Skip to main content

Help us improve the Digital Marketplace - send your feedback

Bytes Software Services

AvePoint Insights for Microsoft 365

Ensure compliance with aggregated sensitivity and activity data across your tenant so critical permissions surface at the top of the priority list. Implement corrective action on priorities, including permission removal, owner notification, or setting an expiration date - quickly securing collaboration in Teams, Groups, Sites, and OneDrive.

bssgc

Features

  • Aggregate exposed content with SIT thru a heat map.
  • Track exposure, like anonymous links, to improve security posture.
  • Add, edit, or remove permissions in workspaces, or documents..
  • Update permissions in batch based on object or user.
  • Object or user-based security searches into workspace and group permissions.
  • Equip admins to remove or edit permissions immediately.
  • Visibility on priority issues based on content sensitivity.

Benefits

  • Identify exposure such as Teams with shadow users.
  • Leverage tenant-wide object or user-based search.
  • Monitor critical access control and sesntitive data over time.
  • Prioritize anonymous links and groups based on content sensitivity.
  • Update out-of-policy permissions, anonymous links, shadow users, and more.
  • Lockdown at-risk content by expiring or removing permissions or individuals.
  • Prove impact of actions with time-based security dashboards.
  • Track risk score over time to demonstrate security posture.
  • Centrally audit admin activity to track improvements across Microsoft 365.

Pricing

£1.17 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@bytes.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 6 0 7 8 6 5 5 8 6 5 6 6 0 1

Contact

Bytes Software Services Chris Swani
Telephone: +44 (0) 7951 326815
Email: tenders@bytes.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Office 365, Microsoft 365
Cloud deployment model
Public cloud
Service constraints
No
System requirements
M365 Tenant required

User support

Email or online ticketing support
Email or online ticketing
Support response times
Telephone requests are immediate, other methods will be within 2 hours or more dependant on the severity of the request. For more information https://avepoint.com/products/support.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
AvePoint conducts extensive Quality Assurance before any release, and follows industry best practices for Accessibility. For further details, contact AvePoint.
Onsite support
Yes, at extra cost
Support levels
We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Self-help guides and videos are available to guide users through service set-up, administration, and use. Further onboarding services are defined and agreed in a Statement of Work.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers may request a copy of the data via our support team.
End-of-contract process
The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.

AvePoint complies with common accessibility guidelines. In addition, extensive Quality Assurance testing is performed before any release. Customers can optionally subscribe to "Insider Releases" to gain early access to updates, and provide feedback.
API
No
Customisation available
No

Scaling

Independence of resources
We employ a number of methods including elastic scaling to manage performance.

Analytics

Service usage metrics
Yes
Metrics types
Administration and Audit Reports provide information on all site collections, sites, Office 365 users, Office 365 Groups, and Microsoft Teams managed by Insights for M365.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Avepoint

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Not Applicable
Data export formats
Other
Other data export formats
Not Applicable
Data import formats
Other
Other data import formats
Not Applicable

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Public Network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability is set within the SLA
Approach to resilience
AvePoint leverages Microsoft Azure for hosting it's cloud service, which has a number of data centres for HA.
Outage reporting
Portal notifications with additional direct communication when appropriate.

Identity and authentication

User authentication needed
Yes
User authentication
Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
All authentication is carried out against Microsoft Azure or any supported Azure authentication method
Access restriction testing frequency
At least every 6 months
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Kompleye
ISO/IEC 27001 accreditation date
24/06/2021
What the ISO/IEC 27001 doesn’t cover
N/A. The Information Security Management System is applicable to secure software development and maintenance process including support business functions like Infosec, IT, HR, Sales and Marketing, Project Management, Operations and Call Centre.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC II, iRAP, FedRAMP, CSA
Information security policies and processes
AvePoint has a policy of transparency regarding our data collection, use, retention and sharing practices. It is our commitment to implement appropriate technical security measures to protect all AvePoint stakeholder and manage 3rd party risk. Further information is available at: https://www.avepoint.com/company/trust-center

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change Management is documented, requested, reviewed, approved, tested, and finally rolled out during off hours in order to have minimal effect on customers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
Incident management type
Supplier-defined controls
Incident management approach
Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

Fighting climate change

AvePoint are a Cloud based delivery organisation therefore reduce the impact of running Datacentres in the organisations

Covid-19 recovery

AvePoint are helping raising the Digital Skills in the region through education platforms

Tackling economic inequality

AvePoint are offering a Digital Inclusion for the digital deprived in the region to raise the skills and ability to find employment

Equal opportunity

AvePoint is a UK employer who has a full equal opportunity approach

Pricing

Price
£1.17 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
It is possible to trial the product for a 30 day period at no cost online. Please contact SalesUK@avepoint.com to initiate a trial.
Link to free trial
https://www.avepointonlineservices.com/services

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@bytes.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.