services firms actually work.
Most IT providers sell time and effort. Konve IT sells outcomes. Every engagement has a fixed scope, a documented deliverable, and a price confirmed in a Statement of Work before any work begins. You know what you are getting, what it costs, and when it will be complete.
The portfolio is designed specifically for the regulatory and operational context of UK professional services firms — the SRA accounts rules, ICAEW obligations, GDPR data governance requirements, and the Legal Aid Agency's Cyber Essentials mandate are not afterthoughts. They are the starting point for every engagement.
Konve IT is not a managed service provider offering a bundle of tools and a helpdesk. It is a specialist IT services firm offering specific, bounded engagements — deployment, hardening, certification, and ongoing governance — with everything documented and nothing open-ended.
Fixed scope. Written Statement of Work.
Every engagement is confirmed in a written Statement of Work before any work begins. Scope, price, milestones, and deliverables — all defined before you commit.
Cyber Essentials aligned from day one.
Every deployment engagement configures the environment against Cyber Essentials controls at Go-Live. Certification follows the work — it is not retrofitted onto a poorly configured environment.
Everything documented. Nothing left to assumption.
Every engagement produces a written configuration document suitable for regulatory review. Your IT environment is documented at the point of handover — not reconstructed from memory later.
Sector-specific. Not generic.
Law firms have SRA obligations. Accountancy practices have ICAEW requirements. Legal Aid suppliers have a Cyber Essentials mandate. Konve IT configures for your regulatory context — not a generic SME baseline.
Six service areas. Individual engagements or bundled programmes.
Every service is available individually. Three bundle options combine multiple services into a coordinated programme at a 10% discount. All prices shown are exclusive of VAT and based on a 20-user example where applicable.
Tenant Assessment and Gap Analysis
Your Microsoft 365 tenant assessed against the Cyber Essentials controls and the Konve IT security baseline. A written Gap Analysis Report with prioritised findings.
£500 flat fee One-time · Base fee + per userTenant Deployment and Hardening
Your Microsoft 365 tenant deployed and hardened across six workstreams — identity, email, files, teams, endpoint protection, and data governance.
from £1,800 · ex. 20 users £2,600 One-time · Base fee + per userMigration from On-Premise or Legacy
Email and file data migrated from Exchange on-premise, Google Workspace, or legacy Office 365 to a correctly deployed Microsoft 365 environment.
from £2,500 · ex. 20 users £3,400 One-time · Base fee + per userCompliance-Aligned Tenant Remediation
Your existing Microsoft 365 tenant assessed and remediated — targeted fixes to close gaps, not a rebuild. Every change documented.
from £1,200 · ex. 20 users £1,850Backup Setup and Configuration
Third-party cloud backup deployed for all four Microsoft 365 data sources — Exchange, SharePoint, OneDrive, and Teams. UK-based immutable storage. First backup verified.
£350 flat fee Monthly retainer · Licence includedManaged Backup Retainer
Daily monitoring, failed job resolution, monthly health report, annual tested restore. Backup software licence included. No separate invoice.
from £5.00 / user / monthMicrosoft Intune Deployment
Every device enrolled, compliance policies active, BitLocker enforced, remote wipe capability live. Intune Plan 1 is already included in your Business Premium licence.
from £1,200 · ex. 20 devices £1,650 Monthly retainer · Per deviceIntune Managed Environment Retainer
Monthly policy management, new device onboarding, compliance monitoring, patch oversight, and monthly Device Compliance Report.
from £4.00 / device / monthReadiness Assessment
Your IT environment assessed against all five Cyber Essentials controls. Written report with prioritised remediation checklist and a plain certification readiness statement.
£500 flat fee One-time · Base fee + per user · Cert includedFull Programme
Gap assessment, technical remediation, and supported certification submission. IASME certification fee included. 30-day resubmission support included.
from £1,400 · ex. 20 users £1,950 One-time · Flat feePlus Preparation
Pre-audit environment review, certification body coordination, and independent technical audit support. Requires a valid standard CE certificate.
