Intercity Technology Limited

Managed Azure Virtual Desktop

Intercity’s Managed Azure Virtual Desktop is a secure, scalable virtual desktop solution. It enables access to Windows desktops and applications from anywhere, on any device with centralised management and automated updates. Improving productivity and flexibility while reducing IT overhead. Ideal for organisations embracing remote work and cloud-based desktop solutions.

Features

• Multi-session Windows 10 and Windows 11 desktops
• Optimised Microsoft 365 and Teams experience
• Built-in security
• Scalability and elasticity
• Reduced costs
• Simplified management
• Remote access
• BYOL images
• FSLogix profile roaming
• Application testing

Benefits

• Improve productivity and flexibility whilst reducing IT overhead
• Improved performance and reliability
• Enhanced security
• Increased flexibility and scalability
• Reduced complexity
• Access to expertise
• Business continuity and disaster recovery

£775.80 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intercity.technology. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

464772931454658

Contact

Elise Sheridon
0330 332 7933
tenders@intercity.technology

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: User licence comes with Microsoft 365 Business Premium, which means users are charged only for their Azure infrastructure consumption.
• Cloud deployment model: Public cloud
• Service constraints: Windows 10 or 11.
• System requirements: Microsoft 365 Business Premium

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2 hours during business hours on business days. Emails received out of hours will be responded to during our working hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is available 08:00-18:00 on business days. Support is provided by our Managed IT team of engineers, which also includes field engineers to provide on-site assistance.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Service delivery begins with a discovery phase, when our solution architects work with you to understand your needs and requirements for Managed AVD, as well as the technical, security, and compliance aspects of your environment. The outcome is a costed solution design and migration plan for moving your existing workloads to your new AVD environment, and a statement of work which describes all the details of the project to be delivered by a dedicated APM-certified Intercity project manager.; During the delivery phase, we implement the solution design. This includes provisioning and deploying the AVD environment, configuring it for your applications, security, and performance requirements. We integrate it with your on-premises network, including for example configuring VPNs, load balancers, and other network devices. We also integrate it with your Identity and Access Management system, enabling users to login with their existing credentials.; We then test the AVD environment to ensure that it is working properly, including user authentication, application performance, and security features. We implement monitoring and logging solutions to track performance and security. Finally, we provide training and support on how to use and manage your AVD environment, including enablement of users to self-support with basic troubleshooting.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: They should ensure they have recent backups of critical data, including user profiles, application configurations, and any other essential information. If they are using a golden image, ensure they have a copy of it, and also ensure that they have documentation of any customisations made to the environment. Use Azure Data Migration Services if they are moving to another Azure environment or export data to on-premises storage if transitioning away from Azure. Inform AVD users about the contract end and extraction process, advising them to back up any personal data. Ensure compliance with data retention policies and legal requirements, and securely delete data if necessary after extraction.
• End-of-contract process: The setup charge also includes our reasonable costs incurred for off-boarding, including planning, data migration and archiving, and deprovisioning. Azure will no longer charge users an egress fee to remove their data (permanently) from the Azure cloud. The user is responsible for any costs arising for data storage after the contract termination date, including any Azure infrastructure and on-premises storage devices.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: On mobiles, smaller screens limit workspace, touchscreens are less efficient for precision tasks, limited processing power may impact performance, connectivity can be less stable, and some apps may not be optimised for mobile screens.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The options are the Remote Desktop Client for Windows, which is installed on the user's PC or the Remote Desktop Web Client, which is a web interface. The user experience is virtually the same as if they were using a physical (rather than virtual) desktop. An exception is Teams/Zoom/etc which it is better to run directly on the user's host device, not their AVD instance.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: None - however, AVD aims to conform to WCAG standards and strives to meet the highest level (AAA) whenever possible
• API: No
• Customisation available: Yes
• Description of customisation: Custom image templates, e.g. a "golden image" for the customer's AVD environment. Operating System customisation, i.e. Windows 10/11 for workstations and Windows 7 through 22 for servers. Windows licensing options, e.g. M365 and Windows E3/E5. Customised applications. Network optimisation. Various user devices. Azure Active Directory for authentication and identity management. We carry out any customisation during deployment, testing and through in-life change management.

Scaling

• Independence of resources: Resource allocation and scaling - dynamic scaling based on user demand and proper resource allocation to each host. Isolation and fairness - ensure that users' sessions are isolated from each other and apply fair share policies to prevent hogging, also limit the impact of resource-intensive applications. Profile management - keep user-specific settings separate to avoid conflicts and ensure consistent experiences. Monitoring and alerts - continuously monitoring session host performance and user experience, with alerting of performance issues. Proper session clean-up and user logoff. Capacity planning with predictive scaling and load testing. User segmentation into application groups. SLAs for AVD performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Azure Virtual Desktop Insights - environment dashboard. Azure Monitor - virtual machine performance. Custom reports.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Use Azure Data Migration Services if moving to another environment or export to on-premises storage if transitioning away from Azure.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • JSON
  • XML
  • Parquet
  • TXT
  • ORC
  • Excel CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JS0N
  • XLSX
  • XML
  • Parquet
  • Avro

