A free one-off Essential Eight assessment per tenant. Continuous monitoring is A$79/month (intro; A$149/month list) for up to 50 users, A$349/month for up to 250 users, and custom pricing for Enterprise. MSPs pay per managed tenant from A$25/tenant/month.

No. Billing is monthly, cancel anytime from the dashboard. On cancellation scanning stops immediately and customer data is purged within 30 days on request.

Australian SMEs running Microsoft 365 (up to ~250 users) and MSPs managing Essential Eight posture across multiple Microsoft 365 tenants.

Pricing

Continuous Essential Eight posture monitoring

Daily Essential Eight scans of your Microsoft 365 tenant, with hash-anchored evidence retained and an email when something material to your posture changes — a new admin, MFA regression, a device falling out of compliance, backup protection weakening.

Free assessment

One Essential Eight maturity report per Microsoft 365 tenant.

A$0

✓One full Essential Eight scan
✓Maturity report (ML0 / ML1 / ML2 / ML3) emailed as PDF
✓Per-control findings with remediation guidance
✓Read-only Microsoft Graph access — admin consent shown up front
✓Upgrade planner: see what each remediation lifts you to

Start free scan

No card. One per Microsoft 365 tenant.

Most teams start here

Business

Continuous Essential Eight monitoring for a single tenant up to 50 users.

A$149A$79/month

✓Daily Essential Eight scan against your tenant
✓Drift alerts: new Global Admin, MFA regression, device falls out of compliance, backup protection weakens
✓Monthly maturity reassessment with trend chart vs. last month
✓90-day full evidence retention (raw Graph responses, sha256-hashed)
✓Per-finding evidence pack download — IRAP-QAF / insurer ready
✓Email support

Up to 50 Entra users. Overage moves you to Growth, no surprise invoices.

Growth

Single tenant up to 250 users, with longer evidence retention for board / cyber-insurance reviews.

A$349/month

✓Everything in Business
✓Up to 250 Entra users
✓12-month full evidence retention (90-day default extended)
✓Auditor / cyber-insurer export bundle (CSV + signed evidence index)
✓Quarterly board-ready summary
✓Priority email support — first response within one business day

Enterprise

For organisations above 250 users, regulated industries, or anyone needing custom retention / DPA terms.

Custom

✓Everything in Growth
✓Unlimited users — pricing scales by tenant size
✓Unlimited evidence retention
✓Custom policies (e.g. extra controls beyond Essential Eight, internal frameworks)
✓API access to scans, findings, and evidence pack metadata
✓Signed DPA, custom security schedule, named contact

Talk to us

What’s in each plan

Every paid plan includes the daily scan, the alerting pipeline, the maturity report, and the cryptographically-anchored evidence chain. The differences are retention, export formats, and tenant size.

	Free	Business	Growth	Enterprise
Essential Eight maturity report (ML0–ML3)	One	Monthly	Monthly + quarterly board summary	Monthly + custom cadence
Daily drift scans	—	✓	✓	✓
Change-triggered alerts (MFA / admins / devices / backup)	—	✓	✓	✓ + custom triggers
Per-finding evidence pack (IRAP-QAF aligned)	—	✓	✓	✓
Evidence retention (full Graph response bodies)	n/a	90 days	12 months	Unlimited
Auditor / cyber-insurer export	—	—	✓	✓
API access	—	—	—	✓
Tenant size	Any	Up to 50 users	Up to 250 users	Unlimited
Support	Self-serve	Email	Priority email (1 business day)	Named contact + DPA

Managed Service Providers

Per-tenant pricing for MSPs

If you manage Microsoft 365 for multiple clients, the dashboard you actually want is the regression list: Tenant A regressed. Tenant B added a Global Admin. Tenant C lost MFA coverage. That’s what the MSP plan delivers, billed per managed tenant rather than per seat.

1 – 20 tenants

A$25 per managed tenant / month

21 – 50 tenants

A$22 per managed tenant / month

51 – 200 tenants

A$18 per managed tenant / month

200+ tenants

Custom — talk to us

Multi-tenant dashboard

One pane of glass across every managed tenant. Regression list, weakest controls per tenant, MFA / admin / backup deltas at a glance.

MSP-branded reports

Optional white-label PDF reports — your logo, your colours, our evidence chain underneath.

Bulk onboarding

Connect tenants via your existing partner relationship. New clients can be added by sharing an admin-consent link, no new contract per tenant.

Roll-up alerts

One daily digest summarising every regression across the fleet after each scan cycle, with critical-severity changes (new Global Admin, MFA loss on privileged accounts) called out at the top.

Minimum spend: A$299 / month — equivalent to roughly 12 managed tenants at the entry tier. Above that, the per-tenant rate applies.

Talk to us about an MSP plan

Frequently asked

Do you support Google Workspace?

Not yet — Microsoft 365 is supported today. Google Workspace integration is on the roadmap, so Workspace-first organisations will be able to run the same Essential Eight assessment and continuous monitoring. Email [email protected] and we’ll let you know the moment it ships.

Why isn’t this $19/month?

Because the alert “a Global Administrator was added without MFA” is worth more than $19. A standard Australian cyber-consultant Essential Eight engagement runs AUD $1,500 – $5,000 once. Aegis Eight monitors the same surface continuously, with evidence retained, so the work doesn’t go stale the moment a config drifts. Pricing starts at A$149 because below that the customers we attract aren’t the ones we can help.

How are users counted?

Active Microsoft Entra members and external members in your tenant — the same count Microsoft uses for licensing. Guests and disabled accounts are excluded. We read the count straight from your tenant on first scan; if you outgrow a tier we’ll email you before changing your plan.

Is there a contract?

Monthly. Cancel anytime from the dashboard or by replying to any Aegis Eight email. On cancellation we stop scanning immediately and purge customer data within 30 days on request — see the security page for detail.

What does an alert look like?

Plain-English email with the change, the timestamp, the underlying Graph evidence, and what Essential Eight control it affects. Example: “Alex Chen was assigned the Global Administrator role on 2026-05-31 14:22 UTC. MFA registration: not yet completed. Evidence: snapshot 8c4f… SHA-256 a91d…”. No noise from routine activity — alerts fire when something material to Essential Eight posture changes.

Will I get an email every day even when nothing changed?

No. Drift alerts are change-triggered, not scheduled. On a scan day where the diff against the previous snapshot finds nothing of severity high or above, nothing arrives in your inbox — the dashboard just shows “no changes since last scan”. The monthly maturity reassessment is a separate scheduled artefact and goes out on its own cadence regardless, because it’s a deliverable, not an alert. You can optionally enable a weekly or monthly “all clear” digest in your dashboard settings — it is off by default.

Do you sell this through partners / MSPs?

Yes — see the MSP section below. MSPs get a multi-tenant dashboard with a regression list across all managed tenants, and per-tenant pricing instead of per-seat.

How do I pay?

Card payment via our PCI-compliant payment processor at checkout. Prices are in AUD; if you need USD or NZD invoicing, email [email protected] and we’ll set it up.

Will Aegis Eight ever change my Microsoft 365 settings?

No. Every Microsoft Graph permission Aegis Eight requests is read-only — there is no write surface anywhere in the product. The full list, mapped to the Essential Eight control each scope supports, is on the permissions page.

Questions about pricing or invoicing? [email protected] · Security & data handling · Microsoft Graph permissions