Microsoft 365 Tenant Deployment and Hardening — Konve IT

Konve IT / Microsoft 365

One-time project  ·  Fixed scope  ·  Milestone payment

Microsoft 365 Tenant
Deployment and Hardening

Your Microsoft 365 tenant, designed, deployed, and hardened from the ground up — across every workstream, against a documented security baseline, aligned to Cyber Essentials controls from day one.

Six workstreams, one engagement Cyber Essentials aligned at Go-Live Written scope before commitment
Get a quote How it works

Indicative Pricing

Base fee (up to 10 users) £1,800 Exclusive of VAT
Per user above 10 — standard £80 Per user / per month
Per user above 10 — volume (25+) £72 10% discount applies at 25+ users

Example: 20-user firm — £1,800 base + (10 × £80) = £2,600 + VAT

Payment: 50% on commencement · 50% on Go-Live

Timeline: Agreed at scoping · typically 2–4 weeks

Scope of work

Six workstreams. One coordinated deployment.

Every component of a properly governed Microsoft 365 environment, configured to the same standard, in a single engagement. No fragmented delivery across multiple suppliers. No gaps between workstreams.

Microsoft Entra ID

  • User account provisioning and group structure
  • Multi-factor authentication enforcement — all accounts, no exceptions
  • Conditional Access policy design and implementation
  • Guest access governance and external sharing controls
  • Privileged identity management for administrator accounts

Exchange Online

  • Mailbox provisioning for all users in scope
  • Email routing and DNS configuration — MX, SPF, DKIM, DMARC
  • Retention policy aligned to your regulatory obligations
  • Anti-spam and anti-phishing policy to the Konve IT baseline

SharePoint and OneDrive

  • Site structure design and provisioning
  • Permissions governance and inheritance settings
  • External sharing policy configuration
  • OneDrive Known Folder Move for Windows devices where applicable

Microsoft Teams

  • Team and channel governance policy
  • Meeting policy configuration and external participant controls
  • Guest access controls

Microsoft Defender for Business

  • Activation and configuration to the Konve IT security baseline
  • Endpoint protection policy deployment
  • Threat detection and alerting configuration

Microsoft Purview

  • Sensitivity label design and deployment
  • Basic data loss prevention policy
  • Audit logging activation and configuration
What you receive

A documented environment, handed over to your administrator.

Go-Live is confirmed in writing by Konve IT when the tenant is operational and configured to the baseline standard. Everything is documented before handover.

Tenant Configuration Document

A full written record of every configuration decision made during deployment — the security baseline applied, administrator guidance for routine operations, and a statement of alignment with Cyber Essentials controls at the point of Go-Live. Delivered in PDF on Go-Live.

Administrator Handover Session

A ninety-minute remote session with your nominated administrator, covering every workstream — what was configured, why, and how to manage it going forward. Scheduled on Go-Live.

Go-Live

Go-Live is the point at which Konve IT confirms the tenant is operational and configured to the agreed baseline. Your continued use of the environment following that confirmation constitutes acceptance of the deployment. The second payment instalment falls due at Go-Live.

Who this is for

Four situations where this engagement is the right answer.

This is a deployment and hardening engagement, not a remediation or migration project. It is designed for organisations starting from a clean slate or rebuilding from a legacy configuration that is too far gone to remediate.

Situation 01

You are setting up Microsoft 365 for the first time and want it done properly from day one.

A new Microsoft 365 tenant configured correctly at the outset is significantly easier and cheaper to govern than one retrofitted years later. This engagement establishes the right foundation from the start — identity governance, security baseline, data governance, and compliance alignment built in, not bolted on.

Situation 02

Your existing tenant is too far gone to remediate and needs to be rebuilt.

Years of ungoverned configuration, stale accounts, absent security policies, and accumulated compromise have left your tenant in a state where targeted remediation would cost more than rebuilding it correctly. This engagement delivers a clean, documented, governed environment from a defined baseline.

Situation 03

You are a law firm, accountancy practice, or professional services firm setting up or modernising your cloud environment.

