glacierr
get in touch
stage · 02build
Hands-on configuration, implementation, automation, agent development. Anything that has to be built or shipped lives here — Sentinel cost work, Purview deployment, Defender hardening, Security Copilot agents, automations from your backlog, custom integration.
01what sits in build
Every Build engagement is consultant-led and change-controlled — the plan is signed before we touch your tenant, every change has a rollback path, and the runbook walks out the door with you, not us.
Rebuild your ingestion strategy connector by connector. Tier moves, DCR rewrites, basic-vs-analytics splits, archive policy. Before/after invoice comparison — saving lands on the next bill, not in a slideshow.
Label architecture, sensitivity-based DLP enforcement, audit-trail wiring. Defender for Endpoint, Office and Identity configured against current baseline. The posture you've meant to land — landed.
Microsoft Security Copilot agents — off-the-shelf agents from our Security Store catalogue tuned to your tenancy, or bespoke agents built ground-up against a runbook you already trust.
The work that gets deprioritised until it causes a breach. Logic Apps, Power Automate, Sentinel playbooks, custom connectors, third-party tool integration. Four-week automation sprints or scoped per opportunity.
02packages
The three most-chosen packages are below. Starting prices assume standard tenancy complexity. Full menu of Build engagements — Defender Hardening Sprint, Bespoke Agent, Purview Implementation, Custom Integration — quoted on the first call. We don't charge by the day.
Pick one of our Security Store agents. We deploy it into your tenant, tune it to your data and naming conventions, and hand it over.
Two automations from your backlog, shipped to production. We pick the two with the highest ratio of operator hours saved to delivery risk. You sign off the choice in week one.
Connector-by-connector ingestion rebuild. Saving lands on your next invoice, evidenced against the last one.
All packages are billed against milestones, net 14 from acceptance. Travel within the UK is included. Microsoft licensing (Sentinel, Defender, Purview, Security Copilot) is held by the client.
Two of our Build patterns are live in the Microsoft Security Store today, both forged on real client engagements. The challenges we're handed keep our tools sharp — hardened on real problems before they reach the next team. See Evolve for how that works.
cost & usage analyst
identity application analyst
03proof
Anonymised on purpose — references available under NDA at the second call. Sentinel cost work is the deepest track record line; the £4.2m headline is cumulative across the founder's prior engagements.
Cumulative annualised Sentinel ingestion reduction across the founder's prior Build engagements — fintech, healthcare, public sector. Detection coverage held or improved in every case.
Mid-market manufacturer, Sentinel queue running 200 alerts/day at a team of three. Four-week automation sprint: enrichment, dedupe, suppression for known-benign patterns.
UK challenger bank. Defender for Endpoint licensed at E5 but configured to default. Four-week sprint moved baseline posture score from 41 to 78 — no impact to user experience.
Bring it on the first call. We'll tell you on the spot whether it's a tenant-tune, an automation sprint, a Sentinel cost rebuild, or a bespoke agent — and whether it's the kind of challenge that sharpens one of our tools along the way.