Straightforward pricing for Microsoft-first teams
ScanPosture pricing is based on the number of Entra users assessed, not the number of administrators using the ScanPosture portal.
28-day trial · No credit card · Read-only Microsoft access
From £350 / month for 100 users. Priced per user in the monitored tenant, not per ScanPosture administrator. Tiered for larger tenants, see below.
Every plan includes
- 201 read-only security checks
- 9 security domains scored
- 8 framework readiness views
- Posture scoring and trend history
- Drift detection between scans
- Step-by-step remediation guidance
- PDF reports and scheduled email summaries
- Slack and Teams webhook alerts
- CSV exports of findings and controls
28-day trial · No credit card · Read-only Microsoft access
After Day 28: scanning pauses, your data stays in place for 30 days, one-click activation via Stripe. See trial mechanics →
How we count
What counts as an Entra user?
Pricing is based on users in the assessed Microsoft Entra tenant, not on the number of ScanPosture admin users. This keeps pricing aligned with the environment being monitored.
Marginal-tier pricing, bigger tenants pay less per user
Each band’s rate applies only to the users in that band, like income-tax bands. A 250-user tenant pays 100 × £3.50 + 150 × £3.00 = £800/month, not 250 × £3.00.
MSP pricing is handled separately
MSP pricing is based on customer count, managed users, branding requirements, and reporting model. The direct-customer rate above does not automatically apply to multi-tenant partner deployments.
Where ScanPosture fits
Organisations typically pick between a handful of ways to get this kind of visibility. Each has its place, ScanPosture is designed for recurring Microsoft-first posture visibility and evidence, at SMB-friendly pricing.
| Capability | ScanPosture | Consultant | Secure Score | Spreadsheets | GRC platform |
|---|---|---|---|---|---|
| Scope & coverage | |||||
| Microsoft 365 and Entra ID configuration assessment | |||||
| 201 read-only security checks | |||||
| 9 security domains scored | |||||
| Framework readiness views (CE, ISO, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS, SOC 2, NCSC CAF) | |||||
| Licence-aware states (skipped, insufficient, out of scope) | |||||
| Cadence & drift | |||||
| Continuous posture monitoring | |||||
| Drift detection between scans | |||||
| New, returned, and resolved findings visibility | |||||
| Evidence & reporting | |||||
| Evidence refreshes automatically | |||||
| Board-ready PDF reports | |||||
| Scheduled email summaries | |||||
| CSV exports of findings and controls | |||||
| Remediation | |||||
| Prioritised next actions with estimated impact | |||||
| Step-by-step remediation guides with portal deep-links | |||||
| Progress tracking between scans | |||||
Price ranges are indicative and vary by scope and vendor. ScanPosture uses marginal-tier pricing per Entra user / month: £3.50 (1–100), £3.00 (101–500), £2.50 (501+); from £350 / month for 100 users.
- Microsoft 365 and Entra ID configuration assessment
- 201 read-only security checks
- 9 security domains scored
- Framework readiness views (CE, ISO, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS, SOC 2, NCSC CAF)
- Licence-aware states (skipped, insufficient, out of scope)
- Continuous posture monitoring
- Drift detection between scans
- New, returned, and resolved findings visibility
- Evidence refreshes automatically
- Board-ready PDF reports
- Scheduled email summaries
- CSV exports of findings and controls
- Prioritised next actions with estimated impact
- Step-by-step remediation guides with portal deep-links
- Progress tracking between scans
- Microsoft 365 and Entra ID configuration assessment
- Board-ready PDF reports
- Prioritised next actions with estimated impact
- 201 read-only security checks
- 9 security domains scored
- Framework readiness views (CE, ISO, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS, SOC 2, NCSC CAF)
- Licence-aware states (skipped, insufficient, out of scope)
- Continuous posture monitoring
- Drift detection between scans
- New, returned, and resolved findings visibility
- Evidence refreshes automatically
- Scheduled email summaries
- CSV exports of findings and controls
- Step-by-step remediation guides with portal deep-links
- Progress tracking between scans
- Microsoft 365 and Entra ID configuration assessment
- Continuous posture monitoring
- 201 read-only security checks
- 9 security domains scored
- Framework readiness views (CE, ISO, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS, SOC 2, NCSC CAF)
- Licence-aware states (skipped, insufficient, out of scope)
- Drift detection between scans
- New, returned, and resolved findings visibility
- Evidence refreshes automatically
- Board-ready PDF reports
- Scheduled email summaries
- CSV exports of findings and controls
- Prioritised next actions with estimated impact
- Step-by-step remediation guides with portal deep-links
- Progress tracking between scans
- CSV exports of findings and controls
- Microsoft 365 and Entra ID configuration assessment
- 201 read-only security checks
- 9 security domains scored
- Framework readiness views (CE, ISO, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS, SOC 2, NCSC CAF)
- Licence-aware states (skipped, insufficient, out of scope)
- Continuous posture monitoring
- Drift detection between scans
- New, returned, and resolved findings visibility
- Evidence refreshes automatically
- Board-ready PDF reports
- Scheduled email summaries
- Prioritised next actions with estimated impact
- Step-by-step remediation guides with portal deep-links
- Progress tracking between scans
- Microsoft 365 and Entra ID configuration assessment
- Framework readiness views (CE, ISO, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS, SOC 2, NCSC CAF)
- Continuous posture monitoring
- Drift detection between scans
- Evidence refreshes automatically
- Board-ready PDF reports
- Scheduled email summaries
- CSV exports of findings and controls
- Progress tracking between scans
- 201 read-only security checks
- 9 security domains scored
- Licence-aware states (skipped, insufficient, out of scope)
- New, returned, and resolved findings visibility
- Prioritised next actions with estimated impact
- Step-by-step remediation guides with portal deep-links
Price ranges are indicative and vary by scope and vendor.
Pricing questions
Direct customer plan, billed monthly. Anything not answered here? hello@scanposture.com.
ScanPosture uses marginal-tier pricing per Entra ID user per month, per monitored tenant: £3.50/user for the first 100 users, £3.00/user for users 101–500, and £2.50/user for users 501+. The user count is taken from your most recent completed scan, so it tracks joiners and leavers automatically. Pricing starts from £350 a month for 100 users; a 250-user tenant pays £800 a month.
Any active user account in the Entra ID tenant ScanPosture is monitoring. ScanPosture administrators inside your organisation are not charged as a separate seat, pricing is per monitored Entra user, not per ScanPosture login.
No. Direct customer plans are billed monthly via Stripe and you can cancel any time from the in-app billing settings. Cancellation takes effect at the end of the current billing period.
Partner pricing is handled separately, the model takes into account the number of customer tenants, the total managed user count, branding requirements and reporting cadence. Use the MSP enquiry form to scope.
Yes. The trial includes a complete first scan, a posture readout across all nine security domains, and a guided walk-through of the priority actions. Start by booking a demo and we will set the trial up alongside.
Try ScanPosture against your own tenant
Start the trial and see your posture priced against your real Entra user count, no estimates, no sales call required.
Priced per Entra user · From £350 / month · 28-day free trial · cancel any time