Your Microsoft 365 environment intersects with SRA, ICAEW, FCA, or GDPR obligations. Konve IT configures the environment against these requirements — sensitivity labelling, data governance, retention policy, and access controls aligned to your specific regulatory context, not a generic baseline.

Situation 04

Your Cyber Essentials assessment has identified that your tenant configuration needs to be rebuilt before certification is achievable.

Where a Konve IT assessment or a third-party review has confirmed that the volume of remediation work required makes rebuilding more cost-effective than patching, this engagement delivers the clean environment from which a Cyber Essentials submission can proceed immediately.

What this service does not include

Scoped clearly so there are no surprises on either side. If you need anything below, Konve IT can provide it under a separate Statement of Work.

  • Migration of email or file data from any existing platform
  • Advanced email security — Mimecast or Proofpoint
  • Intune device enrolment and endpoint management
  • Cyber Essentials certification submission
  • Procurement or payment of Microsoft 365 licences
  • Configuration of hardware or on-premise servers
  • Helpdesk, end-user support, or break-fix
  • Ongoing management following Go-Live
Pricing

Base fee plus per-user above ten.

The base fee covers the fixed overhead of the engagement — scoping, project management, security baseline design, documentation, and testing — regardless of how many users are in scope. The per-user increment covers the genuinely variable work above ten users.

Microsoft 365 Tenant Deployment and Hardening

Project fee structure Excl. VAT
Base feeCovers fixed overhead · includes up to 10 users £1,800
Per user above 10 — standard rate £80 / user
Per user above 10 — volume rateApplies where 25 or more users confirmed £72 / user
Example calculations Excl. VAT
10 usersBase fee only — no per-user increment £1,800
20 users£1,800 + (10 × £80) £2,600
30 users — volume rate£1,800 + (20 × £72) £3,240
50 users — volume rate£1,800 + (40 × £72) £4,680
Volume rate: The 10% volume discount on the per-user increment applies automatically where 25 or more users are confirmed in the Statement of Work. It does not need to be requested.

Payment Milestones

Milestone 1
On commencement
50%

Due on or before the agreed commencement date. Work does not begin until this instalment is received.

Milestone 2
On Go-Live
50%

Due on Go-Live, or within five working days of Konve IT confirming Go-Live in writing, whichever is earlier.

All fees
Exclusive of VAT, charged at the prevailing rate. Invoices payable within 14 days.
How to get started

Three steps from enquiry to a signed Statement of Work.

No open-ended discovery calls before commitment. The scope is defined by the questionnaire, the Statement of Work is issued on the basis of your responses, and work begins when it is signed.

01

Complete the onboarding form

Download and complete the Konve IT Client Onboarding Form. This captures your organisation details, key contacts, and regulatory context — information needed to open your file and issue a Statement of Work.

02

Complete the service questionnaire

Download and complete the Microsoft 365 Tenancy Questionnaire, selecting the Deployment or Hardening variant. This establishes user count, tenant status, licence tier, DNS access, and device details — everything needed to calculate the fee and issue the SoW.

03

Review and sign the Statement of Work

Konve IT reviews your questionnaire responses and issues a Statement of Work within two working days. The SoW confirms the exact fee, payment milestones, anticipated Go-Live date, and full scope. On signature and receipt of the first instalment, the engagement commences.

Get started Back to Konve IT Or write to it@konvegroup.com
Services that extend this engagement
Microsoft 365 Backup

Backup Setup and Configuration

Microsoft 365 does not back up your data. This engagement deploys a third-party cloud backup solution with UK-based immutable storage. Most clients add this at Go-Live.

 Endpoint Management

Microsoft Intune Deployment

Enrol all in-scope devices into Intune, enforce device compliance policies, and enable remote wipe. Business Premium includes Intune at no additional licence cost.

 Cyber Essentials

Cyber Essentials Full Programme

This deployment engagement aligns your tenant to Cyber Essentials controls at Go-Live. The Full Programme takes you from that baseline to a valid certificate.
Scroll to Top