£800 flat fee · cert body fee additional Annual · Flat feeAnnual Renewal Support
Environment change review, renewal questionnaire preparation, and supported submission. Keeps your certificate current each year without the effort of a full programme.
£350 flat fee · IASME renewal fee additionalEmail Security Deployment
Mimecast or Proofpoint deployed — AI phishing detection, impersonation protection, payment diversion controls, DMARC enforcement, and outbound DLP.
from £600 · ex. 20 users £850 Monthly retainer · Licence includedEmail Security Managed Retainer
Monthly policy tuning, threat reporting, quarterly DMARC review, and BEC incident response support. Mimecast or Proofpoint licence included.
from £4.00 / user / month One-time · Flat feeDMARC, DKIM and SPF Audit
All three email authentication records audited, configured correctly, and verified in DNS. DMARC progressed to enforcement. No email security solution required.
£450 flat fee · £150 per additional domainEntra ID IAM Configuration
Conditional Access policy architecture, MFA enforcement, privileged identity management, guest access governance, SSO integration, and audit logging — all six workstreams.
from £900 · ex. 20 users £1,450 Monthly retainer · Per userIAM Managed Retainer
New user provisioning governance, leaver offboarding verification, access reviews, monthly audit log review, and quarterly access certification.
from £5.00 / user / monthNeed more than one service? Choose a coordinated programme.
Three bundled programmes combine multiple services into a single coordinated engagement. One Statement of Work, one timeline, one point of contact.
Foundations Bundle
The three services that establish a correctly governed, protected, and recoverable Microsoft 365 environment.
- M365 Tenant Deployment and Hardening
- M365 Backup Setup and Configuration
- Intune Deployment and Device Enrolment
Secure and Certifiable Bundle
Everything in Foundations, plus Cyber Essentials certification and email security hardening. IASME certification fee included.
- M365 Tenant Deployment and Hardening
- M365 Backup Setup and Configuration
- Intune Deployment and Device Enrolment
- Cyber Essentials Full Programme — cert included
- Email Security Deployment and Configuration
Complete Practice Protection
All six deployment services and the full managed retainer across every component. Deployment and ongoing governance in one programme.
- Full deployment programme — all six services
- All managed retainers — all licences included
- Cyber Essentials certified and renewed annually
- Single point of contact. Everything documented.
From enquiry to a signed Statement of Work in four steps.
Every engagement follows the same process — questionnaire, Statement of Work, delivery, documentation. No open-ended discovery. No surprise invoices. No ambiguity about what is and is not included.
Complete the onboarding form
One form, used across all engagements. Captures your organisation details, contacts, sector, and regulatory context. Completed once.
Complete the service questionnaire
A short questionnaire specific to the service you need. The information required to scope and price the engagement — device counts, domain details, current configuration status.
Review the Statement of Work
Konve IT issues a written Statement of Work within two working days. Scope, price, milestones, and deliverables confirmed in writing before you commit to anything.
Delivery and documentation
The engagement is delivered to scope and documented. Every project closes with a written configuration document. Every retainer delivers a monthly report.
Download the forms you need.
The Client Onboarding Form is completed once, for your file. The service questionnaires are completed for each service you are enquiring about. All documents are in PDF format.
Konve IT Client Onboarding Form
Your organisation details, key contacts, regulatory context, existing IT environment, and services required. Completed once, used across all engagements.
↓ Download PDFMicrosoft 365 Tenancy Questionnaire
For M365 Tenant Assessment, Deployment, Migration, or Remediation. Captures tenant details, user count, device inventory, and migration source where applicable.
↓ Download PDFIntune Questionnaire
For Intune Deployment or Managed Retainer. Captures device inventory by type and OS version, BYOD status, Apple Business Manager availability, and enrolment preferences.
↓ Download PDFCyber Essentials Questionnaire
For Readiness Assessment, Full Programme, Plus Preparation, or Annual Renewal. Captures device inventory, cloud services, network configuration, and MFA status per service.
