For Microsoft customers Partners Insights Contact
+44 (0) 203 475 9524
Talk to us
Home/Practices/Sentry XDR/Pricing
Sentry XDR · Pricing

Four tiers. One UK SOC.

Indicative pricing for the four Sentry XDR service tiers — Build, Essential Protect, Advanced Guard, and Elite Shield. Every quote is honest-scoped against your estate and the threat landscape it actually sits in.

Build

Get the foundations right — improve posture and report, before you add a SOC.

Improve& Report

8×5 cover · no SOC monitoring.

  • Microsoft Defender XDR + Sentinel onboarding
  • Secure Score baseline & uplift roadmap
  • 8×5 UK business-hours support
  • Posture & compliance reporting
  • Detection tuning, no live triage
Talk to us

Essential Protect

Round-the-clock managed detection on Microsoft Defender + Sentinel.

24×7UK SOC

From — indicative. Named UK analysts.

  • Everything in Build
  • 24×7 UK SOC · Defender XDR + Sentinel
  • Tier-1 / tier-2 triage with named analysts
  • Monthly threat hunt · written brief
  • Standard playbooks, monthly review
Get a quote

Advanced Guard

Essential Protect + faster response, IR retainer, and purple team.

24×7+ IR

From — indicative.

  • Everything in Essential Protect
  • Priority response targets
  • Incident Response retainer included (4-hour callout)
  • Purple-team exercises twice yearly
  • Defender for Cloud Secure Score uplift programme
  • Board-readable monthly brief
Get a quote

Elite Shield

Advanced Guard + DV-cleared analysts and a UK delivery floor.

Bespoke

Annual contract · elevated clearance.

  • Everything in Advanced Guard
  • DV-cleared analysts (SC minimum)
  • UK delivery floor (UK-South)
  • Senior, UK-cleared incident responders
  • Sector-curated threat intelligence
  • Dedicated practice partner
Request a briefing

How we charge

Per-seat for run; fixed price for onboarding (typically 30–60 days). All tiers include the Incident Response retainer — there's no separate IR fee on top. Annual contracts, one-month break clause after year one.

What's covered

The IR retainer covers any security incident across your Microsoft cloud estate — whether it originated inside our perimeter or somewhere we don't monitor. We pick up the phone either way; that's the point of bundling it.

Frequently asked

Can we use our own SIEM? No. Sentry XDR runs on Microsoft Defender XDR and Sentinel — that's how we keep response fast. If you have a legacy SIEM, the onboarding includes migration.

How do you handle response times? We track response time as a rolling average and report it monthly, and we can agree response-time targets in your contract on the higher tiers.

What every tier includes

The SOC foundations under every tier

Whatever you spend, the same Microsoft-native detection spine runs underneath. The tiers change how fast we respond, how deep we hunt, and how much clearance and ring-fencing you get — never whether you're covered.

SOC monitoring on Microsoft SentinelDetections built and tuned on Sentinel and Defender XDR, watched from our UK floor — no third-party SIEM bolt-ons.
Incident managementEvery alert that matters becomes a tracked incident with a named analyst, an audit trail, and a clear close-out.
Threat huntingProactive hunts against your estate every month, written up in a brief you can actually read — not a raw alert dump.
Log retention & complianceRetention aligned to your regulatory posture, with the governance evidence auditors ask for kept ready.
Reporting & KPIsMonthly reviews with the numbers that matter — MTTR, incident volume, coverage gaps — in board-readable form.
UK SOC, named analystsThe people watching your tenant are UK-based and you know their names. No anonymous offshore queue.
Sharpen your cover

Add-on capabilities to raise the bar

Bolt these onto any tier when your estate, your sector, or your auditors demand more. We'll tell you which ones you actually need and which you can skip.

SOAR automation playbooksAutomated containment and enrichment for your highest-volume alert types, cutting analyst toil and shaving minutes off MTTR.
Threat intelligence feedSector-curated intelligence wired into your detections, so you're hunting for the threats actually targeting your industry.
Vulnerability managementContinuous discovery and risk-ranked remediation guidance across your Microsoft cloud estate, tied back to your Secure Score.
Purple-team exercisesOur responders and your defenders run the attack together, then harden the gaps it exposes — twice yearly on Defend and up.
Incident response retainerA guaranteed callout when something gets through — already bundled on every tier, extendable with on-site forensics.
Compliance & governance upliftMapping your controls to the frameworks you answer to, with the evidence packaged for the next audit.
Sentry XDR · Pricing

Not sure which tier? One call, one honest answer.

The practice partner will help you scope to the right tier — and tell you honestly when you're already over-licensed.

Email soc@scg.world Back to Sentry XDR