Microsoft Dynamics 365 Installation & Consultancy Services

NEXER are a reseller of Microsoft Dynamics licenses and we provide installation, consultancy / implementation services and Application Management and Support (AMAS). This includes D365 Finance, SCM, Commerce, Retail, Sales, Marketing, Customer Service, Field Service, HR Project Operations and supporting technology such as Business Intelligence and the PowerPlatform.


  • Cloud (Azure) based modern Finance, ERP, CRM and HR solutions
  • Based on industry standard business processes
  • Inbuilt industry leading Business Intelligence (PowerBI)
  • Global solution which is localised for individual country regulatory requirements.
  • Scalable architecture in the cloud
  • Continual updates to remain on the latest versions of software
  • Integrated with the wider Microsoft stack of applications
  • Proven implementation methodology for successful adoption and deployment
  • Local and global helpdesk for ongoing help and support


  • Access systems and information any time from anywhere across device
  • Utilise, centralise and standardise business processes
  • Improve user experience with a modern Microsoft user interface
  • Improve speed of insight with accurate business intelligence
  • Make the most of your existing investment in Microsoft
  • Low risk investment given the significant ongoing investment from Microsoft
  • Integrated business applications across Microsoft Dynamics 365
  • Centralised and standardised data
  • Proven implementation methodology for successful adoption and deployment
  • Local and global helpdesk for ongoing help and support


£6 a licence

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

9 4 8 0 3 0 9 7 8 6 2 4 9 7 4


Telephone: 07395021600

Service scope

Service constraints
System requirements
  • Speed of internet access for users as requested by Microsoft
  • Each user must have a license for system access
  • Device system access based on specifications provided by Microsoft
  • Internet browser access

User support

Email or online ticketing support
Email or online ticketing
Support response times
NEXER provide in country and global Application Management and Support Services (AMAS) covering office working hours, 24x5, 24x7 or a tailored times to suit your business. The typical SLAs for incident response are as follows: P1: (Initial Response 20 minutes and Target Resolution Time 2 hours). P2: (Initial Response 20 minutes and Target Resolution Time 4 hours). P3: (Initial Response 20 minutes, Target Resolution Time 8 hours). P4: (Initial Response 30 minutes, Target Resolution Time 16 hours). P5: (Initial Response 30 minutes, Target Resolution Time 72 hours).
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
NEXER have multiple support offerings from a per incident tickets, an hourly rate or a fixed price agreement all set against SLAs which means the price for our service can be as low as £6k per year. Our service is typically a second line support service to the Clients team but we can offer first line support also. NEXER also has an Advanced Support for Partners) agreement with Microsoft directly which is in place to support the client with issue escalation with Microsoft should there be any issues with the software. NEXER will assign a Client Lead and Support Lead as escalation points for the agreement and NEXER provides access to a team of functional and technical consultants to resolve the incidents. The incidents are routed to the correct resource(s) depending on the nature of the question.
Support available to third parties

Onboarding and offboarding

Getting started
NEXER provide comprehensive services to help with installation, implementation, training and support in making sure that Microsoft Dynamics 365 is setup and operating in the best way for your business.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
  • Azure DevOps
End-of-contract data extraction
Should the client wish to stop using the Microsoft Dynamics business applications then the client is able to extract data using the data management tools that is part of the standard solution. There are no additional costs or restrictions for accessing data.
End-of-contract process
NEXER will provide implementation services to install software and configure the solution(s). NEXER then provide optional Application Management and Support (AMAS) for ongoing BAU support. NEXER will also support with any further optimisation work.

Using the service

Web browser interface
Using the web interface
Microsoft is committed to making the products easy for all to access. The user interface is very intuitive and easy to use as it is a Microsoft product and similar to using other Microsoft UI tools such as Microsoft 365. The UI also includes integration business intelligence and reporting.

Users are provided a link to access software on signing an order which provides full access to the software including security roles to allow users different levels of access to the software. As a full system administration user, these users have full access to view and update the system if required.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Windows Narrator and keyboard-only access: Every field and control has a label and a description of applicable shortcuts. A screen reader can read the label and description. Shortcuts for the most frequently performed actions: For most users, everyday system use involves lots of data entry and keyboard interaction. To enhance the user experience, we have created shortcuts to help you "jump" around the screen and shortcuts for specialized actions.
What users can and can't do using the API
Microsoft Dynamics has a set of prebuilt APIs allowing for efficient import and export of data. The APIs are provided as standard with the solution but these can also be updated or new APIs created.
API automation tools
API documentation
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface
Command line interface compatibility
Using the command line interface