↓ Download PDFEmail Security Questionnaire
For Email Security Deployment, Managed Retainer, or DMARC Audit. Captures domains, current DMARC status, all authorised sending platforms, and DNS access arrangements.
↓ Download PDFEntra ID Questionnaire
For Entra ID IAM Configuration or IAM Managed Retainer. Captures Microsoft 365 tenant details, current MFA status, admin account count, guest access state, and SSO application requirements.
↓ Download PDFReady to start?
Talk to Konve IT.
Not sure which service or bundle is right for you? Contact Konve IT with your approximate user count and sector. A response within one working day, with a clear recommendation on where to start.
Konve Ltd · Company No. 15826814 · konvegroup.com
Four situations in which Konve IT is the right delivery partner.
Konve IT is the right partner when Microsoft Cloud delivery needs to be more than technically competent — when the environment being built has to survive a compliance audit, serve a regulated profession, or integrate with governance obligations the technology alone cannot address.
You are migrating from legacy infrastructure and need the destination to be compliant, not just functional.
Your organisation is moving from on-premises Exchange, an ageing file server, or a patchwork of consumer tools to a properly architected Microsoft Cloud environment. The migration project is an opportunity to build the environment correctly from the start — with the right security baseline, the right data residency configuration, the right access controls, and the right audit trail. A generic MSP will get you to the cloud. Konve IT will get you there in a state you can defend.
You operate in a regulated profession and your MSP does not understand your obligations.
Law firm. Accountancy practice. Healthcare provider. Financial services firm. Your technology decisions intersect with SRA rules, ICAEW guidance, CQC requirements, or FCA obligations. Your current MSP has no view on these intersections and no capacity to advise on them. Konve IT is built specifically for this gap — the delivery capability of a Microsoft-certified specialist with the regulatory literacy to understand what the environment has to do, not just what it can do.
You are preparing for ISO 27001 certification and your current technical environment is the gap.
A Konve Advisory ISO 27001 readiness programme, or an internal audit process, has identified technical controls that need to be implemented before certification is achievable. The gap is in the environment — access management, logging and monitoring, encryption, backup, or security baseline configuration. Konve IT implements the technical layer, supervised by the same firm managing the certification programme, which means the work is coordinated rather than handed off across two suppliers who do not share a language.
Your existing MSP relationship has reached its ceiling and you need a more senior delivery partner.
You have outgrown the MSP that served you well in earlier years. Tickets take too long. The advice you receive is operational rather than strategic. Your Microsoft 365 tenant was never properly designed and has accumulated years of ungoverned changes. The relationship is no longer producing outcomes at the level your business now requires. Konve IT provides the senior delivery capability that your organisation has outgrown its current partner to need.
This service is not the right answer if:
- You are looking for a large managed service provider with a helpdesk team, SLA-backed ticket volumes, and the economies of scale that come with serving hundreds of clients — Konve IT is a senior delivery practice, not a high-volume helpdesk operation.
- Your environment is primarily non-Microsoft — Google Workspace, AWS, or a custom-built infrastructure — and you are not planning to move to Microsoft Cloud in the foreseeable future.
- You need break-fix support for an existing environment without any intention of improving or modernising it — we are a delivery and improvement practice, not a reactive maintenance shop.
The questions technology buyers ask before engaging Konve IT.
These are the questions our introductory calls start with. We have answered them here so the call can move directly to your specific situation.
Is Konve a Microsoft partner, and does that matter?
The principal holds Microsoft Expert-level certifications across Azure, Microsoft 365, security, and modern workplace — the highest individual certification level Microsoft awards. Whether Konve holds a formal Microsoft Partner Network membership at any given time is a commercial relationship that varies; what does not vary is the depth of technical qualification behind the work. Microsoft Partner status is a commercial accreditation that tells you a firm has met Microsoft's business and training thresholds. The Expert-level certifications held by the principal tell you that the person doing the work has passed the most demanding technical examinations Microsoft sets. Both matter, and we will tell you our current partner status clearly in the introductory call.
