Cybereinforce logo

Cybereinforce Threat Enforcement
Compare Plans
Compare Plans

See exactly what changes from Standard to Enterprise+.

All plans include browser-level URL enforcement. Higher plans add retention, operational visibility, threat intelligence, and investigation support so you can choose the right fit for your Microsoft Defender workflow.

Browser-level IOC enforcement
Tier-based event retention
Predictable capability ladder
Enforcement

Standard

Browser threat enforcement without retained event logs.

Retention
0 days
No retained customer event history.
Event Logs
None
No export, no investigations, no incidents from retained logs.
Rule Limit
500
Best for smaller enforcement-only deployments.
  • Defender IOC sync and browser enforcement
  • Leanest commercial entry point
  • Best when only deterministic blocking is required
SOC-ready

SME

Adds operational event visibility and short-term investigations.

Retention
30 days
SOC investigation window for active operations.
Event Logs
Up to 500
Log Analytics, analytics rules, incidents, and workbooks.
Rule Limit
1,000
More room for operational policy growth.
  • Everything in Standard
  • Exportable retained event history
  • Designed for SOC visibility and response workflows
XDR-ready

Corporate

Adds curated threat intelligence and deeper investigation capability.

Retention
90 days
Longer investigation window across repeated activity.
Event Logs
Up to 1,000
More operational history for analysts and MDR-style workflows.
Rule Limit
2,000
Supports broader blocking policy sets.
  • Everything in SOC
  • Cybereinforce curated threat intelligence included
  • Stronger coverage across domains and URLs
Premium

Enterprise+

Compliance-grade retention with included analyst-backed investigations.

Retention
365 days
Best fit for enterprise audit and compliance needs.
Event Logs
Up to 2,000
Highest retained visibility in the platform.
Rule Limit
5,000
Maximum scale for larger environments.
  • Everything in XDR
  • Up to 50 suspicious URL investigations per year
  • Premium support and longest retention window

Detailed plan comparison

This table shows exactly what changes across the Cybereinforce plan ladder.

Capability Standard SME Corporate Enterprise+
Browser URL enforcement Yes Yes Yes Yes
Defender IOC sync Yes Yes Yes Yes
Retained event logs No Yes Yes Yes
Retention period 0 days 30 days 90 days 365 days
Maximum event logs None Up to 500 Up to 1,000 Up to 2,000
Rule limit 500 1,000 2,000 5,000
Log Analytics Workspace support No Yes Yes Yes
Analytics rules No Yes Yes Yes
Incident creation No Yes Yes Yes
Sentinel / Defender workbook support No Yes Yes Yes
Cybereinforce curated threat intelligence No No Yes Yes
Included analyst-backed investigations No No No Up to 50 / year
Best fit Enforcement only SOC visibility XDR investigations Enterprise compliance + investigations

Choose Standard if…

you want browser-level URL enforcement with the lowest commercial entry point and do not need retained event history, export, or investigation workflows.

Choose SOC if…

you want retained event logs, incident creation, analytics rules, and a practical 30-day investigation window for everyday SOC operations.

Choose XDR or Enterprise+ if…

you want deeper investigations, curated CTI, more retained visibility, and the strongest overall operational coverage across your Defender environment.

Need help choosing the right plan?

Start with Standard for pure enforcement, SOC for visibility, XDR for stronger threat intelligence coverage, or Enterprise+ for the longest retention and investigation support.

View Pricing Contact Support Create/Login Admin Center