Feature comparison

Feature	Free	Bouncer	Fixer	MDR
Login Protection
Clone Intervention Screen	✅	✅	✅	✅
Clone Detection	✅	✅	✅	✅
Login Authenticity Seal	✅	✅	✅	✅
Log Monitoring		✅	✅	✅
Microsoft365 Portal Clone Detected	✅	✅	✅	✅
Exchange log stoppage detection				✅
Entra ID log stoppage detection				✅
Suspicious login (cloud provider)		✅	✅	✅
Suspicious login (threat intelligence)		✅	✅	✅
Suspicious login (empty user agent)		✅	✅	✅
Suspicious login (pattern)		✅	✅	✅
Click on phishing link		✅	✅	✅
Visits to phishing sites		✅	✅	✅
SharePoint log stoppage detection				✅
Teams log stoppage detection				✅
AzureAD
EntraID Access			✅	✅
Count licensed users			✅	✅
get a list of admins (non pim)			✅	✅
retrieve a list of administrators (with pim)			✅	✅
Check ATTIC Named Location			✅	✅
Unmanaged Attic named location			✅	✅
Missing Roles			✅	✅
Conditional Access Policies		✅	✅	✅
Limit App-registrations to admins			✅	✅
Security Defaults enabled			✅	✅
App consent policy			✅	✅
Guest users with role assignment			✅	✅
Users without MFA			✅	✅
Emergency Access Account			✅	✅
Admin without MFA			✅	✅
New app-consent by admin			✅	✅
Pushnotifications Microsoft Authenticator enabled			✅	✅
MFA Number Matching			✅	✅
Appname in MS Authenticator			✅	✅
MFA Fraud Alerts enabled			✅	✅
App-consent via Admin			✅	✅
Custom banned password list			✅	✅
Bitlocker keys not readable			✅	✅
Directory Sync Softmatch			✅	✅
Access Guest Users			✅	✅
Guest user invites			✅	✅
Location in MS Authenticator			✅	✅
MFA exclusion added			✅	✅
Tenant creation			✅	✅
Hidden admin roles			✅	✅
MFA Block OTP			✅	✅
App Secret expires			✅	✅
App Certificate expires			✅	✅
Block SMS sign-in			✅	✅
Minimize local admins			✅	✅
Global admins non-local admins			✅	✅
Security Defaults enabled but you have a premium license			✅	✅
Monitor Conditional Access			✅	✅
LAPS and Entra ID			✅	✅
FIDO2 Authentication			✅	✅
Phishing-resistant MFA for Admins			✅	✅
Block Device Code Flow Authentication			✅	✅
CA Report-only policies present			✅	✅
Detection of potentially harmful apps			✅	✅
Dynamic Group Vulnerability Analysis			✅	✅
Role Assignable Group Privilege Escalation			✅	✅
Directory Synchronization			✅	✅
Guest added to role with high privileges				✅
Sign-in attempt with disabled account				✅
Emergency access account used				✅
User becomes Admin (non-PIM)				✅
Guest invite with high privileges				✅
New GDAP-relationship				✅
User with Tier0 role (PIM)				✅
User with Tier0 role (non-PIM)				✅
User becomes Admin (non-PIM)				✅
AITM activity (CloudFlare)				✅
AITM activity (didsomeoneclone.me)				✅
AITM activity (Azure)				✅
AITM activity (Amazon)				✅
Successful sign in using fast http user agent				✅
Authentication methods modified				✅
Authentication methods modified for user that could PIM to high privileged role				✅
AITM activity (User Agent pattern)				✅
Guest made eligible for PIM admin role				✅
Admin started SSPR				✅
Admin started SSPR (PIM)				✅
External user added to high privilege role (outside of PIM)				✅
Owner added to Subscription				✅
Python User-Agent detected				✅
Device code flow sign in on Tier0 account				✅
Suspicious country sign in on Tier0 account				✅
ExchangeOnline
Exchange Online Access			✅	✅
Audit logging works			✅	✅
Microsoft 365 Auditlogs			✅	✅
Mailbox auditing			✅	✅
Organization Customization			✅	✅
List inactive accounts			✅	✅
Attachments file filter			✅	✅
Modern authentication (Exchange)			✅	✅
Labels for external mail			✅	✅
Malware notifications (outgoing)			✅	✅
Malware notifications (incoming)			✅	✅
Outbound spam filter			✅	✅
Content Filtering Policy			✅	✅
External calendar sharing			✅	✅
MX-records			✅	✅
Remote domains and automatic forwarding			✅	✅
LinkedIn Synchronization			✅	✅
Outlook MailTips			✅	✅
Auto-forwarding policy			✅	✅
Delegate Admins			✅	✅
Emergency Access Account Password			✅	✅
Initiation emergency account			✅	✅
Email plus-addressing			✅	✅
Mailbox auditing bypass			✅	✅
Security Group Creation			✅	✅
Autodiscover configured			✅	✅
Anti-Phishing mailtips			✅	✅
Safe Links			✅	✅
External storage in Outlook			✅	✅
Spamscanning exception			✅	✅
Safe Attachments			✅	✅
Anti-phishing policy			✅	✅
Outlook add-ins			✅	✅
Spam notifications to administrator			✅	✅
Mailbox auditing			✅	✅
Transport Rule redirects email			✅	✅
Mailbox Forwarding Baseline Check			✅	✅
Suspicious Mailbox Rules Detection			✅	✅
Check SharePoint Url			✅	✅
Exchange on-premise			✅	✅
New email forwarding rule				✅
Suspicious keyword in mailbox rule				✅
Mailbox external forwarding				✅
Transport rule forwards mail to external domain				✅
Transport rule with suspicious keywords				✅
Large number of external shares				✅
Teams
Authenticity Seal Validator App			✅	✅
External storage in Teams			✅	✅
Teams Channels and Email			✅	✅
Block external consumer chats			✅	✅
Block anonymous users to start meetings			✅	✅
Block anonymous users joining meetings			✅	✅
Scan Messages for Unsafe Links			✅	✅
Scan Messages for Unsafe Files			✅	✅
Report a security concern			✅	✅
Sharepoint
Public SharePoint sites			✅	✅
Microsoft 365 Defender			✅	✅
Resharing by Guests			✅	✅
Legacy authentication (SharePoint)			✅	✅
Sharepoint Invites			✅	✅
Malware in SharePoint				✅
Malware from SharePoint				✅
Intune
Attic AitM Blocker installed		✅	✅	✅
SecureScore
Customer Lockbox			✅	✅
Limited admin roles			✅	✅
Legacy authentication (Exchange)			✅	✅
MFA for all users			✅	✅
MFA enforced for admins			✅	✅
2 to 4 global admins			✅	✅
Automatic password expiry			✅	✅
Self-service password reset			✅	✅
Sign-in Risk policy			✅	✅
User Risk Policy			✅	✅
SecureScore statistics			✅	✅
MFA all users via conditional access			✅	✅
SecureScore - MFA			✅	✅
Compliance
Protection Alert Notifications			✅	✅
General
Attic Monthly Report		✅	✅	✅
Defender
Microsoft Defender Alert				✅
MISP
Login from known IP [MISP]				✅
Office activity from known IP [MISP]				✅
Known URL in email [MISP]				✅
Known sender in email [MISP]				✅
Known attachment in email [MISP]				✅
Azure activity from known IP [MISP]				✅