Microsoft Solutions Partner • SMB & Enterprise

Deploy, Harden & Operate the Microsoft Security Stack

Microsoft Business Premium for SMBs (under 300 users) and M365 E3 / E5 for large enterprises — Defender, Entra, Purview, Intune, and Sentinel, rolled out, tuned, and run by a Microsoft Solutions Partner with 15+ years of security delivery in India. Licence procurement in INR, ISO 27001 & DPDPA alignment, and integrated Fortinet cross-vendor SOC.

See the Stack
6+
Microsoft Security Products
~56
ISO 27001 Controls Covered
24×7
Managed SOC Coverage
India
Data Residency (Mumbai, Pune, Chennai)

Two Paths to Microsoft Security — SMB & Enterprise

Microsoft's Business plans are capped at 300 seats per tenant — that is the hard line between "SMB" and "Enterprise" licensing. We deploy, procure, and manage both sides.

Most Indian mid-market companies sit comfortably on Business Premium and never need to move to Enterprise — we'll tell you when an upgrade is actually required vs when it's just upsell noise.

For SMBs — under 300 users

Microsoft 365 Business Premium

The all-in-one SMB security bundle. One SKU covers identity, endpoint, email, DLP, device management, and information protection — without needing E-series licensing or add-ons.

What's included

  • Entra ID P1 — Conditional Access, MFA, SSPR
  • Defender for Business — next-gen AV, ASR, lightweight EDR, auto-investigation, basic vulnerability management
  • Defender for Office 365 Plan 1 — Safe Links, Safe Attachments, anti-phishing
  • Intune — MDM for corporate devices, MAM App Protection for BYOD
  • Azure Information Protection P1 — sensitivity labels, manual classification, rights management
  • Purview DLP — Exchange, SharePoint, OneDrive
  • Windows 11 Pro upgrade rights + BitLocker

Hard cap: 300 seats per tenant. Hit the ceiling? We migrate you to E3 / E5 at no cutover cost.

For Enterprise — 300+ users

Microsoft 365 E3 / E5

Uncapped enterprise licensing with full Defender XDR, Entra P2 (PIM + Identity Protection), Purview Insider Risk, Records Management, and Microsoft Sentinel integration at scale.

What E5 adds over E3

  • Entra ID P2 — Identity Protection, PIM, access reviews
  • Defender for Endpoint P2 — full EDR + MDVM + advanced hunting
  • Defender for Office 365 P2 — Threat Explorer, AIR, Attack Simulation Training
  • Defender for Cloud Apps (CASB) + Defender for Identity
  • Purview Audit Premium — 1-year retention + high-value events
  • Insider Risk Management + Communication Compliance
  • Records Management (file plan + disposition review)
  • DLP for Teams chat

No seat cap. Also available as E3 + E5 Security add-on for customers who want the security uplift without the full compliance pack.

The Microsoft Security Stack We Deploy

Six overlapping product families that together form a complete ISMS toolkit. We deploy them, integrate them, hand the running estate over to your SOC, or run it for you.

Identity

Microsoft Entra ID

Directory, SSO, Conditional Access, MFA, Identity Protection, Privileged Identity Management, access reviews.

Tier: P1 (Business Premium / E3) or P2 (E5). PIM + Identity Protection require P2.

Endpoint

Defender for Business / Endpoint

Next-gen AV, attack surface reduction (ASR), EDR, auto-investigation, Microsoft Defender Vulnerability Management, advanced hunting.

Tier: Defender for Business (Business Premium, lightweight EDR) · Defender for Endpoint P1 (E3, AV + ASR) · P2 (E5, full EDR + MDVM).

Email & Collab

Defender for Office 365

Safe Links, Safe Attachments, anti-phishing, Threat Explorer, automated investigation, Attack Simulation Training.

Tier: P1 (Business Premium / E3) or P2 (E5 — AIR + training).

Cloud Apps

Defender for Cloud Apps

Cloud Access Security Broker — shadow IT discovery, inline + API CASB, session policies, OAuth app governance.

Tier: E5 or E5 Security add-on.

Data Protection

Microsoft Purview

Sensitivity labels, Data Loss Prevention (Exchange, SharePoint, OneDrive, Teams, Endpoint), Audit, Records Management, Insider Risk Management, eDiscovery, Compliance Manager.

