345

Microsoft Azure

345 are a Microsoft Gold Partner and official CSP for Microsoft Azure. We are able to provide your organisation with the ability to provision, manage and configure all of the services and applications available in the Azure estate.

Features

  • Managed by 345 a Microsoft Gold Partner
  • Choice of two UK data centres
  • Choice of multiple offerings tailored to your requirements
  • Industry leading availability

Benefits

  • Expert guidance/consultancy to assist you with your cloud journey
  • Geographical redundancy available
  • Customizable alerts available to proactively manage your budget
  • Automatic software updates

Pricing

£0.01 a unit

Service documents

Framework

G-Cloud 12

Service ID

6 2 8 1 5 1 4 5 8 5 8 3 2 9 9

Contact

345 Andrew Rivers
Telephone: 01962 657696
Email: andrew@345.technology

Service scope

Service constraints
We can provide access to all services and applications available in the Microsoft Azure Platform.
System requirements
Microsoft Azure Subscription

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard response time if 4 hours, Monday to Friday (09:00 to 17:00).
On request we we can offer alternative support packages.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
No
Web chat support
No
Onsite support
No
Support levels
We can tailor the support levels to your needs. Further details available on request.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Microsoft provide a vast amount of training available online.

If additional or bespoke training is required 345 can provide this service on request for a fee.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All Azure services purchased through 345 can be transferred to an alternative Microsoft Azure CSP at the end of the contract.
End-of-contract process
At the end of the contract you will have the option to renew with 345 or move your Azure services to an alternative CSP.

Using the service

Web browser interface
Yes
Using the web interface
The Microsoft Azure Portal allows users to build, manage and monitor everything from simple web apps to complex cloud applications in a single, unified portal.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
The Azure Portal is managed by Microsoft
API
Yes
What users can and can't do using the API
Microsoft provide a comprehensive REST API to manage your Azure estate.

Details can be found on the following page:

https://docs.microsoft.com/en-us/rest/api/azure/
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
The Azure Command-Line Interface (CLI) provide a cross platform experience to manage Azure resources.

Further details can be found on the following page:

https://docs.microsoft.com/en-us/cli/azure

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
This is guaranteed by Microsoft based on the level of service purchased.
Usage notifications
Yes
Usage reporting
  • API
  • Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Databases
  • Files
  • Folders
  • VMs
Backup controls
Azure backup can be configured within the Portal.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The SLAs differ based on the services purchased.

Details of individual SLAs can be found on the following page:

https://azure.microsoft.com/en-gb/support/legal/sla/summary/
Approach to resilience
Details on how Microsoft provide resiliency in their Azure offering can be provided on request.
Outage reporting
Service outages can be viewed via a public dashboard (both live and historical). Additionally you can setup custom alerts via the Azure Portal.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
Microsoft have implemented role-based access control (RBAC) to manage access to Azure resources. Access can be assigned to users, groups, service principals or managed identities at a particular scope,

This is all managed through the Azure portal.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
No
Security governance approach
Security governance is controlled by Microsoft.
Information security policies and processes
Information security policies and processes are all controlled by Microsoft

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The configuration and change management processes are controlled by Microsoft.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The vulnerability management approach is managed by Microsoft.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Managed by Microsoft.
Incident management type
Supplier-defined controls
Incident management approach
Microsoft manages the incident management approaches.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Both the management (Microsoft-managed) networks and customer networks are isolated in Azure to improve performance and ensure the traffic moving through the platform is secure.

Customer networks are segregated from management networks to protect them from attacks targeting management networks.

Additionally, security controls are integrated into the firmware and hardware of Azure to ensure its secure by default and continues to be secure throughout its lifetime.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft has pledged to be carbon negative by 2040 and remove their historical carbon emissions by 2050.

Pricing

Price
£0.01 a unit
Discount for educational organisations
No
Free trial available
No

Service documents