On Direct Business Services Limited

Cloud Direct Microsoft 365 Business and Enterprise

Microsoft 365 includes Office 365, Windows 10, and Enterprise Mobility + Security, giving businesses everything to stay secure, engage employees, increase collaboration, simplified management and protection from complex threats. In two flavours, Business and Enterprise, we helped bring Business to market; one of two UK partners on the private preview.


  • Latest versions of applications, operating system and Office across devices
  • Protects at the user, device, application and data level
  • Proactive monitoring of devices; keeps business and personal data separate
  • Alerts unusual behaviour and actions to highlight areas of weakness
  • Access Office suite online or via traditional desktop versions
  • Business email, calendars, contacts, tasks and archiving with Legal Hold
  • Skype for Business; presence, instant messaging, meetings and telephony
  • Delve, MyAnalytics and Power BI; analytics and data virtualisation
  • SharePoint, OneDrive, Yammer, Microsoft Teams, StaffHub, Flow, PowerApps and Sway
  • BitLocker, Device and Credential Guard, Advanced Threat Protection, Advanced Governance


  • Peace of mind due to complete protection and ISO 27001
  • Less chance of unintentional or malicious tampering of data/systems
  • Much easier to centrally manage security and identify risks
  • Less intrusive as only controlling the business data/apps
  • Supports mobility and productivity while staying secure
  • Keeps you compliant; GDPR and industry standards
  • Cost savings with a bundle purchase
  • Always available; uptime of 99.9% within 2 UK datacentres
  • Greater productivity and efficiency from using the latest technology
  • Improvements to collaboration and employee engagement


£0.32 to £48.90 per licence per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


On Direct Business Services Limited

Liam Ryan

0800 0789 437


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Depends on the component parts but EMS elements require Active Directory. Integration within the component products. Can be used with an on-premise Active Directory.
Cloud deployment model Public cloud
Service constraints Azure Active Directory: For Synchronised deployments you will need an on-premise Active Directory and Azure Active Directory Connect (formerly DirSync). For Federated deployments you will need an on-premise Active Directory, Azure Active Directory Connect (formerly DirSync) and Active Directory Federated Services or third-party identity provider. Intune supports - Windows, Mac, iOS, Android and Windows Phone. Information Protection - Windows, Mac, iOS, Android and Windows Phone and tablets. Windows 10 - if the Business package can upgrade from Windows 7 and newer otherwise must have Windows 10 Pro. Office - Windows and Mac versions. Mobile apps for iOS, Android and Windows.
System requirements
  • Azure Active Directory deployments; see service description
  • Intune; Windows and Mac desktops and laptops
  • Intune; iOS, Android and Windows phones and tablets
  • Information Protection; Needs Azure AD
  • Information Protection; Windows and Mac
  • Information Protection; iOS, Android and Windows phones/tablets
  • Business Package; Windows 10 upgrade needs Windows 7 minimum
  • Enterprise Packages; Windows 10 upgrade needs Windows 10 Pro minimum
  • Office 2016/2013, Office for Mac 2016/2011 (no Access, Publisher)
  • Office Apps; Mobile and tablets across iOS, Android and Windows.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Dependant on issue classification - see our Service Definition. Initial Response times are between one hour and one working day. Core Customer Support working hours; 8am-6pm Monday to Friday, excluding Bank holidays. Support issues classified as critical are supported 24x7x365.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Unknown.
Web chat accessibility testing We haven't completed any direct testing.
Onsite support Yes, at extra cost
Support levels Break/fix support is provided as standard, a technical contact will be provided per case and be your point of contact. Cases are split into 4 categories: Standard, Moderate, High and Critical. Cases are matched to these and dealt with according to the criteria in the Service Description. Admin and End-user support packages are available for this service at an extra cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Access is provided to our knowledge base. Training is available but is charged separately based on the customer's requirements.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Customers can either migrate data from Exchange, SharePoint and OneDrive or export/save the files somewhere else. If they are moving to another provider for this service, the new provider may be able to take over the account without any disruption.
End-of-contract process The licences are included within the contract but any professional services needed to export or migrate data or to move to another service would be chargeable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Depends on the component. Office Apps offer a restricted version compared to the desktop version.
Accessibility standards None or don’t know
Description of accessibility Unknown
Accessibility testing No direct testing completed
Customisation available Yes
Description of customisation Customers can configure the service and setup policies to meet their needs.