Tier: E3 (core) or E5 (auto-labelling, IRM, Records, Audit Premium).

Device Management

Microsoft Intune

MDM for corporate devices, MAM App Protection Policies for BYOD, configuration profiles, compliance policies, security baselines, Autopilot provisioning.

Tier: Included in M365 E3 / E5.

Detection & Response

Microsoft Defender XDR

Unified incident portal across Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, and Defender for Identity. Cross-signal correlation, automated investigation & response, advanced hunting.

Tier: Included wherever the underlying Defender products are licensed.

SIEM / SOAR

Microsoft Sentinel

Cloud SIEM/SOAR billed via Azure consumption. Pull in Defender XDR, Entra, Intune, firewall, network, and on-prem logs for cross-source correlation. Playbooks, analytics rules, hunting queries.

Tier: Separate billing (Azure). Extended retention for CERT-In 180-day log compliance.

Microsoft Solutions Partner

A Solutions Partner — Not Just a Reseller

Ogma holds Microsoft Solutions Partner designations in Security and Modern Work — Microsoft's competency tiers that require demonstrated deployment capability, certified engineers, and active customer success metrics. This lets us do three things most CSPs can't:

  • Procure licences directly — M365 E3, E5, E5 Security, E5 Compliance, Sentinel — with GST invoicing in INR, not a forex-exposed USD bill.
  • Deploy in-house — our Microsoft-certified engineers stand up the estate end-to-end, no third-party subcontractors between you and the execution team.
  • Escalate directly to Microsoft — partner-tier support channels for critical incidents, preview programmes, and early access to new capabilities.

Licence Procurement Scope

M365 Business plans (< 300 users) — Basic, Apps, Standard, Business Premium
Defender for Business — standalone SKU for SMB endpoint security add-on
M365 Enterprise (300+ users) — E3, E5, F-series frontline, A3/A5 education
M365 E5 Security — Defender P2 + MDCA + Defender for Identity + Entra P2
M365 E5 Compliance — IRM, Communication Compliance, Records, Audit Premium
Microsoft Sentinel — Azure consumption, data tier + retention
Entra ID Governance & Azure security add-ons — lifecycle workflows, Defender for Cloud, Key Vault

Right-Size Your Microsoft 365 Licence

Business Standard and Business Premium cap at 300 seats per tenant. Above that you move to E3 or E5. Here is the full side-by-side so you can see exactly what each tier gives you — and where the real upgrade points are.

Capability Business
Standard		 Business
Premium		 E3 E5
Seat cap per tenant300300UnlimitedUnlimited
Exchange / SharePoint / OneDrive / Teams
Entra ID P1 — Conditional Access + MFA + SSPR
Entra ID P2 — Identity Protection, PIM, access reviews
Defender for Business (SMB lightweight EDR + AV + ASR)
Defender for Endpoint P1 (AV + ASR only)
Defender for Endpoint P2 (full EDR + MDVM + advanced hunting)
Defender for Office 365 P1 (Safe Links / Safe Attachments)
Defender for O365 P2 (Threat Explorer, AIR, Attack Simulation)
Defender for Cloud Apps (CASB) & Defender for Identity
Azure Information Protection P1 — sensitivity labels (manual)
Auto-labelling + trainable classifiers (E5 Information Protection)
Purview DLP — Exchange, SharePoint, OneDrive
DLP for Teams chat & endpoint
Purview Audit Standard (180-day)
Purview Audit Premium (1-year + high-value events)
Insider Risk Management + Communication Compliance
Records Management (file plan + disposition review)
Intune MDM + MAM + security baselines

💡 Our default recommendation for Indian SMBs under 300 users

Start with Microsoft 365 Business Premium. It's the cleanest bundle on the market for SMB security — Conditional Access, Defender for Business with EDR, Intune, basic DLP, and sensitivity labels, all under one SKU with a single invoice. Add Defender for Business Servers if you need server onboarding. Only consider E3/E5 if you are approaching 300 seats, need PIM, or have genuine Sentinel / Insider Risk / Records Management requirements that Business Premium doesn't cover.

Not sure which tier fits? Our licence advisory session picks the right SKU mix for your user count, compliance scope, and budget — typically closes with a written recommendation in 48 hours.

Our 4-Phase Deployment Methodology

A structured rollout that maps directly to the ISO 27001:2022 control set. Every phase ends with auditable evidence you can show to your board.

