A secure, managed, documented and recoverable baseline that keeps people working, reduces avoidable risk and stops important IT work being left to chance.
These are not premium extras or later upsells. They are the things we put in place so your IT is monitored, secured, recoverable and easier for your users to work with.
We monitor your environment closely for failures, security signals and unhealthy devices, then patch with urgency. That means issues are often dealt with before users realise anything happened, so productivity keeps moving instead of turning into a support queue.
We administer your Microsoft 365 tenant, review security settings and use our secure centralised management platform to spot drift. That means your tenant does not quietly slide backwards after onboarding, and risky changes are easier to catch before they become incidents.
We harden identity, devices, Microsoft 365, browsers, data protection and update settings against a recognised benchmark. That gives you a defensible security posture, closes the easy gaps and makes insurer, Cyber Essentials and breach conversations less painful.
We back up Exchange, SharePoint, OneDrive and Teams data outside normal platform retention. That means accidental deletion, ransomware, account compromise or a bad configuration change does not automatically become permanent data loss.
We put filtering, anti-phishing controls, awareness training, browser protection and BEC-focused checks around email. That means fewer malicious messages reach staff, and the ones that do are less likely to become invoice fraud, credential theft or a full compromise.
We monitor endpoint activity and suspicious sign-in patterns, then raise the right alerts when behaviour looks wrong. That means stolen passwords, unusual travel, risky devices and early-stage compromise attempts get attention while there is still time to act.
We deploy a managed password vault for your users, with secure sharing and better control of business credentials. That means fewer reused passwords, fewer secrets saved in browsers or spreadsheets, and cleaner offboarding when someone leaves.
We manage core DNS records, up to three domain renewals and web-edge protection for client websites we manage. That means the quiet, boring parts of your online presence are not forgotten until email stops, the website disappears or a renewal gets missed.
We check for lookalike domains being registered against your brand. That means you get earlier warning when someone appears to be preparing phishing, invoice fraud or business-email-compromise attacks that pretend to be you.
We do the remediation needed to bring the in-scope environment up to Cyber Essentials, then support the certification process. That means it becomes part of the managed service instead of another security project everyone agrees is important but nobody has time to finish.
We give users a tray application for essential information, device actions, support options and approved application installs. That means common tasks are easier for staff, support is less mysterious, and people can get what they need without hunting through old emails.
We run regular checks for licence waste, risky logins, baseline drift and recurring configuration issues. That means you are not paying for avoidable waste, and the environment stays tidy after onboarding instead of slowly unravelling.
The goal is the same: fewer surprises, better security and less downtime. The work changes depending on whether your business is cloud-first or still has servers, VPNs, legacy systems and site infrastructure that matter.
For businesses where identity, email, files, devices and core services are Microsoft 365 and cloud-based. We make the tenant the control point, so users can work flexibly without everything becoming loose and unmanaged.
For organisations with local servers, line-of-business applications, site networks, VPNs, RDS, SQL or specialist systems that still matter. We keep the older moving parts visible, documented and recoverable, because hidden dependencies are what turn small outages into lost days.
The standard is deliberately strong, but it still needs a boundary. We include the work needed to bring the in-scope environment up to the secure baseline and Cyber Essentials compliance, so you start from a better position without a separate onboarding bill swallowing the conversation.
Remediation required to meet the NorthMSP secure baseline and Cyber Essentials scope is built into the managed service price. The point is simple: the basics get done early, properly and as part of the service.
Some work is important, but not part of the included secure baseline. We call that out early and quote it properly, so you can make a decision with eyes open rather than discover it halfway through an incident or renewal.
The core standard applies to every managed client. The exact controls depend on the environment, because a cloud-first business and a hybrid site do not need the same work, but the outcome is the same: a secure, managed and recoverable baseline.
Yes. Remediation required to bring the in-scope environment up to Cyber Essentials compliance is included in the managed service price, so certification is not left as a separate project that never quite gets started.
No. CIS is a benchmark, not an SME certification badge. Our secure baseline is CIS-aligned and adapted for practical SME environments, so recognised best practice is turned into working controls rather than a theoretical document.
No. NorthDock is a client tray application that gives users quick access to useful information, support actions, device tools and approved application installs. It removes friction for common tasks, but it does not replace direct support.
If you are reviewing IT support, ask what is actually included and what difference it makes. We are happy to walk through the standard, what applies to your environment, and how it helps keep the business working.