Independence of resources Microsoft monitors the components of Microsoft 365 to ensure there are enough resources available to provide a good service to all users.


Service usage metrics Yes
Metrics types The service provides some analysis of usage, devices, information access service health, applications used within the business and potential threats.
Reporting types Real-time dashboards


Supplier type Reseller providing extra support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Exchange Online items can be exported to .pst files and saved elsewhere. OneDrive and SharePoint items can be downloaded in their original file format and saved elsewhere. Otherwise, a migration of the data can be performed to put it into a new service.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The uptime should be no lower than 99.9% within a month. If it drops below this service credits are available providing it hasn't been affected by any of the exception criteria. Please see the service description for more information.
Approach to resilience Content is replicated from the primary datacentre to the secondary datacentre so replication is constant. Your data is stored in a redundant environment with robust backup, restoration, and failover capabilities to enable availability to your services. You will not be notified when failover occurs as typically failover does not result in service interruption. Microsoft offer multiple levels of physical redundancy at the disk, NIC, power supply, and server levels. Data centres located in seismically safe zones. Automated monitoring and recovery system; 24/7 Microsoft engineering teams are standing by to fix anything that the automated systems are not able to handle. For more information, please see: https://www.microsoft.com/en-gb/server-cloud/cloud-os/global-datacenters.aspx
Outage reporting Service status is shown in the Admin portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels The customer decides what users have which permissions; in many instances this relates to whether they're a user or have admin privileges. For standard support purposes, any one from a customer can raise a support issue but only account details are discussed with nominated contacts. For our employees we operate a strict access control policy where only necessary employees have access to customer systems. This is reviewed periodically and we monitor usage to make sure it isn't abused.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date Active
What the ISO/IEC 27001 doesn’t cover Not applicable.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date Active certification
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover Not applicable
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 22301
  • ISO 27017
  • ISO 27018

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Cloud Direct have several policies around information security including vendor management, problem management, risk management, access control and information control. Every policy and process has an owner who is responsible to ensure it's followed as well as line-managers within the business. We have also built processes into our systems to help with adherence. Any time a process isn't followed a non-conformance is raised and investigated.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Cloud Direct hold ISO 27001 (Security) certification and follow annually audited processes for the management of change within the service. Changes to the service are classified as either pre-defined change , i.e. changes that are documented as a standard procedure for example, adding in a new replication instance or authorisation change which must be approved. All authorisation changes are reviewed by our change board before being allowed to proceed. Full documentation of these changes are retained within our service management system.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability management is covered under our ISO 27001 certification in conjunction with our Tier 1 Cloud Solutions Partnership with Microsoft. Microsoft are responsible for the management of vulnerabilities and service patching.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Microsoft provides an extensive monitoring and protective service for the Azure platform. This includes an extensive defence system against Distributed Denial-of-Service (DDoS) attacks. It uses industry standard detection and mitigation techniques. Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.
Incident management type Supplier-defined controls
Incident management approach Cloud Direct holds a ISO20000 certification for service management. This is an independent audit of a business’ ability to delivery consistently high-quality IT services. Cloud Direct bases its processes on ITIL® - a comprehensive set of best practices for IT Service Management. The ethos behind ITIL is the recognition that organisations are increasingly dependent on IT in order to meet business needs. This leads to an increased requirement for high quality IT services. All incident management processes are documented and audited in line with this certification.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.32 to £48.90 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Trials are available for 30 days.Depending on your trial aims, trialling the service may not be the most practical way to experience Microsoft 365 so we can provide demonstrations to meet your needs.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