AvePoint Insights for Microsoft 365
Ensure compliance with aggregated sensitivity and activity data across your tenant so critical permissions surface at the top of the priority list. Implement corrective action on priorities, including permission removal, owner notification, or setting an expiration date - quickly securing collaboration in Teams, Groups, Sites, and OneDrive.
bssgc
Features
- Aggregate exposed content with SIT thru a heat map.
- Track exposure, like anonymous links, to improve security posture.
- Add, edit, or remove permissions in workspaces, or documents..
- Update permissions in batch based on object or user.
- Object or user-based security searches into workspace and group permissions.
- Equip admins to remove or edit permissions immediately.
- Visibility on priority issues based on content sensitivity.
Benefits
- Identify exposure such as Teams with shadow users.
- Leverage tenant-wide object or user-based search.
- Monitor critical access control and sesntitive data over time.
- Prioritize anonymous links and groups based on content sensitivity.
- Update out-of-policy permissions, anonymous links, shadow users, and more.
- Lockdown at-risk content by expiring or removing permissions or individuals.
- Prove impact of actions with time-based security dashboards.
- Track risk score over time to demonstrate security posture.
- Centrally audit admin activity to track improvements across Microsoft 365.
Pricing
£1.17 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 6 0 7 8 6 5 5 8 6 5 6 6 0 1
Contact
Bytes Software Services
Chris Swani
Telephone: +44 (0) 7951 326815
Email: tenders@bytes.co.uk
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- Office 365, Microsoft 365
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
- M365 Tenant required
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Telephone requests are immediate, other methods will be within 2 hours or more dependant on the severity of the request. For more information https://avepoint.com/products/support.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- AvePoint conducts extensive Quality Assurance before any release, and follows industry best practices for Accessibility. For further details, contact AvePoint.
- Onsite support
- Yes, at extra cost
- Support levels
- We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Self-help guides and videos are available to guide users through service set-up, administration, and use. Further onboarding services are defined and agreed in a Statement of Work.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Customers may request a copy of the data via our support team.
- End-of-contract process
- The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
-
Users access services via http://www.avepointonlineservices.com/login. Users have access to available functions through our GUI based on their permissions or role.
AvePoint complies with common accessibility guidelines. In addition, extensive Quality Assurance testing is performed before any release. Customers can optionally subscribe to "Insider Releases" to gain early access to updates, and provide feedback. - API
- No
- Customisation available
- No
Scaling
- Independence of resources
- We employ a number of methods including elastic scaling to manage performance.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Administration and Audit Reports provide information on all site collections, sites, Office 365 users, Office 365 Groups, and Microsoft Teams managed by Insights for M365.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Avepoint
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Never
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Not Applicable
- Data export formats
- Other
- Other data export formats
- Not Applicable
- Data import formats
- Other
- Other data import formats
- Not Applicable
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- Public Network
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Availability is set within the SLA
- Approach to resilience
- AvePoint leverages Microsoft Azure for hosting it's cloud service, which has a number of data centres for HA.
- Outage reporting
- Portal notifications with additional direct communication when appropriate.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- All authentication is carried out against Microsoft Azure or any supported Azure authentication method
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Kompleye
- ISO/IEC 27001 accreditation date
- 24/06/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A. The Information Security Management System is applicable to secure software development and maintenance process including support business functions like Infosec, IT, HR, Sales and Marketing, Project Management, Operations and Call Centre.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC II, iRAP, FedRAMP, CSA
- Information security policies and processes
- AvePoint has a policy of transparency regarding our data collection, use, retention and sharing practices. It is our commitment to implement appropriate technical security measures to protect all AvePoint stakeholder and manage 3rd party risk. Further information is available at: https://www.avepoint.com/company/trust-center
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Change Management is documented, requested, reviewed, approved, tested, and finally rolled out during off hours in order to have minimal effect on customers.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
Fighting climate change
AvePoint are a Cloud based delivery organisation therefore reduce the impact of running Datacentres in the organisationsCovid-19 recovery
AvePoint are helping raising the Digital Skills in the region through education platformsTackling economic inequality
AvePoint are offering a Digital Inclusion for the digital deprived in the region to raise the skills and ability to find employmentEqual opportunity
AvePoint is a UK employer who has a full equal opportunity approach
Pricing
- Price
- £1.17 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- It is possible to trial the product for a 30 day period at no cost online. Please contact SalesUK@avepoint.com to initiate a trial.
- Link to free trial
- https://www.avepointonlineservices.com/services