Partner Program — First Month Free

Sell 24×7 security monitoring
without hiring an analyst.

EasySOC is the autonomous investigation engine you resell. White-label, running on the Microsoft 365 tenants you already manage — a new monitoring tier you brand, bill, and keep the margin on.

01

New recurring revenue. Zero added headcount.

EasySOC becomes a 24×7 monitoring tier you package, brand, and bill monthly — without recruiting a single analyst or building a SOC from scratch.

The work that used to demand a triage team now runs autonomously in the background. You add a security line to every client invoice and keep serving the tenants you already manage.

02

Reseller economics that work in your favour.

A flat price per tenant, wholesale, for any user count. You set the retail price your clients pay and keep the spread — recurring, predictable margin on every tenant you onboard.

Deployment is your billable services work; we don't charge you for it. And auto-close keeps the agent from running the model on alerts that don't need it — which quietly lowers your clients' Azure and inference spend.

03

The risk you already carry, now backed by a product.

When a client gets breached, you're the one who answers for it — usually with no security product to sell and no team to build one.

EasySOC gives you a credible answer: every alert investigated, every verdict documented in plain English, every case file timestamped. The difference between "we had no idea" and "here's exactly what we knew and when."

The Gap, and the Fix

You manage the stack.
You can't action its alerts.

You already run Defender, Entra, and Sentinel across your clients' tenants — and XDR throws a constant stream of alerts your generalist team can't realistically interpret. Here's how EasySOC closes that gap, on a tenant you already manage, the same day.

Step 01

Deploy a single container

You deploy one container inside the client's Microsoft 365 tenant — same day, with our free onboarding tooling. It connects to the Defender XDR and Sentinel you already manage, and the customer's data never leaves their tenant (BYOL). See the technical partners guide for setup details.

Step 02

It investigates every alert

The agent polls XDR and Sentinel, and the moment an alert lands it investigates autonomously — querying log sources, enriching with threat intelligence, correlating identity and endpoint telemetry. The full analyst workflow, with nobody in particular needed to run it.

Step 03

Verdicts land in Teams

A plain-language verdict posts to a dedicated Teams channel within minutes, with the full report saved to a shared Teams folder — readable by a non-expert. The client answers the occasional question in plain English; response stays with you, on the admin access you already hold.

In-tenant by design — for data sovereignty. The container and the customer's data stay inside their own tenant; nothing is shipped out to a third-party SOC. Investigate-and-advise, by architecture. The agent does not perform automated blocking — a deliberate design decision that keeps response, and control, with you the MSP.

Why It Retains

The longer a client stays,
the quieter it gets.

The first time an unfamiliar pattern fires, the agent asks one plain-language question — "is this admin activity normal?" The client answers once, that answer becomes a permanent fact about their environment, and the same alert never has to bother anyone again.

Early on — a noisy new tenant

A fresh environment is unfamiliar to the agent: new logins, routine admin actions, benign automation all surface. It investigates each one and asks the handful of questions only the client can answer.

Later — mostly signal that matters

Same tenant, no new work. The benign noise has gone permanently quiet and what surfaces is worth acting on. The value compounds month over month — and the client can't take that accumulated context with them if they leave.

Under the Hood

Not one AI. A coordinated
analyst team.

We don't claim to out-analyze Microsoft. Copilot needs an analyst who already knows what to ask — EasySOC runs autonomously and accumulates context about each tenant, which is the part Copilot doesn't do. Between "alert received" and "report filed," a purpose-built investigation engine runs, designed around how real analysts work.

Lead Analyst
Supervisor
Kill Chain  ·  MITRE ATT&CK  ·  IR Lifecycle
Case framing Specialist dispatch Final synthesis
Network
IPs & DNS
Windows
Endpoints
Email
Phishing
Identity
Entra ID
Cloud
Azure IAM
Web
HTTP / C2
Linux
Unix / Servers
DevOps
Pipelines
Containers
K8s / Docker

9 specialists. Zero context bleed.

A single AI trying to cover every domain at once loses precision as the investigation grows — email signals contaminate endpoint analysis, identity context gets buried. Each specialist runs in a fully isolated conversation with only the tools and embedded knowledge its domain requires. The Supervisor coordinates the case and writes the final report. Specialists execute. Neither does the other's job.

Every action scoped, logged, and bounded.

No analyst can query data outside the active case. Every tool call — threat intelligence lookups, SIEM queries, identity checks — is validated, scoped to your tenant, credentialed from a secrets store, and written to an audit trail before it executes. Hard limits on time, cost, and tool-use iterations apply per investigation. No runaway AI. No surprise charges. No access beyond the alert under investigation.

Some alerts never need AI at all.

Before any AI model is invoked, a deterministic pre-enrichment layer runs: IOC extraction, reputation lookups, and known-benign pattern matching. Clear-cut alerts can be closed at this stage — no LLM, no cost, no delay. For everything else, simple alerts use a fast model tier; complex multi-analyst investigations escalate to the highest capability. Depth where it matters, efficiency everywhere else.

Partner Pricing

One flat price per tenant.
You keep the spread.

A single flat price per tenant, per month, for any number of users. You set the retail price your clients pay and keep the margin in between.

Per tenant, not per seat

One rate per tenant regardless of user count — no per-seat math, no tiers to track. Deployment is your billable services work; we don't charge you for it. Base monitoring includes free and community threat intelligence; premium TI enrichment is an optional usage add-on.

First month — no service fee

On every new tenant we waive our service fee for the first month, so you can prove the value to a client before billing them. (The client's own Azure and container running costs in their tenant still apply.) The rate sits well below traditional SMB MDR retail — leaving plenty of headroom for your margin.

Who It's For

Built for one kind of partner.

EasySOC is purpose-built for generalist Microsoft MSPs who want to start a security practice but keep running into the same labor-market reality — the analysts to staff one don't exist, or can't be afforded. It isn't for everyone, and we'd rather tell you up front.

A fit if you're…

A generalist Microsoft MSP

"You manage M365 Business Premium tenants for SMB clients and have no security practice of your own."

You already hold admin access to your clients' tenants and want to add a resellable 24×7 monitoring tier — new recurring revenue, zero added headcount, and a same-day start on environments you already run.

Not a fit if you're…

An MSSP with a mature SOC

"You already employ a team of analysts, or your clients aren't on Microsoft 365."

EasySOC is for partners who don't have — and don't want to build — an analyst team. If you run a mature SOC, work outside the M365 ecosystem, or you're an SMB looking to buy direct, we're probably not the right fit.

Become a Partner

Start a partner
conversation.

A new revenue line, zero added headcount, and a same-day start on tenants you already manage — with the first month free. Tell us about your shop and we'll set up a pilot. No sales pitch, just a straight conversation about fit.

First month free on your first tenant
White-label — your brand, your retail price
No commitment, no contract
Your details stay with us

No commitment. We'll be in touch shortly.

Something went wrong — please try again or email us directly.

Thanks — we'll be in touch.

We'll reach out shortly to talk through the partner program and set up a pilot. In the meantime, if you have questions feel free to email us directly.