Microsoft 365 Tenancy Security
Know whether the tenancy your business runs on is actually secured — an independent read written for leadership, not for technicians.
Services · Engagements
Scoped · In writing
Five ways to get an independent answer.
Each engagement ends the same way: a board-ready document that tells leadership, in plain English, exactly how good the IT you pay for really is. Audits and retainers are fixed-fee. AI Enablement is the exception — priced per engagement, scoped to the work. Every fee sits in the written proposal before work begins. Nothing open-ended. Nothing recurring without your written instruction.
№ 01 · Entry
Quick-Scan
One domain, a credible read within days.
№ 02 · Flagship
Baseline Audit
The full picture, scoped to the engagement.
№ 03 · Ongoing
Technology Advisory
A senior voice, every month.
№ 04 · Recurring
Adeo Pulse Premium
A governance briefing, every month.
№ 05 · Bounded delivery
AI Enablement
A working capability, delivered in weeks.
Fees are stated within each engagement, and confirmed in writing before any work begins. No retainers, no renewals, no recurring charges without your signature.
№ 01 — Entry engagement
Fixed fee · one domain
Quick-Scan.
When you need a credible answer in one area before committing to anything larger, the Quick-Scan delivers it: a fixed-fee read on a single domain, written for leadership rather than technicians. Audit-grade evidence within days, with a qualified principal standing behind every finding. Delivered in writing, with a closing conversation to talk it through.
Choose from five variants, each aimed at an operational pressure point you will recognise from running an Australian SME.
Backup & Recovery Readiness
Find out — before an outage does — whether the recovery story your MSP describes is the one your insurer expects to see.
Cyber-Insurance Readiness
Walk into the renewal conversation knowing exactly where your controls sit against your insurer's current expectations — before they ask.
MSP Value & Performance
Settle the question of whether your MSP is delivering the value your contract describes — evidence-led, written for leadership, and built to forward straight to the account manager.
AI Adoption & Posture
See where AI already sits in your firm — the tools in use, the shadow-AI you cannot see, and how your data handling and prompt governance stand against your professional body. The entry point to the AI conversation.
On Variant E — AI Adoption & Posture
Before leadership decides what AI should do next, this fast, assessment-only engagement shows you what it is already doing. The work inventories the AI tools in use across the practice, surfaces the shadow-AI running outside any policy, and reads your data-handling and prompt-governance posture against the relevant professional body — AHPRA, your Law Society, or APES — including data-loss prevention and retention for AI-handled information.
You walk away with an AI posture brief: prioritised recommendations and a clear path forward — either an AI Enablement engagement, where Adeo writes the specification and independently verifies the build your team or provider delivers, or a specification you take away and run yourself. The assessment carries no obligation to proceed with either.
Two tiers by depth, the AI Adoption & Posture variant sitting at Tier II. The fee is confirmed in your written proposal, with larger or multi-entity engagements scoped accordingly.
- Fee
- Fixed fee, agreed up front
- Scope
- One domain you choose
- Form
- A written assessment leadership can act on, walked through with you
№ 02 — Flagship engagement
Fixed-fee · scoped to the engagement
Baseline Audit.
The complete, independent verdict on the IT your business depends on — assessed across all five domains: service delivery, commercial discipline, roadmap & governance, security & compliance, and AI adoption & posture. Each is measured against the ACSC Essential Eight, NIST CSF 2.0, CIS v8, ISO 27001, your renewing insurer's control set, and the relevant professional-body AI guidance. A focused, multi-week engagement, evidence-led throughout, with a qualified principal standing behind every finding. It ends in a single document leadership or the board can read and act on.
The form of the work
Each engagement concludes with a written audit document for leadership to read and act on. The structure is evidence-led, and the section addressed to your MSP is built so it can be forwarded without further edit. A closing conversation walks leadership through the findings; the full form of the work is set out in your written proposal.
Fee
Baseline Audit engagements are scoped to your organisation and agreed in the written proposal. Every engagement is fixed-fee — you know the cost before work begins, with no time-and-materials surprises.
№ 03 — Ongoing
Four tiers · by headcount
Technology Advisory Retainer.
An independent technical voice at the table every month — without the cost or commitment of a full-time IT lead. Four tiers (Lite, Foundation, Standard, Strategic), sized by headcount and engagement depth. Each gives you advisory time for the decisions, reviews and hard MSP conversations leadership should not face alone. Adeo Pulse is included; the rhythm of reviews and accountability scales with the tier.
Lean teams
Up to 15 users
- A modest envelope of monthly advisory time
- Pulse Essential, monthly
- An annual leadership review
Small SMEs
10 – 30 users
- A working envelope of monthly advisory time
- Pulse Essential, monthly
- Leadership reviews on a quarterly cadence
Mid-market
31 – 75 users
- A substantive monthly advisory engagement
- Pulse Premium, monthly
- Leadership reviews on a quarterly cadence
- A regular MSP accountability cadence
Larger SMEs
76 – 200 users
- Senior advisory at the depth a board expects
- Pulse Premium, monthly
- Board-ready leadership reviews each quarter
- A close MSP oversight cadence
Retainers are scoped to your size and the depth of engagement. A short initial term, then month-to-month on thirty days' notice; the tier and the precise advisory time agreed are set out in your written proposal before anything begins.