Phase 1 — Weeks 1–4

🔐 Identity & Foundation

  • Entra ID baseline — Conditional Access, MFA organisation-wide, legacy auth blocked, named locations, device-state policies
  • Secure Score triage — action the top 10 high-impact, low-effort recommendations
  • Intune MDM rollout for corporate devices, BitLocker + compliance policy enforcement
  • Purview Audit enabled (Standard 180-day or Premium 1-year)

Phase 2 — Weeks 5–10

🛡 Data Protection & Classification

  • Sensitivity label taxonomy (Public / Internal / Confidential / Highly Confidential) with container labels for SharePoint + Teams
  • Auto-labelling for PAN, Aadhaar, GSTIN, credit card patterns (E5 feature)
  • DLP policies across Exchange, SharePoint, OneDrive, Teams, Endpoint, Edge browser
  • Retention policies aligned to DPDPA + CERT-In 180-day log retention
  • Defender for Endpoint onboarding + ASR rules in audit-then-block mode
  • Defender for Office 365 Safe Links + Safe Attachments for all mailboxes

Phase 3 — Weeks 11–16

🔎 Detection, Response & Privileged Access

  • Defender XDR unified portal + investigation workflows
  • Microsoft Defender Vulnerability Management (MDVM) onboarding for continuous posture
  • Defender for Cloud Apps (MDCA) + Cloud Discovery against existing DNS / firewall / Defender logs
  • Entra Identity Protection risk policies — high sign-in risk block, medium risk MFA
  • PIM for every admin role — eligible-only, approval workflow for Global Admin
  • Microsoft Sentinel stood up for cross-source correlation, CERT-In 180-day log retention, and integration with FortiAnalyzer
  • Cross-vendor connectors (Fortinet, CrowdStrike, third-party SIEM) wired against your tenant ID — if you don't know yours, our free Microsoft tenant ID lookup returns it from any verified domain in seconds

Phase 4 — Weeks 17–20

📋 Governance, Evidence & Handover

  • Compliance Manager — ISO 27001:2022, DPDPA, RBI, SEBI CSCRF assessments walked through end-to-end
  • Evidence package exported — Secure Score, CA policies, DLP reports, Defender incidents, Intune compliance, audit log search
  • Attack Simulation Training rolled out (Defender for O365 P2 / E5)
  • Run book handover to your SOC, or cut over to our 24×7 Managed SOC service
  • Stage 1 ISO audit pre-read package delivered

Integrated With Your Existing Fortinet Estate

Almost nobody deploys the Microsoft security stack AND runs a deep Fortinet practice under one roof. This is where Ogma's dual-vendor competency becomes a real advantage.

FortiAnalyzer → Sentinel data path

We pipe FortiGate, FortiSwitch, FortiAP, FortiMail, and FortiWeb logs into Microsoft Sentinel via the Fortinet data connector — so your network edge and Microsoft identity/endpoint events correlate in a single incident queue.

Unified policy authoring

Your Conditional Access policies (Microsoft) and your FortiGate identity-based firewall rules (Fortinet) should reference the same Entra groups. We make sure the two sides never drift apart during day-2 operations.

FortiSASE for the edge, Defender XDR for the endpoint

Many Indian enterprises run FortiSASE for cloud-delivered secure access and Microsoft Defender for endpoint. We design the split so neither layer duplicates the other — you don't pay twice for URL filtering or DLP.

Single-pane SOC

Our managed SOC analysts work from Sentinel + Defender XDR, with FortiAnalyzer side-panel for network telemetry. One playbook, one incident timeline, one RCA — not two parallel investigations.

Aligned to Your Compliance Obligations

The Microsoft security stack deployed correctly delivers ~60% of the controls in ISO 27001:2022 and maps directly to DPDP Rules 2025 Rule 6 safeguards. We ensure the right policies, licences, and evidence are in place.

ISO/IEC 27001:2022

Purview Compliance Manager ISO 27001:2022 assessment walked through end-to-end. Evidence pack (Secure Score, CA policies, DLP reports, audit exports) prepared for Stage 1 auditor pre-read.

Read our ISO 27001 + M365 playbook →

DPDP Rules 2025

Rule 6 security safeguards (encryption, access control, logging, continuity, 365-day retention, processor contracts, TOM) mapped one-for-one to Microsoft features. Rule 7 two-stage breach notification pipeline built on Defender XDR + notification engine.

