Fixed subscription fees. Transparent ongoing costs. Procured directly through Azure Marketplace — MACC-eligible, counts toward your Microsoft Azure Consumption Commitment.
Choose the plan that matches your agency's profile. Underlying Azure infrastructure costs are billed directly to you from Microsoft — we don't resell cloud or add margin on consumption.
Identity federation and zero-trust access. The right starting point for pilots, proof-of-concept, or focused single-workload environments.
The standard deployment for agencies replacing legacy infrastructure or beginning cloud migration. Includes the compliance dashboard and ISM currency tracking.
For agencies with complex or multi-environment requirements. Adds workload compute, Sentinel SIEM, and multi-subscription governance.
All plans include architecture documentation, ISM control mapping, Essential Eight evidence, runbooks, and a handover session. No proprietary lock-in — you own the environment from day one.
Full architecture diagrams, design decision records, and configuration rationale. Your team and your CISO get the complete picture.
Every deployed control mapped to its ISM control ID. Audit-ready evidence for your IRAP assessor. You don't have to compile this yourself.
Documented evidence of Essential Eight compliance posture across the eight mitigation strategies. Mapped to your Maturity Level target.
Operational runbooks covering common tasks: user onboarding, access reviews, policy exception processes, and incident response steps. Your team doesn't need us to operate the environment.
A structured handover session with your IT team and security lead. We walk through every component, explain every decision, and answer every question.
Thirty days of included support after deployment — for questions that arise once the team starts using the environment in earnest.
ClearStack is a Managed Application published on the Azure Marketplace. Your subscription fee counts toward your Microsoft Azure Consumption Commitment — no separate procurement vehicle needed.
A Microsoft Azure Consumption Commitment (MACC) is a multi-year spend commitment with Microsoft that many agencies hold as part of their enterprise agreements. Azure Marketplace purchases from eligible publishers — including ClearStack — count against this commitment, reducing the cash you need to spend against your MACC balance.
Your ClearStack subscription covers the deployment, configuration, and ongoing ISM currency updates. The underlying Azure resources (VMs, Log Analytics, Defender for Cloud, etc.) are billed directly from Microsoft to your subscription at standard Azure rates. ClearStack does not resell cloud or add margin on consumption.
| Feature | Essentials | Professional | Enterprise |
|---|---|---|---|
| Identity Block | |||
| Entra ID federation & MFA | ✓ | ✓ | ✓ |
| Conditional Access baseline | ✓ | ✓ | ✓ |
| Privileged Identity Management | ✓ | ✓ | ✓ |
| User lifecycle automation | ✓ | ✓ | ✓ |
| Access Block | |||
| Global Secure Access | ✓ | ✓ | ✓ |
| Entra Private Access (VPN replacement) | ✓ | ✓ | ✓ |
| Continuous Access Evaluation | ✓ | ✓ | ✓ |
| Device compliance gate | ✓ | ✓ | ✓ |
| Landing Zone Block | |||
| Management group hierarchy | — | ✓ | ✓ |
| ISM PROTECTED Azure Policy initiative | — | ✓ | ✓ |
| Defender for Cloud — CSPM | — | ✓ | ✓ |
| Centralised Log Analytics workspace | — | ✓ | ✓ |
| Compliance dashboard (Azure Workbook) | — | ✓ | ✓ |
| ISM currency tracking + update banners | — | ✓ | ✓ |
| Cloud Block | |||
| Multi-subscription governance | — | — | ✓ |
| Hub-spoke network + Azure Firewall | — | — | ✓ |
| Microsoft Sentinel — SIEM/SOAR | — | — | ✓ |
| Private endpoint enforcement | — | — | ✓ |
| Documentation & handover | |||
| Architecture documentation | ✓ | ✓ | ✓ |
| ISM control mapping | ✓ | ✓ | ✓ |
| Essential Eight evidence pack | ✓ | ✓ | ✓ |
| Runbooks + operational guides | ✓ | ✓ | ✓ |
| KQL runbook library | — | ✓ | ✓ |
| 30-day post-deployment support | ✓ | ✓ | ✓ |
| Support SLA | |||
| Email support (business hours) | 24h SLA | 24h SLA | — |
| Priority support (24/7 for P1) | — | — | 4h SLA |
| Dedicated technical account contact | — | — | ✓ |
| Procurement | |||
| Azure Marketplace listing | ✓ | ✓ | Private offer |
| MACC eligible | ✓ | ✓ | ✓ |
| VSA compatible | ✓ | ✓ | ✓ |
If your agency is running on the Azure Blueprints ISM PROTECTED sample, you have a hard deadline. ClearStack replaces it — with a maintained, updated product rather than a deprecated sample you'll need to fork and manage yourself.
Agencies that sign before 30 June 2026: 60-day extended trial + 24-month rate lock.
No — and deliberately so. Your Azure infrastructure costs (VMs, Log Analytics, Defender, etc.) are billed directly from Microsoft to your subscription. ClearStack doesn't resell cloud services or add margin on consumption. Your infrastructure costs are yours to see and control.
No. You can subscribe directly via Azure Marketplace with a Pay-As-You-Go account, or through an existing EA, MCA, or VSA. If you hold a MACC, the subscription counts toward it automatically.
The Marketplace subscription is month-to-month. Annual subscriptions are available at a discount. There is no mandatory multi-year commitment — though we'll be honest that the value compounds over time as we deliver ISM updates.
Azure Marketplace procurement via MACC or VSA is the primary route — it's simpler and faster than panel procurement for most agencies. If your procurement team requires a panel vehicle, contact us and we'll work through your options.
ClearStack targets delivery of updated policy sets within 45 business days of each ACSC ISM publish date. Updates are delivered as Marketplace plan version updates — you initiate the update in your Azure portal. Your compliance dashboard surfaces update-available banners automatically. MINOR version EOL: 180 days. MAJOR version EOL: 365 days.
We'll tell you in scoping. If your requirements don't fit what ClearStack delivers, we'd rather have that conversation before you subscribe. Book a demo — we'll give you an honest assessment, not a sales pitch.
Book a 30-minute demo. We'll show you the stack, the architecture, and the deployment process. Bring your security requirements and your questions.