Skip to main content

Help us improve the Digital Marketplace - send your feedback

Shaping Cloud

Microsoft Cloud Licences

Shaping Cloud Microsoft Cloud Licences allows you to purchase, provision and manage your Microsoft licences and Azure subscriptions directly from us. This offers customers an accessible route to software licenses, storage and cloud compute. In addition, we support customers with advice to get the best out of their cloud investment.

Features

  • Office 365 / Microsoft 365
  • Windows and End User Compute
  • Windows Server and Microsoft SQL
  • Azure Services with no minimum spend
  • Instantly provision your licencing and cloud
  • Optimise licences to match usage
  • Managed service support
  • Security services
  • Public Sector and Education discounts available

Benefits

  • Transparent pricing, with no hidden fees
  • Flexible monthly or annual licencing
  • Licence optimisation to get the most from your spend
  • Access to Microsoft support
  • Centralised subscription and licence management

Pricing

£0.01 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@shapingcloud.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

9 7 0 1 8 8 7 7 5 1 1 6 5 4 5

Contact

Shaping Cloud SC Customer Relationship Team
Telephone: 01614085333
Email: sales@shapingcloud.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Supported internet browsers
  • Hardware meets application requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
We typically respond to questions within 30 minutes of asking them, or immediately depending on the method of contact and availability. For support services, we have standard SLAs available for working hours, or 24/7/365. The response times for this are defined with the SLA and depend on the categorisation and prioritisation of incident / query.
We also offer tailored SLAs for all clients - our response times are agreed with each client, defined in the SLA and are flexible according to your needs.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Our support arrangements are tailored to your specific needs, as our experience shows that no 'one-size' fits all requirements. We will discuss your customer support requirements (including the support/services, service levels, response times, communication channels and reporting) to agree your specific requirements for the services that you are looking for.
Our support methodology is based on the rigour of ITIL and the flexibility of Agile principles and a Dev Ops culture. A typical support team is led by a technical account manager who is responsible for day-to-day support and allocation of support requests to our engineers and technical specialists. This approach provides a resilient support service with sufficient cover to ensure all support requests are managed in an effective and efficient manner.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a range of on-boarding services to help organisations get started with the Microsoft product set, including:

- Cloud readiness assessment
- Strategy and business case development
- Cloud migration and transformation
- Optimisation
- Managed service
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Please see: https://docs.microsoft.com/en-us/search/?terms=data%20portability
End-of-contract process
The amount of notification required to end the contract depends on the length of contract taken out and will be included in the call-off contract. At the end of the contract process, Shaping Cloud will support the organisation in extracting any data or moving to another supplier.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
User experience will depend on device type.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Service interface will depend on the service accessed.
Accessibility standards
None or don’t know
Description of accessibility
Please see: https://www.microsoft.com/en-us/accessibility/features
Accessibility testing
Please see: https://www.microsoft.com/en-us/accessibility/features
API
Yes
What users can and can't do using the API
Please see: https://docs.microsoft.com/en-us/windows/web/apis
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Please see: https://docs.microsoft.com/en-us/search/?terms=customisation

Scaling

Independence of resources
Microsoft cloud delivers at a global scale. Correctly configured services and components scale to meet business demand. Please see: https://docs.microsoft.com/en-us/search/?terms=independence%20of%20resources

Analytics

Service usage metrics
Yes
Metrics types
The Microsoft product set provides metrics in a number of ways. Please see: https://docs.microsoft.com/en-us/search/?terms=service%20metrics
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported in a number of ways, depending on the Microsoft service. Please see: https://docs.microsoft.com/en-us/search/?terms=data%20export
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Various formats can be exported from the Microsoft product set
  • Shaping Cloud can support export requirements
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Various data formats can be imported into the product set
  • Shaping Cloud will support data import work

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Please see: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection

Availability and resilience

Guaranteed availability
Please see: https://docs.microsoft.com/en-us/search/?terms=SLAs
Approach to resilience
Please see: https://docs.microsoft.com/en-us/search/?terms=datacenter%20resilience
Outage reporting
Microsoft reports service health: https://portal.office.com/servicestatus

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
01/01/2022
What the ISO/IEC 27001 doesn’t cover
Please see https://docs.microsoft.com/en-gb/compliance/regulatory/offering-ISO-27001?view=o365-worldwide
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
12/02/2019
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
None
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
01/11/2017
What the PCI DSS doesn’t cover
Service Scope is identified here http://aka.ms/azure-pci
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • FACT
  • FedRamp
  • NIST 800-171
  • FIPS 140-2
  • CCSL (IRAP)
  • CDSA
  • ISO 27001 (ISMS), 27017 (Cloud Security), 27018 (Personal Data)
  • SOC 1, SOC 2, SOC 3
  • 22301 (Business Continuity), 9001 (Quality Management)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Shaping Cloud is Cyber Essentials Plus certified.
Information security policies and processes
Shaping Cloud uses Cyber Essentials Plus aligned information security policies and processes.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.

Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability management recommendations focus on addressing issues related to continuously acquiring, assessing, and acting on new information in order to identify and remediate vulnerabilities as well as minimizing the window of opportunity for attackers.
1: Run automated vulnerability scanning tools
2: Deploy automated operating system patch management solution
3: Deploy automated patch management solution for third-party software titles
4: Compare back-to-back vulnerability scans
5: Use a risk-rating process to prioritize the remediation of discovered vulnerabilities
For more information https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft Defender for Cloud helps you prevent, detect, and respond to threats. Defender for Cloud gives you increased visibility into, and control over, the security of your Azure resources as well as those in your hybrid environment.

Defender for Cloud performs continuous security assessments of your connected resources and compares their configuration and deployment against the Azure Security Benchmark to provide detailed security recommendations tailored for your environment.

In addition Intelligent Security Graph provides real-time threat protection. It uses advanced analytics that link a threat intelligence and security data to provide insights that can strengthen organisational security.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analysed to protect against future reoccurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

Consuming cloud services from the main hyper-scale cloud providers and being a part of their commitment to being carbon neutral by 2025 and carbon negative by 2030. Right sizing workloads in the cloud and regularly reviewing consumption further supports these targets and ensures minimum carbon footprint.

As part of our engagement with any Customer, we are able to measure the reduction in carbon footprint as a result of adopting cloud services in preference to traditional technology. This supports each organisation in achieving their own plans to become net zero.

We are a 100% cloud-based SME, with a minimal carbon footprint and a target to have a zero-carbon footprint by 2030 - so partnering with us also supports moving to a zero carbon footprint in your supply chain.

Microsoft's view https://www.microsoft.com/en-us/corporate-responsibility/sustainability/operations
Covid-19 recovery

Covid-19 recovery

We are a UK-based SME who creates UK jobs. We have programmes to recruit from a diverse base, including career changers. We are already a diverse workforce and have targets to ensure we continue to be diverse.
We are committed to supporting our Customers in the public sector with their plans to support help communities manage and recover from the impact of COVID-19.

Use of cloud services ought to ensure your organisation is agile in the response to recovery. Right-sizing and optimising your use of cloud, which we can help you with, will ensure a sound investment of public funds - retaining as much funding as possible for deliver of public services and interventions such as Covid-19 recovery.

Microsoft's view https://news.microsoft.com/covid-19-response/
Tackling economic inequality

Tackling economic inequality

We are a UK SME with a diverse workforce. We recognise the benefits from having a diverse workforce and therefore target people from all backgrounds to work at Shaping Cloud.

We support career changers and measure values and culture alignment along with career potential higher than formal education - ensuring equal opportunity for those from all economic backgrounds. We partner with a variety of organisations to provide digital training for those from diverse and deprived backgrounds – providing them with their first employment experience subsequent to this training.

All our employees are paid above the Living Wage and receive additional benefits, such as private health - having a positive impact on themselves and their families and communities.
All our employees receive training in digital as well as five days paid leave for learning every year.

We pay all genders equally, according to merit.

Microsoft's view https://www.microsoft.com/en-gb/about/societal-impact
Equal opportunity

Equal opportunity

We are a UK SME with a diverse workforce. We recognise the benefits from having a diverse workforce and therefore target people from all backgrounds to work at Shaping Cloud.

We measure values alignment along with career potential higher than formal education and background - ensuring equal opportunity for those from all economic and racial backgrounds, as well as those who require additional support or technology in order to carry out their work effectively. E.g. individuals with visual, auditory, physical, speech, cognitive, language, learning, behavioural or neurological impairment, as well as the needs of those for whom English is not their first language.

Our recruitment practices value each person according to their experience as well as their potential and do not discriminate in any way on the grounds of race, colour, religion, gender, or sexual orientation.

All employees have a personal development plan and access to a personal coach to support them in their professional and personal development - ensuring everyone has equal opportunity for career progression. Each person's performance and contribution is reviewed at least annually, which includes 360 degree views, to determine whether they are ready for career progression. This career progression is awarded on the basis of readiness and not on the basis of a post becoming available or an individual line manager making that decision. In this way, every person has equal opportunity.

Implementation of digital services requires consideration to ensure no user is excluded from using the service. This is all the more important with respect to public services. We support our customers with advice with respect to accessibility, and we tailor our solutions and services to our client’s needs in this area.

Microsoft's view https://www.microsoft.com/en-gb/about/societal-impact/
Wellbeing

Wellbeing

We prioritise the wellbeing of our workforce, with private health, excellent work-life balance, flexible working location and hours, coaching, and personal development.

We regularly canvas for feedback from our employees to ensure they all enjoy work and feel rewarded for their efforts.

We have an always available Wellbeing group internally, which arranges activities and challenges throughout the year to promote good health as well as providing a variety of suggestions and opportunities to ensure good mental health.

We provide two paid volunteering days per year per employee, and encourage use of these to improve the communities we are a part of.

Microsoft's view https://www.microsoft.com/en-gb/about/societal-impact/

Pricing

Price
£0.01 a unit a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Please see https://azure.microsoft.com/en-gb/free
Link to free trial
https://azure.microsoft.com/en-gb/free/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@shapingcloud.com. Tell them what format you need. It will help if you say what assistive technology you use.