Read our DPDPA playbook →

CERT-In / RBI / SEBI

Microsoft Sentinel retains logs in the India region for the CERT-In 180-day mandate. M365 data residency in Mumbai / Pune / Chennai satisfies RBI, SEBI CSCRF, and IRDAI localisation requirements on top of DPDPA.

Why Choose Ogma as Your Microsoft Security Partner

Solutions Partner Designations

Security and Modern Work — Microsoft's competency tiers that require certified engineers, deployment evidence, and customer success metrics.

Dual-Vendor Competency

Microsoft and Fortinet under one roof. Sentinel analysts who understand FortiGate. Conditional Access engineers who can read a FortiSIEM correlation rule.

INR Licence Procurement

Direct procurement, GST 18% invoicing, standard Indian enterprise payment terms. No forex exposure on renewal. No credit-card surprise bill.

Own 24×7 Managed SOC

Ogma-run SOC on Sentinel + Defender XDR. Tier 1/2/3 analysts in India, custom parsers, MITRE ATT&CK hunting, monthly KPI reviews.

Compliance-Ready Evidence

ISO 27001, DPDPA, CERT-In, RBI, SEBI CSCRF — we build the audit evidence pack as we deploy, not as an afterthought at pre-audit time.

Reference Customers

Active enterprise clients across BFSI, manufacturing, pharma, healthcare, and public sector running Microsoft security at scale. We'll connect you before you sign.

Who Runs on Microsoft Security

Any Indian enterprise already standardised on Microsoft 365 — which is most of them — is a natural fit for the full security stack.

BFSI

RBI CSCRF, SEBI compliance, privileged access audit trails.

Healthcare & Pharma

EHR data, clinical trial IP, DPDPA health-data protection.

Manufacturing

IP protection via sensitivity labels + DLP, OT isolation via Intune.

Public Sector / PSU

India region data residency, MeitY-aligned data protection.

E-commerce & Retail

Identity hygiene at scale, PCI-DSS alignment, insider risk monitoring.

Fintech & SaaS

Zero Trust posture, passwordless, Conditional Access at scale.

Education & Ed-tech

M365 A3/A5 for education, Intune for student devices.

Media & OTT

Content IP protection, guest collaboration governance.

Frequently Asked Questions

Ogma holds Microsoft Solutions Partner designations in Security and Modern Work. These are Microsoft's current competency tiers (the successor to Gold Partner) that require demonstrated deployment capability, certified engineers on staff, customer success metrics, and renewed performance targets. We are not a CSP-only reseller — we own the delivery end to end.

Yes. We procure the full M365 catalogue in INR with GST 18% invoicing — M365 Business plans (Basic, Apps, Standard, Business Premium), Defender for Business as a standalone SKU, M365 Enterprise (E3, E5, F-series frontline), the E5 Security and E5 Compliance add-ons, Entra ID P2, Entra ID Governance, Microsoft Sentinel (Azure consumption), and Azure security add-ons. No forex exposure, no credit-card fee. Payment terms are 30 days from invoice for enterprise customers.

Absolutely, and it's actually our sweet spot. Microsoft 365 Business Premium is the SMB bundle that caps at 300 seats per tenant — it includes Entra ID P1 (Conditional Access + MFA), Defender for Business (lightweight EDR), Defender for Office 365 Plan 1, Intune MDM + MAM, Azure Information Protection P1 with sensitivity labels, basic Purview DLP on Exchange / SharePoint / OneDrive, and Windows 11 Pro upgrade rights. For 95% of Indian SMBs that is the right starting point — you do NOT need E3 or E5 until you hit the 300-user ceiling or have a specific compliance requirement (PIM, Insider Risk, Records Management, Audit Premium, DLP for Teams chat). We strongly prefer Business Premium where it fits and migrate you to E3/E5 only when the numbers actually demand it.

Simple decision tree: (1) Under 300 users — Business Premium, every time. It's all-in-one SMB security at the best price point Microsoft offers. (2) At or above 300 users — you have to move to Enterprise (E3 or E5). Start with E3 + E5 Security add-on, which gets you Entra P2, Defender P2 across Endpoint and Office, Defender for Cloud Apps, and Defender for Identity at a lower total cost than full E5. Full E5 only makes sense if you genuinely need Purview Insider Risk Management, Communication Compliance, Records Management, or Audit Premium for compliance / regulatory reasons. We'll do the licensing math against your user count, compliance scope, and budget and send you a written recommendation in 48 hours.

