Levett Consultancy Ltd

Microsoft 365 Enterprise

Microsoft 365 is an enterprise productivity cloud platform that brings together best-in-class Office apps with powerful cloud services, device management, and advanced security. Application and services included are: Office 365 Enterprise, Enterprise & Mobility Suite (EMS) and Windows 10 Enterprise.

Features

  • Office 365 Productivity, Email, Teams and Collaboration Platform
  • Enterprise Mobility, MDM and Cyber Security Solutions
  • Windows 10 and Windows Information protection, Windows Hello
  • Archive, legal hold, data leakage protection (DLP)
  • Advanced compliance tools, including rights management services and information protection
  • Online meetings, web-conferencing, voice and video
  • Enterprise-grade visibility, control and protection for your cloud applications
  • Office ProPlus. Word, Excel, PowerPoint, OneNote, SharePoint, OneDrive, Yammer
  • Tools to support compliance, information protection, privacy, EDRM and GDPR
  • Corporate social networking

Benefits

  • Simplified IT management
  • Keep customer data safe
  • Defend against cyberthreats
  • Automated processes
  • Streamlined workflow
  • Works with the apps you already have
  • 24/7 email and online support
  • Related services provided Levett Consultancy Microsoft Gold Partner

Pricing

£31.70 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@levettconsultancy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 7 3 0 4 3 9 7 9 4 8 9 7 5 7

Contact

Levett Consultancy Ltd Stepehen Hazle
Telephone: 01279 799256
Email: gcloud@levettconsultancy.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
There are multiple licensing options for flexibility, and not all services and features are available in every version. For full details, please visit - the following: See https://support.office.com/en-gb/article/Office-365-system-requirements-08def54e-1435-4fad-bc03-974014caf91e
System requirements
  • A modern browser
  • Full list of requirement can be found here: https://bit.ly/3yO5w0X

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Monday to Friday 8am to 5pm excluding Saturday and Sundays or UK public holidays. Responses times are described within the G Cloud Support 'Service Definition' document.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
In addition to standard Microsoft support, Levett Consultancy provides enterprise level support as part of our G Cloud Cloud support service. Support is delivered using our internal ITIL Service desk based within the UK. All Levett Consultancy staff are all certified by Microsoft to provide a range of customer support services from dedicated account management to providing enterprise technical support using in house certified Microsoft support engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Levett Consultancy is a long-term Google Partner with a proven track record of deploying Microsoft technologies into Central and Local Government, Education, 3rd Sector and Private sector. If required Levett Consultancy at an additional cost, provides a fully comprehensive onboarding support service that is detailed within our optional G Cloud Cloud Support services, that includes consultancy, deployment, training, and support. Levett Consultancy onboarding service enhances the standard Microsoft 365 setup process.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customer are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
End-of-contract process
Microsoft is governed by strict standards and removes cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. https://www.microsoft.com/en-gb/trust-center/privacy/data-management?rtc=1

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Custom mobile applications are available both for iOS and Android which provide a bespoke user experience tailored to the operating system in question. For other mobile operating systems, web browser support is included which provides an equivalent experience to the desktop environment.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Microsoft 365 is accessed via the portal using a modern web browser from any device.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Microsoft makes accessibility a core consideration from the earliest stages of product design through release. A central accessibility team has a mandate to monitor the state of accessibility of all Microsoft products, further details can be found here: https://www.microsoft.com/en-us/accessibility/
API
Yes
What users can and can't do using the API
Microsoft 365 services, such as OneNote, Outlook, Excel, OneDrive, Microsoft Teams, Planner, and SharePoint, are now exposed in Microsoft Graph. Microsoft Graph is a unified API endpoint for accessing data across Microsoft 365, which includes Office 365, Enterprise Mobility, and Security and Windows services. It provides a simplified developer experience, with one endpoint and a single authentication token that gives your app access to data across all these services. More details can be found here: https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Depending on the type of Microsoft 365 license applied will dictate what an organisation can customise within Microsoft 365. Standard customised features allow an organisation to change its theme to match its branding within the Microsoft 365 admin centre. End users can personalise pinned apps and notifications. Microsoft 365 also provides Microsoft Power Apps to allow developers to build applications quickly to innovate and solve problems.

