Compliance check · For Singapore MSPs

PDPA COMPLIANCE

Done correctly. In two minutes.

We run a Personal Data Protection Act + Cyber Essentials Mark compliance check on your client’s Microsoft 365 tenant and ship two PDFs — one blunt for your team, one calm for your client. White-labeled. AI-sequenced. Built for Singapore MSPs.

Run a scan See pricing

Built in Singapore · M365-native · PDPA + CEM mapped

Compliance stack

PDPA s.24

Protection obligation

PDPA s.25

Retention obligation

CEM v3 · A.5

Identity protection

CEM v3 · A.6

Threat protection

Microsoft Graph

Read-only · 5 scopes

Claude Opus 4.7

Agent · 8-step loop

PDPA SECTION 24CYBER ESSENTIALS MARK V3MICROSOFT 365CSA SINGAPOREMAS TRMG4 CHECKS · 2 PDFSAI-SEQUENCEDWHITE-LABELEDISO 27001 CONTROLS14-DAY FREE TRIALPDPA SECTION 24CYBER ESSENTIALS MARK V3MICROSOFT 365CSA SINGAPOREMAS TRMG4 CHECKS · 2 PDFSAI-SEQUENCEDWHITE-LABELEDISO 27001 CONTROLS14-DAY FREE TRIAL

Actual report output

This is what your client gets.
In plain Singapore English.

Sample · Acme Logistics Pte Ltd · 28 Apr 2026

CRITICAL

2 of 2 Global Administrator accounts have MFA disabled

GET /v1.0/directoryRoles/{globalAdmin}/members → john.tan@, finance.admin@ · auth methods: ["password"]

Fix: Enable per-user MFA in M365 admin centre. ~15 min.

PDPA s.24CEM A.5.1

CRITICAL

MFA coverage across users is 35% (recommended baseline: 80%+)

62 users · 22 with strong auth (SMS=12, Authenticator=8, FIDO2=2) · 40 password-only

Fix: Conditional Access policy + 14-day grace period. ~1 hr setup.

PDPA s.24CEM A.5.2

HIGH

7 dormant accounts retained; 3 with sensitive SharePoint access

signInActivity.lastSignInDateTime > 90 days · 3 of 7 in 'Operations' SharePoint (customer shipping data, NRIC fragments)

Fix: Disable accounts (do not delete). Block sign-in. ~15 min.

PDPA s.24+25CEM A.5.3

+ 1 more finding· AI-sequenced 3-step remediation plan · downloadable PDF (MSP + client variants)

See the full report →

Why MSPs choose Sentinel

Three things US tools get wrong for APAC. We get them right.

01PDPA + CEM native

Built for the Singapore stack.

Every finding tagged to Personal Data Protection Act 2012 (Section 24, Section 25) and CSA Cyber Essentials Mark v3 controls. Not 'mapped to NIST.' Mapped to what your client’s lawyer reads.

02Channel-only

MSP-first, not vendor-first.

White-labeled to your brand. Multi-tenant. Two report variants from one scan: blunt for your team, calm for your client. No co-branding. No upsell to your customers behind your back.

03AI-native

An agent, not a checklist.

Claude Opus 4.7 reads the findings, sequences them by dependency and impact, and produces a remediation plan a junior tech can execute today. Read the agent trace. Audit every decision.

Pricing

Per tenant.
No surprises.

Three plans, priced per Microsoft 365 tenant you actively scan. White-label, multi-tenant, and the AI agent are included on every plan. Annual prepay saves 15%. Lock in your price today; first invoice when you connect your first tenant after OAuth ships in Q3 2026.

14-day free trial · no credit card
Annual billing locks in 15% off
Cancel any time · 30-day money-back
GST broken out for SG-registered businesses
Volume + custom-residency at Enterprise tier

See full pricing →Book a 15-min walkthrough

Starter

1–10 tenants

SGD67

/tenant/mo annual

Growth

11–50 tenants

SGD49

/tenant/mo annual

Things you’ll want to know.

Is the data my client’s, or yours?+

Your client’s. We pull data via read-only Microsoft Graph delegated permissions, generate the report, and persist only what is necessary to render it again later. Singapore data residency (ap-southeast-1) is on the v1 launch checklist before the first paying tenant connects. No cross-tenant analytics. No training on your data.

What does the v1 scan actually cover?+

The four highest-impact M365 checks Singapore MSPs ask about most: MFA coverage, admin account protection, dormant user audit, Microsoft Secure Score percentile. Together these are the core security hygiene baseline that catches the most common PDPA Section 24 audit failures and CEM v3 identity-tier gaps. Customer feedback shapes what ships next.

How is this different from Microsoft Secure Score?+

Secure Score is raw, generic, and not client-presentable. Sentinel maps every finding to PDPA + CEM controls (which Secure Score does not), produces a client-facing PDF in plain APAC English (which Secure Score does not), and sequences a remediation plan via an AI agent (which Secure Score does not). Secure Score is a number; Sentinel is a deliverable.

What does the AI agent actually do?+

It is a Claude Opus 4.7 model running a tool-use loop. Given a tenant, it decides which Microsoft Graph queries to run next based on what it has learned, follows up on suspicious findings, and produces a sequenced remediation plan. The full trace of decisions is logged and auditable. v1 is read-only. v1.5 adds write-tools (with explicit MSP consent per action).

When does white-label ship?+

v1.1, immediately after the first paying customer requests it. Already designed. Two-week build. Growth and Scale customers get it first.

Why Singapore only?+

Because every other APAC jurisdiction (AU, HK, JP, TH, MY) has a different compliance regime, different MSP ecosystem, and different language. We picked Singapore as the beachhead. Other jurisdictions ship after we have 5+ paying SG MSPs.