Scaling available
Scaling type
Independence of resources
Microsoft through the Azure cloud provides an elastic and scalable infrastructure to support your business. Microsoft's technical landscape scales automatically to support the business needs and there is also a Microsoft Dynamics Service Engineering team who monitor the systems.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Microsoft Dynamics 365 Application
  • Database
  • Data
Backup controls
As part of the Azure cloud environment that Microsoft Dynamics 365 is hosted on, automate backup is included due to Microsoft system resilience with automated backup to other data centres to support the SLAs that are in place with Microsoft.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Microsoft Dynamics operating on the Azure cloud has a 99.9% uptime SLA with service penalties if Microsoft fail to meet this SLA. Should a client believe that the SLA has not been met then the client can make a claim to Microsoft. For NEXER helpdesk issues that are addressed through the Application Management and Support (AMAS) service, NEXER most typical provide a target SLA but can also provide a model to include service credits if needed.
Approach to resilience
Microsoft's Enterprise Business Continuity Management (EBCM) team oversees business continuity management and disaster recovery activities across Microsoft services and cloud offerings. Representatives from Microsoft business units coordinate with the EBCM team to develop business continuity plans and validate compliance with business continuity requirements. This three-phase process is designed to be adaptable so it can be implemented by a wide variety of business models across Microsoft. It begins with an Assessment phase to identify critical processes and objectives that should be included in the business continuity program. The Assessment phase also requires a Business Impact Analysis (BIA). The Planning phase focuses on developing and implementing resilience and recovery strategies and documenting them in official business continuity plans. Finally, Capability Validation tests business continuity plans and their implementations to verify effectiveness and identify potential improvements. Microsoft online services business continuity strategies use hardware, network, and datacenter redundancy. Data replication between datacenters provides high availability and reliability during a catastrophic incident. It also increases resilience to mundane incidents such as isolated hardware failure or data corruption.
Outage reporting
Microsoft has a feature called Report production outage. This feature provides a quick and effective channel to escalate issues to Microsoft Support in the event that the services in a production environment are degraded or become unavailable. This is a public facing portal. It is typical to get emails and alerts from Microsoft where there is a known issue.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Each user in the system is assigned a role which has security associated which restricts users to the functions that they are provided access to.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Our certification covers the provision of IT consulting and management consulting as well as provision of managed services in the area of development, maintenance, operation and support of IT solutions. All in accordance with Statement of Applicability v4. We have the required level of certification for the work carried out by NEXER.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
As Microsoft is the solution that NEXER provide services to implement, Microsoft have the relevant certifications in place.
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
ISO 27001

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
NEXER will provide access to Microsoft licenses to use the Microsoft Dynamics 365 business applications. Microsoft provide comprehensive security policies and processes in line with the cloud software that is provided. NEXER are GDPR and security compliant with ISO9001, 140001 and 27001 certifications in place. NEXER also have data breach policies in place and a security officer available should any breaches occur.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration review is included in Nexer’s methodology through configuration and playback workshop cycles. Nexer typically include three iterations to cover configuration in every area of the solution. Further validation of the configurations is carried out during System Integration testing and Scenario User testing. Maintenance updates i.e. security and operating system updates, to the Production environment are undertaken by Microsoft on a regular schedule. Microsoft software updates are either deployed by Microsoft to the nominated Sandbox and Production environments on a schedule configured in Lifecycle Services, or by the Customer if the update is required sooner than the Microsoft schedule.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Microsoft have responsibility with the Dynamics 365 SaaS model for the infrastructure and hosting of the cloud solution. Microsoft rate vulnerabilities as either Critical, Important, Moderate or Low. These are described/determined as follows: Microsoft perform regular vulnerability testing for the Dynamics 365 platform. Microsoft issue notifications to Lifecycle Services Project Owners for D365 environments, and to tenant administrators via the Microsoft admin centre. Validation of security controls relating to vulnerability management can be found at During implementation, Nexer deliver workshops relating to application security design and best practices.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Dynamics 365 leverages the Microsoft Cyber Defence Operations Center (CDOC), which brings together security response experts from across the company to help protect, detect, and respond 24/7 to security threats against Microsoft's infrastructure and services. Microsoft Malware Protection Center’s team of researchers identify, reverse engineer, and develop malware signatures and then deploy them across the Microsoft infrastructure for advanced detection and defence. Dynamics 365 is ISO 27001, ISO27017 and ISO 27018 certified ( Dynamics 365 is also compliant with TISAX Standard ( Dynamics 365 is designed on the principles of the Software Development Lifecycle ( SDL) and embedding security requirements.
Incident management type
Supplier-defined controls
Incident management approach
Microsoft conform to National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 in managing security incidents. Several teams at Microsoft provide varying and related services as a preventative measure, including monitoring, detection and response. Examples include the “Microsoft Security Response Center” to identify, monitor, resolve and respond to security incidents and vulnerabilities; “Microsoft Datacenter Security Team” whose remit is to ensure common security investments are in place to protect, detect and respond to threats; "Microsoft security response teams” and "Customer experience communication teams"

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres

Social Value

Fighting climate change

Fighting climate change

Covid-19 recovery

Covid-19 recovery

Tackling economic inequality

Tackling economic inequality

Equal opportunity

Equal opportunity





£6 a licence
Discount for educational organisations
Free trial available
Description of free trial
A monthly trial version is available for organisations to look at the standard software.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.