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: A layered approach as follows. Network security: network segmentation, deploying session hosts in a separate subnet with specific firewall rules; network security groups with access rules to control traffic; firewall to scan for malware and enforce traffic rules. Identity security: Azure AD for identity and access management; MFA. Endpoint protection: antivirus and anti-malware. Data encryption: encrypt session hosts' disks and encrypt data in transit. Monitoring and logging for security events and anomalies. Access controls: least-privilege access and role-based access control. Backup and disaster recovery: regular backups of session hosts and a well-defined and table-top tested DR plan.
• Data protection within supplier network: Other
• Other protection within supplier network: A layered approach as follows. Security boundaries: separating different levels of trust, isolating components to prevent unauthorised access. Session host best practices: managed disk encryption, screen capture protection to prevent data capture on endpoints through OS features, and watermarking to identify sensitive data. Identity security using Azure AD and MFA. Network controls to limit access, e.g. using Azure Firewall. Regular monitoring and auditing of resource utilisation, performance, and security events, with reviewing of logs to detect unauthorised access attempts. Capacity planning and optimisation to predict resource needs, scale accordingly and optimise performance.

Availability and resilience

• Guaranteed availability: Uptime percentage: <99.9%, service credit 10%; <99%, service credit 25%; <95$%, service credit 100%. Microsoft applies service credits to the customer's Azure account, which is reflected in the invoice we receive from our Microsoft Cloud Service Provider and which we use to invoice the customer.
• Approach to resilience: Each customer is allocated at least two session hosts in a high-availability configuration, with each host in a different point of presence in the Azure cloud, at the Azure data centres in London and Cardiff.
• Outage reporting: A public dashboard - the Azure status page.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: All management interfaces are isolated on dedicated equipment and accessible only from a secure operations centre. All support activity is also isolated to the operations centre.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR Limited
• ISO/IEC 27001 accreditation date: 29/09/2016
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: TBC

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration and Change Management is in accordance with and ITIL process and are included with the scope of our ISO27001 - Information Security and ISO20000-1 - Service Management certification.; ; This embeds a security impact assessment across all potential changes to the design of a service to ensure customer data and assets are protected, and any changes that are approved by the Change Advisory Board, and implemented by our operational support teams do not introduce security risk or vulnerability into the service
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Ulnerability Management and Patch Management Policy's are included within the scope of ISO27001 certification and ensure compliance.; ; We have automated notifications from key vendors for security vulnerability alerts. ; ; Notifications are assessed by our 24x7x365 Secure Operations Centre (ISOC). If considered high risk are reviewed by an Operations Specialist. If the risk category is agreed then the risk will be addressed via an Emergency Change including communication to affected customers. Target SLA is 4 hours; ; If graded as a low risk, a normal maintenance window will be agreed and planned. These are flexibly scheduled around customer requirements.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring is in accordance with ISO27001 certification; ; Our Cloud Security product provides content-level inspection, bringing intelligence to detect, log and quarantine known and zero-day attacks, as well as providing traditional next-generation firewall protection (ports/protocols/IP addresses); ; The service is fully monitored, and managed by our UK-Based 24x7x365 Secure Operations Centre, (ISOC). The ISOC, which is also responsible for managing life-critical health and transport public safety systems, operates in accordance with ITIL best practice. ; ; All security incidents have a P1 priority which has a 30 minute response, and 4 hour target fix.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management follows an ITIL Process and is included within our scope of ISO27001 & ISO2000:1 certification.; ; The incident management lifecycle is delivered using our own service management system. Our in-house developed monitoring system (ServiceAlert®) integrates into our middleware automation platform and our ticketing system to process and filter data to ensure accurate fault reporting and service health, and effective management of the service.; ; Customers receive status information at regular, predefined intervals based upon incident priority. If the customer takes a managed service from us, they receive automated monthly activity reports containing service performance data.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We are committed to reducing our environmental impact and continually improving our environmental performance as an integral and fundamental part of our business strategy and operating methods. ; ; Our policy is to: ; ; • Support and comply with or exceed the requirements of current environmental legislation and codes of practice. ; • Minimise our waste and reuse or recycle as much of it as possible. ; • Minimise energy and water usage in our buildings, vehicles, and processes to conserve supplies, and minimise our consumption of natural resources, especially where they are non-renewable. ; • Apply the principles of continuous improvement in respect of air, water, noise, and light pollution from our premises and reduce any impacts from our operations on the environment and local community. ; • As far as possible purchase products and services that do the least damage to the environment and encourage others to do the same. ; • Assess the environmental impact of any new processes or products we intend to introduce in advance. ; ; We’re certified to ISO140001:2015 and a member of two Corporate Social Responsibility (CSR) initiatives - Global Compact and Eco Vadis.; ; • The EcoVadis sustainability assessment methodology evaluates how well a company has integrated the principles of Sustainability/CSR into their business and management system. ; • The methodology is built on international sustainability standards, including the Global Reporting Initiative, the United Nations Global Compact, and the ISO 26000, covering 200 spend categories and 160+ countries. ; • The Sustainability Scorecard illustrates performance across 21 indicators in four themes: Environment, Labour and Human Rights, Ethics, and Sustainable Procurement. ; • Intercity Technology’s current EcoVadis score for 2022 – 2023 is 81% (up from 68% in previous years). ; • We have been awarded by EcoVadis a platinum medal in recognition of our sustainability achievement for our score which is in the top 1%.

Pricing

• Price: £775.80 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intercity.technology. Tell them what format you need. It will help if you say what assistive technology you use.