№ 04 — Recurring deliverable
Pulse Premium · by subscription
Adeo Pulse Premium.
A standing, independent read on your IT — on the leadership desk by the first business day of every month, before anyone has to go looking for it. Scored across service delivery, commercial discipline, roadmap, security, and AI adoption, cross-walked to ACSC Essential Eight, ISO 27001, NIST CSF and your renewing insurer's control set. Editorially signed off before it leaves Adeo. A pre-written email to your MSP account manager travels with every issue.
The shape of the work
The issue carries an executive scorecard, a technical appendix with framework cross-walks and cost-of-inaction annotations, a paste-ready email for your MSP, a roadmap-status matrix, a plain-English glossary, and methodology with editorial sign-off. Same structure every month, carrying the month's evidence — so a glance tells you what moved and what needs attention.
Fee
Pulse comes in two forms. Essential is a standalone monthly scorecard for smaller organisations. Premium covers larger organisations with the full document, framework cross-walks and insurer control-set mapping. Larger organisations and groups, or organisations with bespoke insurer cross-walks, are scoped on request. Setup is waived on Foundation, Standard and Strategic retainers. See the full sample issue →
Adeo Pulse Premium · Issue No. 07
Commercial in Confidence
Monthly Performance Scorecard
Warburton & Field LLP · Specimen
Insurer-readiness indicator
79/100
| Domain | Score | Standing | Δ |
|---|---|---|---|
| Service delivery | 86 | Green | ↑1 |
| Commercial | 71 | Amber | ↓3 |
| Roadmap & governance | 82 | Green | ↑3 |
| Security | 78 | Amber | ↓3 |
| AI adoption & posture | 74 | Amber | ↑2 |
Commercial signal of the month is licence over-assignment in M365; recovery readiness has slipped against the renewing insurer's expectations.
Three for your attention
01Backup restore-test 118 days overdue. Owner — MSP.Cost of inaction: 7–15% premium loading at renewal.
02M365 E3 over-assignment — 14 unused seats.~A$630/mo recoverable · ~A$7,560 annualised.
03Two privileged accounts without MFA. Owner — MSP + Client.
Signed off — Adeo, 2 May 2026Page one · View all →
№ 05 — Bounded delivery
Two tiers · scoped to the work
AI Enablement Engagement.
When the AI opportunity is clear, this is the engagement that turns it into something your firm can run safely. A scoped advisory, priced per engagement. Used when a Quick-Scan, Baseline Audit, or sustained advisory conversation surfaces a defined enablement opportunity. Adeo writes the specification — what to deploy, how to govern it against your professional-body obligations, and how your people are supervised — and then independently verifies what gets built. The capability itself is configured by your own team, your MSP, or a nominated build partner; Adeo does not touch the configuration. That is deliberate: keeping the build out of Adeo's hands is exactly what lets a later Adeo audit of it stay independent.
Two tiers
Tier I — Vendor-platform enablement. A complete specification for one off-the-shelf platform — Microsoft 365 Copilot, Gemini for Workspace, Cursor, Claude for Work, or ChatGPT Enterprise — with governance design (data residency, prompt-handling, citation requirements), a curated prompt library, a role-based rollout plan, and a supervision SOP aligned to AHPRA, your Law Society + Federal Court GPN-AI, or APES 110 as relevant — with independent verification of the build your team or provider delivers against it.
Tier II — + Off-the-shelf workflow automation. Tier I plus the specification and verification of a no/low-code workflow automation on top of your existing SaaS — Power Automate, n8n, Make, Zapier with LLM nodes, or an agent platform such as Lindy or Relevance — built by your team or provider to Adeo's specification.
Out of scope, by design
Bespoke code, custom model training or fine-tuning, ongoing production operations, on-call coverage, and agentic systems Adeo would be responsible for monitoring beyond engagement close. These are handed to your MSP or a nominated build partner.
Independence, plainly
Because Adeo specifies and verifies the capability but never configures it, Adeo's independence to audit that same capability later is preserved in full — there is no prior build of Adeo's to disclose. The engagement letter records the boundary in writing, and you retain the right to a third-party audit of any capability at any time.
Working papers
Five domains, five benchmarks
What we measure against.
No opinions you have to take on faith. Every domain Adeo reviews is measured against an established benchmark: formal frameworks for security, your professional body's guidance for AI adoption, and — for the rest — your own contracted commitments and current Australian SME practice.
Service delivery
MSP contracted SLAs Ticket data · AU SME benchmarks
Commercial
Contract terms Invoice accuracy · market pricing
Roadmap & governance
Committed vs. delivered Change-register hygiene
Security & compliance
ACSC Essential Eight Plus your renewing insurer's current control expectations
AI adoption & posture
AI tool inventory Sector-aligned · AHPRA, Law Society, APES
Every finding is cited to the relevant benchmark, so the evidence stands up — and travels cleanly to your insurer, parent company or board without translation.
Next step
Not sure which engagement fits?
Tell us what is keeping you up, and we will tell you the smallest engagement that answers it. A thirty-minute conversation is the fastest way to decide. No cost. No sales script. If a Quick-Scan is the right starting point, we will say so; if something narrower will do, we will recommend that instead.
Book a conversation →