Our standard 4-phase methodology runs 20 weeks. Phase 1 Identity + Foundation (weeks 1–4), Phase 2 Data Protection (weeks 5–10), Phase 3 Detection + Privileged Access (weeks 11–16), Phase 4 Governance + Evidence + SOC handover (weeks 17–20). Smaller rollouts or focused Defender XDR-only deployments can finish in 8–10 weeks. We do not recommend a big-bang approach — staged rollout catches misconfigurations before they hit the production user base.

Microsoft publishes a native Fortinet data connector for Sentinel. We deploy the Sentinel side, configure the Fortinet connector on FortiAnalyzer, and build Sentinel analytics rules that join Fortinet network events with Defender XDR identity and endpoint events in a single incident queue. Our SOC analysts work primarily from Sentinel with FortiAnalyzer as a side panel for deep network forensics. You don't pay for two parallel investigations.

Your choice. Option 1: we deploy, document the run book, train your internal team, and hand over. Option 2: we run it for you under a 24×7 Managed SOC contract on Sentinel + Defender XDR. The managed option includes Tier 1/2/3 analyst coverage, custom parsers, MITRE ATT&CK hunting, monthly KPI reviews, and integration with your incident management tool. Option 3: a hybrid split where we cover after-hours and your internal team runs business hours.

Both. If you already hold M365 licences through another CSP or directly, we deliver implementation and managed services only — no licence movement needed. If you want us to consolidate procurement under one partner, we can transfer the tenant to our CSP relationship at your next renewal date, typically with no business disruption and often better commercial terms.

Deployed correctly, the Microsoft security stack addresses approximately 56 of the 93 Annex A controls in ISO 27001:2022 — primarily A.5 Organizational, A.8 Technological, and parts of A.6 People and A.7 Physical. Our Phase 4 governance stage walks through the Purview Compliance Manager ISO 27001:2022 assessment template with you, exports the evidence pack for your Stage 1 auditor, and identifies the ~27 gap controls that need non-Microsoft tooling (Fortinet for A.8.22 network segmentation, vendor risk process for A.5.19–21, etc.). See our ISO 27001 + M365 playbook for the full mapping.

Yes, with specific caveats. DPDP Rule 6's seven security safeguards (encryption, access control, logging, continuity, 365-day retention, processor contracts, TOM) map one-for-one onto Entra, BitLocker, Defender, Purview Audit, and Intune. DPDP Rule 7's two-stage breach notification is built on Defender XDR alerting + notification engine. CERT-In's 180-day log retention is satisfied by Purview Audit Standard (180 days) or extended via Microsoft Sentinel to 1 year and beyond. For non-M365 sources (firewalls, IDS, WAF, VPN) Sentinel is where those logs land — M365 alone does not cover them.

Yes. Microsoft operates data centres in Mumbai, Pune, and Chennai. India is a Local Region Geography — Exchange Online, SharePoint, OneDrive, Teams, and Purview data for tenants provisioned in India is stored at rest in India. Microsoft also offers the Advanced Data Residency (ADR) add-on for customers needing commitments beyond the core set. Sentinel data can be kept in the India (Central or South) Azure region to meet RBI and SEBI localisation requirements.

No problem. The cross-vendor Sentinel + FortiAnalyzer integration is a capability we offer when it fits — not a requirement. If you run Cisco, Palo Alto, Check Point, or Juniper at the edge, Sentinel has native connectors for all of them, and we deploy Microsoft security as a standalone stack. Our Fortinet depth is a differentiator; it isn't a lock-in.

Yes — in fact we often recommend this for customers new to the Microsoft security stack. Defender XDR gives you immediate value (unified incident queue across Endpoint, Office 365, Identity, Cloud Apps) without Azure consumption billing. Sentinel comes in Phase 3 when you need cross-vendor correlation or CERT-In 180-day log retention on non-M365 sources. The two integrate natively so adding Sentinel later doesn't require re-onboarding any Defender data.

Ready to Get the Most From Microsoft Security?

Talk to a Microsoft Solutions Partner who also runs a deep Fortinet practice. We'll scope your deployment, size the licences, and send you a written proposal within a week.

Write to [email protected]