Microsoft 365 · 3 July 2026 · 7 min read
Enterprise clients and insurers increasingly ask for logging and alerting — not a slide that says "we have antivirus." Sentinel baseline setup gives tuned alerts, escalation runbooks, and MSP handoff without pretending to be a manned SOC.
Sentinel is not only for enterprises. Growing SEQ businesses face security questionnaires that ask for centralised logging, incident response, and evidence of monitoring — while their MSP forwards Defender alerts to an inbox nobody reads.
FC-24 Sentinel Baseline Setup onboarded log sources, alert rules, escalation runbooks, and handoff to your MSP or FC-22 monitor retainer — fixed scope, not open-ended SIEM consulting.
Baseline: M365 and identity logs ingested, high-signal alerts tuned to reduce noise, playbooks for common scenarios, documented escalation to named owners.
Not baseline: 24/7 SOC floor, full SOAR automation, or compliance certification by itself. FC-22 adds monthly review and tuning — still not a manned SOC.
Entra ID sign-ins and risky users, Defender for Office 365, SharePoint/Exchange audit, endpoint telemetry if you standardise on Defender for Endpoint.
Skip collecting everything on day one — cost and noise scale fast. Start with identity and email — where break-ins actually start.
North Ark designs and tunes; your MSP can own ticket response if that is the commercial model. The runbook names who gets paged, what they check first, and when to escalate to senior incident response.
This complements M365 baseline (FC-04) and Essential Eight uplift — not replaces them.
FC-24 typically runs $8,000–$12,000 over 2–3 weeks depending on log source count and tenant complexity. Book from the Microsoft packages page or start with M365 security baseline if identity is not yet clean.
