Azure4Sure Limited

Microsoft Office 365 Design, Hosting and Support

Azure4Sure allows you to take advantage of the benefits offered by Microsoft Office 365, supported by a professional and secure service. We provide Office 365 review, strategy, design, implementation, migration and support services that cover the tenant, each application, your client environments and also your end users.

Features

  • 24hr proactive monitoring and alerting.
  • Encrypted connectivity and storage.
  • Expert assistance with design, implementation, migration, support.
  • Microsoft Office 365, E1, E3, E5.
  • Azure Active Directory Premium.
  • Mobile Device Management using Intune, Security Policies, Updates.
  • Security E3, E5 including data leakage detection and prevention.
  • Windows Client Azure Domain Join, Workplace Join.
  • SharePoint Online, OneDrive, Yammer, Exchange Online, Skype for Business
  • Spend Visibility and Utilisation Analysis.

Benefits

  • GDPR Technical Controls to enforce security.
  • Can be refined to integrate with your business application needs.
  • Simple to monitor and maintain.
  • Low cost, pay as consumed, highly flexible.
  • Reduce your infrastructure costs.
  • Easy to access via web console and Azure Domain Join.
  • Secure your devices using hard drive, data and connectivity encryption.
  • Rapid implementation of Office 365.
  • Fully integrated with your on premise IT infrastructure.
  • Support and Advisory Services to simplify and accelerate adoption.

Pricing

£6.00 to £53.80 per user per month

Service documents

G-Cloud 10

227476846574911

Azure4Sure Limited

Jason birchall

01618182076

GCloudServices@azure4sure.co.uk

Service scope

Service scope
Service constraints None.
System requirements
  • A small amount of on premise infrastructure required for integration.
  • Authentication into your on premise Active Directory Infrastructure.
  • Good quality connectivity from your protected environment into Office 365.
  • Microsoft enterprise licensing agreement.
  • A small amount of on premise infrastructure for Office updating.
  • End user compute devices fully updated and protected with antivirus.
  • Scheduled maintenance carried out during a regular maintenance window.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support for DRaaS is available 24x7.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels We can provide 24/7/365 incident management based on pre-agreed SLAs. We can also provide pre-agreed support for disaster recovery planning, testing and remediation.
A technical account manager provide support where needed, engineering resources can be accessed 24/7/365 as required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Azure4Sure will provide documentation referencing both official Microsoft literature but also lessons learned from previous deployment and experiences. Additionally you can review official microsoft literature at:

https://support.office.com/en-gb/article/office-quick-start-guides-downloadable-guides-004185ad-d0fe-4046-85a4-5204b8b4989b?ui=en-US&rs=en-GB&ad=GB
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats Microsoft Office based documentation as necessary.
End-of-contract data extraction Users/customers are able to extract their operational systems data from any Azure hosted using traditional methods such as file copy via network shares, recovery from Microsoft Azure Backup Server or using ASR to migrate their server instances from Azure to their on premise solutions. the customer also has the option of utilising the Azure Import/Export services shown here: https://azure.microsoft.com/en-gb/pricing/details/storage-import-export/
End-of-contract process Please see: https://www.microsoft.com/en-us/trustcenter/privacy/you-own-your-data

Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.

If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.)

Using the service

Using the service
Web browser interface Yes
Using the web interface Microsoft Office 365 comes with a feature rich and powerful user interface, we can help you configure additional services through this interface and provide the necessary training. All configuration is undertaken through the management console using a mix of graphical user interface, powershell commands and runbook scripting.
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing Please see this link for more information: https://www.microsoft.com/en-us/accessibility/
API Yes
What users can and can't do using the API Customers are able to utilise the Azure API Management service to create their own API's as needed. The Azure Service Management API which provides programmatic access to much of the functionality available is through the Management Portal available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats HTML
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager. See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Microsoft cloud utilises various Cloud Scale techniques and technologies, to ensure multi-tenant services are not affected in terms of peak usage, additionally the Azure hypervisor is designed with 3 principles in mind to ensure high performance 1) Efficient and designed to work hardware as much as possible 2) Small footprint to ensure less code churn and less reboots 3) Tightly integrated with the Windows Azure Kernel to support best performance levels.
Usage notifications Yes
Usage reporting
  • API
  • Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Other
Other metrics
  • Office 365 usage metrics
  • Office 365 utilisation metrics
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Please refer to: https://azure.microsoft.com/en-gb/blog/azure-site-recovery-encryption-at-rest/ , http://download.microsoft.com/download/0/D/D/0DD8FB12-6343-4A50-80B2-545F2951D7AE/MicrosoftAzureDataProtection_Aug2014.pdf , https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Onedrive
  • Files
  • Folders
  • Databases
  • Mailboxes
  • Skype chats
  • SharePoint
Backup controls Users/customers can create different backup routines across instances.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Azure virtual networks can be segregated by dedicated VPN and firewall rules. Data can be transferred between Windows Server 2016 instances and security enforced using firewall rules, encryption and various authentication solutions. Various third party provided IDS solutions can be implemented to further improve security.