Scaling

Independence of resources
Microsoft provides a high level of tenant isolation, both for security and for performance. Microsoft data centres are massively scaled and offer dedicated performance.

For more information, please review the latest information below:
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-tenant-isolation-overview

Analytics

Service usage metrics
Yes
Metrics types
You can easily see how people in your business are using Microsoft 365 services. For example, you can identify who is using a service a lot and reaching quotas, or who may not need a Microsoft 365 license at all. Reports are available for the last 7, 30, 90, and 180 days. Data won't exist for all reporting periods right away.

The reports become available within 48 hours!

Full details here: https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
For data at rest, Office 365 deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks.

Further information is available here: https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
User can export their data by following the guidance here: https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/back-up-data-before-switching-plans?view=o365-worldwide
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Docx
  • Xlsx
  • Pptx
  • PDF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Docx
  • Xlsx
  • Pptx

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Microsoft provides a financially backed uptime SLA. For details, please visit
https://www.microsoft.com/en-us/microsoft-365/blog/2013/08/08/cloud-services-you-can-trust-office-365-availability/
Approach to resilience
Microsoft offers a high level of resilience using multiple redundant data centres across the UK and the EU. Further details can here: https://docs.microsoft.com/en-gb/Office365/securitycompliance/office-365-data-resiliency-overview
Outage reporting
Via the service status portal - A tenant-specific 'Service Health' Dashboard is available in the Microsoft 365 Admin Center. Outages are also reported via email to the organisation administrators.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All support can be carried out by specified administration accounts only as required. Only those with granted permissions can access the admin centre and command-line operations.

Administration access is governed using Multi-factor authentication (MFA) and conditional access rules.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
01/11/2019
What the ISO/IEC 27001 doesn’t cover
Details of items that are included and not included can be found here: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=7c413968-9965-4a68-b59f-c0d106c63e4b&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_ISO_Reports
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • ENISA IAF
  • EU Model Clauses
  • EU-U.S. Privacy Shield
  • ISO 27001
  • ISO 27018
  • SOC 1
  • SOC 2
  • FEDRAMP
  • FIPS 140-2
  • NIST 800-171

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
FISMA/FedRamp, EU Model Clauses, HIPAA/HITECH, ISB 1596, ISO 27018, SASE16 SOC1 & SOC 2
Information security policies and processes
The Microsoft Cloud Security Policy is available via the Service Trust Platform

Microsoft customers and regulators expect independent verification of our security, privacy, and compliance controls. In order to provide this, Microsoft undergoes several independent third-party audits on a regular basis. For each one, an independent auditor examines data centres, infrastructure, and operations. Regular audits are conducted to certify our compliance with the auditing standards ISO 27001, SOC, FedRAMP and PCI/DSS. Audit reports can be found here: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Microsoft 365 has developed formal standard operating procedures (SOP's) governing the change management process. These SOP's cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1/SOC 2, NIST 800-53, and others.

Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft. OSA combines this knowledge with the experience of running hundreds of thousands of servers in data centres around the world.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Microsoft administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built tools, intensive automated/manual penetration efforts, quality assurance processes, software security reviews and external audits.

The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner.

The vulnerability management team tracks such issues and follows up frequently until they can verify that the issues have been remediated. Microsoft also maintains relationships and interfaces with members of the security research community.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft uses threat intelligence as protective monitoring of the product vulnerabilities. Threat intelligence gathers indicators or signals from a breadth and depth of sources to understand the threat landscape. As a security leader, Microsoft builds on our vast experience as a global enterprise, ongoing study of the threat landscape, broad scale, strength of signal, and visionary thinking to help understand and mitigate the effects of increasingly sophisticated attacks.

These include zero-day attacks, targeted phishing campaigns, and other novel attack methods. Microsoft employs threat researchers and analytics systems across our global network to implement timely actions in view of the threat.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
If an incident occurs, the security team logs and prioritises it according to severity. Events directly impacting customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Microsoft incident management program is structured on handling incidents.

Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information.

Tests consider a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Levett Consultancy is a proud member of the UK Government SME Climate hub where we are part of the business community aiming to halve carbon emissions by 2030 and contribute to net zero by 2050.

As a cloud technology driven business, reducing carbon emissions is built into all of our solutions to maximise a green future i.e. transitioning clients from inefficient on-premises server hardware to efficient Cloud Platforms, implementing hybrid working allowing staff to work from home and have video meetings with clients to cut down on carbon emissions caused by travel.
Covid-19 recovery

Covid-19 recovery

Levett Consultancy throughout the pandemic was one of the approved Department for Education (DfE) suppliers tasked with deploying Digital Learning Platforms to schools in England that would ensure learning could continue.

Since May 2020 Levett Consultancy has helped more than 40+ schools, academies and Multi-Academy Trust transition to the DfE approved Digital Learning Platforms.

By being an instrumental part of this project we have been able to invest in our local communities through job creation and skilling frontline workers to become confident using cloud technologies that enables them to deliver their services from any location.
Tackling economic inequality

Tackling economic inequality

At Levett Consultancy we take our community social responsibility very seriously.
We aim to conduct business in a way that is completely ethical.

This means we take into account the social, economic and environmental impact of everything we do. Where possible we predominantly use local uk suppliers to support our business needs.

We also have established a community and social responsibility program that enables us to give back to the local communities across the UK that have helped our business grow. We provide employment opportunities for those who are often furthest from employment and as an active member of the Defence Employer Recognition Scheme (ERS), we have been awarded the Silver Armed Services Covenant award by demonstrating our support to defence and the armed forces community and our aligned values with the Armed Forces Covenant.

We work with local schools and Academy Trusts to provide work experience opportunities for year 10 and 11 students who are interested in a technology career. We also invest in the National Apprenticeship scheme whereby we provide opportunities for young adults to gain the necessary skills to forge a career within the IT industry. At the end of an apprenticeship we also provide a path for apprentices to work within the company on a permanent basis.
Equal opportunity

Equal opportunity

Levett Consultancy positively encourages diversity and inclusion at all levels within the organisation, and we are proud to have provided many career development opportunities to past, present and future employees.

We are proud members of the Disability Confident scheme to support disabled people in the workplace helping them achieve their work and life goals. As part of our commitment to the Armed Services we provide opportunities for injured service personnel to gain work experience within the IT industry via the Career Transition Partnership (CTP) who help service personnel and their families transition from service life to civilian life.

We are also recognised as a Living Wage employer since the scheme was established, and invest in local staff and pay wages which meet everyday needs - like the weekly shop, or a surprise trip to the dentist.

We are committed to helping our staff develop and progress their career, to achieve this all staff have individual continuing professional development plans based on the objectives they have set for themselves within their annual performance review.

This approach ensures the employee has full control of their career development whilst being guided by experienced mentors to ensure they maximise their potential and achieve their goals. Our ethos is also passed on to our supply chain who before we formally engage with, regardless of size, we will check that their ethos align to our ethos, this includes meeting and complying with modern slavery laws and standards.
Wellbeing

Wellbeing

The welfare of all our employees is paramount priority and goes together with our regard to society impact.

All Levett Consultancy employees have access to private health care and 1:1 counselling support 24/7 during their employment. An employee work life balance is very important to Levett Consultancy, which is why all staff work 35 hours per week and have access to flexible working when needed.

We have also adopted hybrid work environments to allow staff to work from home when required. This approach allows our staff to be more productive whilst allowing the company to reduce its carbon footprint. We take a community approach to delivery of our services and products, where we have set up a customer advisory board made up of our local community of customers. The customer advisory board sits directly with our executive team, whereby any solutions or services we are looking to provide are first ratified by this board to ensure there is a positive impact on our customers and local communities.

Pricing

Price
£31.70 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A 30 day free trial is available for Microsoft 365. The trial is only available by registering online and is not subject to G Cloud terms and conditions. In addition, customers can engage with Levett Consultancy for a longer trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@levettconsultancy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.