How is the work priced — project, retainer, or both?
Implementation and delivery work is structured as fixed-scope projects with defined deliverables, milestone-based payment, and a written scope of work agreed before commitment. You know what you are paying, what you will receive, and when each payment falls. Ongoing operational support is structured as monthly retainers sized to your environment — the retainer covers a defined set of activities and response commitments rather than an open-ended block of hours. Many engagements combine both — a project to deliver the change, then a retainer to support it once live. We will propose the structure that fits the work you have, and we will not push you into a retainer if the project is what you actually need.
How does the compliance integration with Konve Advisory actually work in practice?
The integration is structural, not cosmetic. The same principal who designs and governs your Microsoft Cloud environment is also qualified to advise on the data protection, security, and regulatory obligations that environment has to satisfy. In practice this means that the architecture produced by Konve IT is reviewed against your compliance obligations before it is built, not after. When we configure your Microsoft Purview data classification, we know what your GDPR retention obligations require. When we design your Conditional Access policies, we know what your ISO 27001 Annex A controls demand. When we sign off your backup architecture, we know what your contractual obligations to clients specify. You do not need to coordinate between a delivery firm and a compliance firm because they are the same firm.
How is our confidential information protected, particularly given AI agent involvement?
Our AI agents operate within Konve's own controlled environment, on infrastructure we own and govern, with explicit data handling policies and contractual restrictions on how the underlying models may use input data. No client information is used to train external models. In the context of IT delivery work specifically — where we may have access to your tenant configuration, your user directory, and your environment documentation — data handling discipline is not a feature of our service, it is a precondition of it. We can provide our AI handling policy and the contractual position of our underlying providers in writing before engagement.
We have an existing MSP. How does transition work?
Transitioning from an incumbent MSP is a managed process, not an abrupt switch. We begin by assessing your current environment and understanding your existing contractual arrangements with the incumbent — notice periods, data return obligations, access credentials, and any ongoing commitments. We then produce a transition plan that minimises disruption to your operations and respects your existing contractual position. Where the incumbent is cooperative, transition is straightforward. Where they are not, we have handled that situation before and know how to protect your interests within your contractual rights. We do not begin active delivery until the transition is structured correctly.
What Microsoft certifications does the principal hold?
The principal holds Microsoft Expert-level certifications in Cybersecurity Architecture, Azure Solutions Architecture, and Microsoft 365 Administration — the three Expert-level paths Microsoft offers across security, cloud infrastructure, and productivity platforms. Additionally, the principal holds Associate-level certification as an Azure Administrator. These are the most demanding Microsoft certifications available and reflect sustained investment in technical qualification over many years of enterprise IT practice. Full certification details are listed on the About page and can be verified through Microsoft's public certification validation service.
How does Konve IT relate to the rest of the Konve practice?
Konve IT is the delivery arm of the Konve practice. Where Konve Advisory provides governance, compliance, and strategic technology leadership, Konve IT delivers the technical implementation those engagements identify as needed. Many Advisory clients extend into Konve IT when the governance work surfaces technical gaps that need to be closed. Many Konve IT clients extend into Advisory when a compliance obligation, a DPO requirement, or a board-level governance need emerges from the delivery relationship. Konve Shop, the procurement arm, services both — hardware, software, and licences supplied to Konve clients at competitive rates without the margin of a general reseller. Each service line is independently scoped and priced, but the integration across all four produces a quality and coordination that separate suppliers cannot replicate.
If you have read this far, the next step is a conversation.
A thirty-minute introductory call. Conducted by the principal, not a sales representative. No fee. No obligation. The purpose is mutual fit assessment — we want to understand your environment, your situation, and what you are trying to achieve, and you want to understand whether Konve IT is the right delivery partner for the work in front of you.
You will leave the call with a clear answer to three questions. Whether your situation is one Konve IT is the right firm to address. What an engagement would look like in your specific circumstances — scope, structure, timeline, and fee. And whether, in our honest assessment, we are the right partner. If we are not, we will tell you, and where appropriate point you to who is.