Complete Practice
Protection
Every Konve IT service — the full deployment programme and the full managed retainer across all six components — delivered as a single coordinated engagement. Your Microsoft 365 environment deployed, hardened, certified, and managed. Indefinitely.
Complete Practice Protection
Two layers. One programme. Everything covered.
Complete Practice Protection has two distinct layers — a deployment programme that establishes the environment, and an ongoing managed retainer that keeps it governed, monitored, and current. The managed layer commences on Go-Live of the deployment programme and continues on a 12-month rolling basis.
Deployment Programme
Six coordinated deployment engagements that build the complete technical foundation — tenant, backup, devices, identity, email security, and Cyber Essentials certification. Delivered in sequence, coordinated by Konve IT, documented at every stage.
- Microsoft 365 Tenant Deployment and Hardening
- Microsoft 365 Backup Setup and Configuration
- Microsoft Intune Deployment and Device Enrolment
- Entra ID Identity and Access Management Configuration
- Email Security Deployment and Configuration
- Cyber Essentials Full Programme — certificate included
Managed Retainer
Five ongoing managed retainers that keep the deployed environment current, monitored, and governed — with monthly reports, operational reviews, and incidents handled within service level. Commences on Go-Live. Renews annually.
- Microsoft 365 Managed Backup Retainer
- Intune Managed Environment Retainer
- Email Security Managed Retainer
- Identity and Access Management Managed Retainer
- Cyber Essentials Annual Renewal Support
Eleven engagements. Complete coverage of every layer.
Complete Practice Protection encompasses every Konve IT service. Nothing is added on later. Nothing is sold separately. The deployment programme and the managed retainer together cover every component of a professionally governed Microsoft 365 environment.
M365 Tenant Deployment and Hardening
Six workstreams — identity, email, files, teams, endpoint protection, and data governance — configured to the Konve IT security baseline.
M365 Backup Setup and Configuration
Third-party backup deployed at Go-Live — all four data sources, UK-based immutable storage, first backup verified.
Intune Deployment and Device Enrolment
Every device enrolled, compliance policies active, BitLocker enforced, remote wipe capability live from completion.
Entra ID IAM Configuration
Conditional Access policy architecture, privileged identity management, guest access governance, SSO integration, and audit logging.
Email Security Deployment
Mimecast or Proofpoint deployed — AI-powered phishing detection, impersonation protection, payment instruction controls, DMARC enforcement.
Cyber Essentials Full Programme
Gap assessment, targeted remediation, and supported submission. Certificate issued on successful submission.
Managed Backup Retainer
Daily backup monitoring, failed job resolution, monthly health report, and annual tested restore.
Intune Managed Environment Retainer
Monthly policy management, new device onboarding, compliance monitoring, patch oversight, monthly Device Compliance Report.
Email Security Managed Retainer
Monthly policy tuning, threat reporting, quarterly DMARC review, and BEC incident response support.
IAM Managed Retainer
New user provisioning governance, leaver offboarding verification, access reviews, monthly audit log review, quarterly access certification.
Cyber Essentials Annual Renewal
Environment change review, renewal questionnaire preparation, and supported submission each year. Certificate stays current.
Start with a conversation.
Complete Practice Protection is Konve IT's most comprehensive engagement. Before issuing a Statement of Work, Konve IT will hold a scoping call to confirm the deployment sequence, timeline, user count, device count, and regulatory context. The forms and questionnaires come after the scoping call, not before.
Contact Konve IT
Write to it@konvegroup.com or use the contact form. State that you are interested in Complete Practice Protection and confirm your approximate user count and sector. Konve IT will respond within one working day to schedule a scoping call.
Scoping call and questionnaires
A thirty-minute scoping call confirms the deployment sequence, anticipated timeline, and any sector-specific requirements. The service questionnaires are completed following the call — Konve IT will indicate which information is needed in what order.
Statement of Work
Konve IT issues a single Statement of Work covering both the deployment programme and the managed retainer — deployment timeline, service scope, delivery sequence, and retainer commencement date — within three working days of the scoping call.
Foundations Bundle
M365 tenant deployment, backup, and Intune — the three core deployment services without Cyber Essentials, email security, or IAM configuration. No ongoing managed layer.
Middle optionSecure and Certifiable Bundle
Five deployment services — everything in Foundations plus Cyber Essentials and email security — for organisations that need to achieve certification and harden their email layer. No IAM configuration and no ongoing managed layer.