ClearPeople Ltd

Group Explorer for Office 365

Group Explorer (GX) is a cloud based subscription service, allowing users to easily work across SharePoint, Office 365 Groups, Yammer and Microsoft Teams.

GX makes it simple to find the right Microsoft 365 collaboration workspace. If your workspace uses a Microsoft Group, use GX to find and access it.


  • Simple search of Office 365 Groups, Microsoft Teams, Yammer, SharePoint
  • Search for Office 365, Teams, SharePoint, Yammer Group members
  • Filter results by Microsoft Teams, Office 365 Groups and Yammer
  • Launch the native Microsoft SharePoint, Team or Yammer site
  • Dip directly into SharePoint Document Libary, Planner or OneNote


  • Encourage Microsoft teamwork and collaboration
  • Improve Office 365 collaboration times
  • Reduce pressure on IT
  • Avoid group duplication
  • Simple visibility of Office 365 group access


£3.65 to £5.50 per person

  • Free trial available

Service documents


G-Cloud 11

Service ID

7 1 6 5 7 8 5 8 0 5 7 6 5 4 3


ClearPeople Ltd

Petula Aardenburg

+44 (0)20 33 769 500

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Microsoft Office 365
Cloud deployment model Public cloud
Service constraints None - ClearPeople will adhere to Microsoft Cloud best practice to deliver the service
System requirements Office 365 licenses

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on the SLA the minimum time period for responding to questions will be within two hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is provided during UK business hours.
UK business hours support is included within the software fees
Priority 1 tickets - 2 hour response
Priority 2 tickets - four hour response
Priority 3 tickets - 12 hour response
Priority 4 tickets - 24 hour response
A cloud support engineer will be provided to deal with your support requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation and videos are used to provide training. There should be no need for on site training but this could be provided for additional fees if required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction User data is not stored within our service.
End-of-contract process The subscription period is 12 months. Within the subscription period the authorised users have access to the service.

At the end of the subscription, if it is not renewed, the service ceases to be made available. We will remove the customer configuration from our services. There are no cessation costs or termination fees providing the terms of the End User License Agreement have been adhered to.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Access is via a web browser. So the only difference is the way the app is rendered within the device window. There are no function restrictions on mobile devices.
Service interface Yes
Description of service interface The Service utilises the Microsoft Cloud interfaces for Azure and Office 365
Accessibility standards None or don’t know
Description of accessibility The service adheres to Microsoft Cloud UI standards
Accessibility testing ClearPeople undertake automotive testing of the UI for testing accessibility standards
What users can and can't do using the API The API is flexible and open, it can accommodate most common usage senarios
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources We use the Microsoft Azure platform to provide the service and each client is segmented from all other clients on infrastructure that is built to scale to 100's of thousands of users.


Service usage metrics Yes
Metrics types We monitor and record the following:

Number of unique users that have accessed the system over defined time periods.
Reporting types API access


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There is no user data held within our systems. All user data resides within the clients Azure tenant infrastructure.
Data export formats Other
Other data export formats There is no user data held that can be exported.
Data import formats Other
Other data import formats This is not applicable.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We provide a 99.5% uptime service availability level.

If availability falls below the uptime service level in a given calendar month, we shall provide a credit by an amount calculated as the product of the total cumulative downtime (expressed as a percentage of the total possible uptime minutes in the month concerned) and the total fees for that month.
Approach to resilience We use Microsoft Azure services to provide the platform. These have been designed to support (and exceed) the SLA of 99.5% availability. Specific design details are available upon request.
Outage reporting We provide an email to the Customer Service Representative.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to user activity audit information
Users contact the support team to get audit information
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Microsoft have ISO/IEC-27001 certification by BSI on 26/02/2018
  • Microsoft have Level-1:CSA-STAR Self-Assessment on 29-Apr-16
  • Microsoft have ENISA-IAF, EU-Model-Clauses, EU-U.S.-Privacy Shield, ISO-27018, SOC-1, SOC 2
  • Microsoft have FEDRAMP, FIPS-140-2, NIST-800-171, HIPAA/HITECH.ISB 1596, CCSL(IRAP)
  • Microsoft have Cyber-Essentials-Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards ClearPeople align all services with the principles and standards described in the ISO accreditations.
Information security policies and processes To the extent possible, the CSA CCM version 3.0 and ISO 27001 security polices are followed as part of the service delivery. In addition, the underlying platform running on Azure platform and Office 365, is certified to and compliant with ISO27001 and CSA CCM version 3.0 standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We implement a comprehensive source code management solution based on Microsoft Dev Ops best practice that enables us to track every branch in our solution development lifecycle.  All changes are scheduled into a roadmap that is reviewed and signed off by our MVP (Microsoft most valuable professional) whose intimate knowledge of Microsoft's technical direction and security best practice means that we minimise security exposure.
Vulnerability management type Supplier-defined controls
Vulnerability management approach In support of the Information Security Policy, Office 365 runs multiple layers of antivirus software to ensure protection from common malicious software. Servers within the Office 365 environment run anti-virus software that scans files uploaded and downloaded from the service for viruses or other malware. Additionally, all mails coming into the service run through the Exchange Online Protection engine, which uses multiple antivirus and antispam engines to capture known and new threats against the system. Microsoft has its own Security Response Center (MSRC) that also supplies information to all our customers covering the whole range Microsoft products.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Office 365 employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Office 365 services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type Supplier-defined controls
Incident management approach Clients need to log a ticket via our support ticketing system Gemini by login or sending an email to our Support desk that automatically generates a ticket. Incidents reports are based on monthly client time reports with an overview of all their time spent on support and we provide constant updates on the Gemini tickets with technical feedback and coordination.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3.65 to £5.50 per person
Discount for educational organisations No
Free trial available Yes
Description of free trial A full license for a 1 month period

Service documents

Return to top ↑