Wanstor Ltd

Managed Intune & Autopilot for Zero Touch Deployment

Intune and Autopilot are part of the Microsoft Enterprise Mobility + Security (EMS) suite, this suite of products is designed by Microsoft to be an intelligent mobility management and security platform. These products help protect and secure your organization and empower your employees to work in new and flexible ways.

Features

• Secure and central management of endpoint and mobile devices
• Flexible compliance technology for devices and apps
• Self-service deployment of company services for staff
• Manage digital policies that keep data safe on compliant devices
• Automated image provisioning for endpoint devices

Benefits

• Protect and control workforce's access to data
• Decrease cost of deployment
• Increase out-of-the-box security

£850 to £1,050 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@wanstor.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

882317074169687

Contact

Wanstor
02075927860
sales@wanstor.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: - You can manage devices running operating systems on the following platforms:; o Apple iOS/iPadOS; o macOS; o Android; o Android Enterprise; o Surface Hub; o Windows operating systems (professional and above); - Intune network configuration requirements: To ensure devices receive the updates and content from Intune, they must periodically connect to the Internet.; - Global Administrator access: To set up intune, global admin access is required. ; - Hybrid Join – For connection to existing on-premises active directory forests, the latest version of Azure AD connect. ; - For existing devices that are domain-joined, a VPN is required for each device.
• System requirements:
  • Azure Active Directory Tenant
  • Verify AAD Premium Subscription
  • A supported MDM service such as Microsoft Intune
  • Supported versions of Windows 10 or Windows 11
  • Appropriate M365 Licensing

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Incident response SLA is standard 24/7/365 Service request - Mon-Fri 9am - 5.30pm
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Different support levels can be viewed in the Service overview document. These are dependant on customer type, need and experience. We allow customers to transition between support levels and a as these levels are based on a per user or per device type basis, pricing is transparent. Engineering support is included in our delivery mode and a technical account manager is part of the overall service contract.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Upon customer request, Wanstor can provide workshops, onsite training, and offsite training with user guides. Wanstor also supports further understanding on an ad-hoc basis for any questions that the customer requires assistance on during the onboarding process.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All customer data is stored in Microsoft's Cloud, customers can transfer the Tenant (including data) when the contract ends to another service provider. If other data exists, the customer can request this data via email.
• End-of-contract process: The majority of costs are associated with the Microsoft licensing scheme and are normally purchased on a per-month basis. these costs are transferred to the new service provider at the end of the contract.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: The complete solution is based on Microsoft's cloud services, they are fully managed and maintained by Microsoft including SLAs covering demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Microsoft uses industry standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) to encrypt all data in transit between users’ devices and Microsoft datacenters, and between Microsoft datacenters. Data in transit includes, mail messages in the process of being delivered, files shared and in transit between users, and conversations in online meetings. Microsoft also helps keep data safe by encrypting it while at rest in Microsoft datacenters.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is stored in Microsoft's cloud and can be exported through tooling provided by Microsoft. Customers can directly export their data from these tools
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are predominately from Microsoft and the latest SLA information can be found on https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?isToggleToList=True&lang=1&year=2022
• Approach to resilience: Microsoft 365 services are designed and operated to be highly available and resilient to failure by focusing on four areas:; 1. Active/Active design - There are always multiple instances of a service running that can respond to user requests and that they are hosted in geographically dispersed datacentres; 2. Reduce incident scope - Incidents are partitioned from each other, Updates are controlled in a graduated fashion.; 3. Fault isolation - Partitioned off from each other to prevent a failure in one from affecting another; 4. Continuous service improvement - Microsoft's redundant cloud architecture and rigorous internal processes aim to keep services accessible
• Outage reporting: Microsoft provide a series of cloud status portals that are accessible to the customer using their credentials, additionally, Wanstor monitor these portals and email our customers of these outages, and provide support desk management to keep track of open tickets. Once the outage has been cleared, open tickets are reviewed with the logger, and closed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Where access to customer infrastructure is required, Wanstor uses a secure backup and admin connection to components for monitoring, support, and backups. All traffic across this connection is secure and segregated. For remote access requirements for support services, Wanstor can provide two-factor authenticated remote access via the internet to administer the server infrastructure using SSL-VPN access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 13/11/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Wanstor follows the information security policies and procedures created in line with ISO 27001, Cyber Essentials, and Cyber Essentials Plus. Wanstor is audited at regular intervals by independent third-party auditors who issue the certifications. In addition, Wanstor has a robust internal audit and risk assessment function to ensure continued compliance between certification audits.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: A change control process in-line with our ISO27001 procedures.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Wanstor performs daily vulnerability scans via a third-party approved vendor. These scans are both internal and external. Vulnerabilities are remediated in line with cyber essentials plus guidance. Updates and patches are applied in-line with our change control process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Wanstor uses internal tools to actively monitor our security. Responses to potential compromises and threats are dealt with, in line with our incident management process. Service Level Agreements are associated with items based on the severity of the threat.
• Incident management type: Supplier-defined controls
• Incident management approach: Wanstor follows an ITIL based approach to incident management. We have a range of pre-defined processes and escalation paths depending on the nature of the incident being reported by the user. Users can report IT incidents through Phone, Email, Chat and via a Website. We can provide incident reports to users in the form of an email which details their IT incident, action taken to resolve and how long the end outcome will be. Additionally IT teams can access a variety of incident reports showing, volume, type, timings, actions taken and resolution rates in line with agreed SLA's.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery

  Fighting climate change

  Improve workplace conditions that support remote working, and sustainable travel solutions

  Covid-19 recovery

  Improve workplace conditions that support remote working, and sustainable travel solutions

Pricing

• Price: £850 to £1,050 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@wanstor.com. Tell them what format you need. It will help if you say what assistive technology you use.