Availability and resilience

Availability and resilience
Guaranteed availability Please refer to this document for information: https://www.microsoft.com/en-us/microsoft-365/blog/2013/08/08/cloud-services-you-can-trust-office-365-availability/
Approach to resilience Microsoft Office 365 is an extremely resilient hyper-scale cloud platform that includes many resilience solutions, these include: storage, virtual machine, application and network high availability across multiple data centres and geographies.

Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
Outage reporting https://www.microsoft.com/en-us/microsoft-365/blog/2013/08/08/cloud-services-you-can-trust-office-365-availability/

https://status.office365.com/

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication Authentication hinges on the use of Azure Active Directory federated with Azure Active Directory, this is not essential but is best practice for security and usability.
Access restrictions in management interfaces and support channels Office 365 can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bsi
ISO/IEC 27001 accreditation date 20/06/2017
What the ISO/IEC 27001 doesn’t cover Please see https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 12/02/2018
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover None
PCI certification Yes
Who accredited the PCI DSS certification Coalfire
PCI DSS accreditation date 01/04/2016
What the PCI DSS doesn’t cover None
Other security certifications Yes
Any other security certifications
  • FACT
  • NHS Information Governance Toolkit
  • SOC 1, 2, 3
  • ISO 27017 and 27018
  • CDSA
  • FedRamp

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards Microsoft Azure complies with the 14 Cloud Security Principles - See https://gallery.technet.microsoft.com/14-Cloud-Security-Controls-670292c1 . Also FACT, NHS IG Toolkit, FedRamp, NIST 800-171, EU Model Clauses
Information security policies and processes Azure4Sure operates a security officer post who is responsible for security policies and procedures. Any security issues/breaches/incidents and reported and immediately via the companies incident management systems and managed through according to severity, impact and scope.

Additionally:

Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.
Also see https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001 and The Microsoft Cloud Security Policy is available via the Service Trust Platform

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Azure4Sure operates ITIL aligned change and configuration management procedures.

Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates knowledge gained through capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Azure4Sure fully utilises the Azure vulnerability management solutions, these include:
- Azure security assessment center to assess threats to service: https://azure.microsoft.com/en-gb/services/security-center/
- The use of 'as a service' solutions to utilise the Microsoft capability to apply patches to services.
- The use of Microsoft reporting aswell as trusted third parties to provide alerting on vulnerabilities.

Additionally:

Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Azure4Sure utilises Microsoft Security Center to provide a comprehensive security alerting solution.

Each alert is reported and logged within the Azure4Sure incident management platform.

Each alert is assessed and inline with its impact level.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Azure4Sure operates a ITIL aligned incident management procedure.

Incidents related to the platform are automatically alerted via monitoring and alerting.

Users can report incidents into the Azure4Sure incident management platform online or via email, or phone.

Reports can be provided to customers as agreed.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate Please see https://www.microsoft.com/en-us/TrustCenter/Security/default.aspx
and
https://www.microsoft.com/en-us/trustcenter/security/networksecurity#Secure-infrastructure

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £6.00 to £53.80 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Yes, a 250 user trail can be created for 31 days:
Office 365: https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=80f3c92b-a4d8-4520-a1c6-6369c0e1f3a5&msppid=5098027

Enterprise Mobility and Security: https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=9276af9f-a0a9-4250-a7a1-88fec9bc25fb&msppid=5098027
Link to free trial https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=80f3c92b-a4d8-4520-a1c6-6369c0e1f3a5&msppid=5098027

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