Braathe join iteam, read more here

Digital Workplace Online

Digital Workplace Online

Service description valid from 1.12.2022

 

Validity

The user services are delivered as named individual services or as packages consisting of several of the named services, in accordance with the Cloud Agreement's Appendix 1: «Prices and scope» or SSA-D appendices.

Other terms

All services described here are provided in accordance with the terms of the following documents as published on the Supplier's website:

• Digital Workplace General Terms and Conditions

• Security SLA for Braathe Gruppen Services

• Service description Support

• Backup Policy

The user services in this Service Description are covered by Proactive Operational Services and Reactive Support Services, as described in more detail in the Service Description "Support", unless exceptions or additions have been made for the individual sub-services.

Microsoft Online License Purchase

The customer can purchase Microsoft Online licenses as a pure purchase of goods. This applies to Microsoft 365 and Office 365 license-based products and services, as well as selected Microsoft Azure products and services.

SLA Point SLA Value
Basic establishment of O365 and Azure Tenant Included in the Establishment Fee
Standard storage location for new O365 Tenant Norway1
Establishment of O365 Subscription and licenses Included in the Establishment Fee
Setup of administrative accounts for the Customer's Tenant with MFA Up to 5 administrative accounts for the customer's users included in the Establishment Fee
Support regarding errors in Tenant and Subscription Including

Data storage in accordance with Microsoft's current Service Description

Customers with exclusively Microsoft Online license purchases from the Supplier

Assistance regarding configuration, setup, use and troubleshooting of O365 services can be provided according to Service description "Hourly-based consulting services".

Managed Microsoft 365

Managed Microsoft 365 provides the Customer with a Microsoft 365 Online presence with setup, operation and administration, as well as the Provider's user support for Microsoft Cloud services. Managed Microsoft 365 is delivered in two main packages and as selected individual services:

  • Managed Microsoft 365 Online
    • User licenses for Microsoft 365 Business Basic
    • Web-based versions of Microsoft Office
    • Services and data storage in Microsoft cloud
    • Azure AD P1 license
    • MFA (two-factor) through the use of conditional access (Conditional Access)
    • Managed Microsoft 365 Operation SLA
    • Managed Microsoft 365 Security SLA
  • Managed Microsoft 365
    • User licenses for Microsoft 365 Business Standard
    • Web-based versions of Microsoft Office
    • Desktop versions of Microsoft Office (Microsoft 365 Apps)
    • Support for local installations of licensed client software
    • Services and data storage in Microsoft cloud
    • Azure AD P1 license
    • MFA (two-factor) through the use of conditional access (Conditional Access)
    • Managed Microsoft 365 Operation SLA
    • Managed Microsoft 365 Security SLA
  • Managed Exchange Online Plan 2
    • User licenses for Microsoft Exchange Online Plan 2
    • Services and data storage in Microsoft cloud
    • Azure AD P1 license
    • MFA (two-factor) through the use of conditional access (Conditional Access)
    • Managed Microsoft 365 Operation SLA
    • Managed Microsoft 365 Security SLA

Managed Microsoft 365 Operation SLA

SLA Operation and Administration SLA Value
Microsoft 365 server services and data storage from Microsoft Nettsky Ja
Standard storage location for new O365 Tenant Norway1
Free operation and administration of Microsoft Online Core Services Including
Backup of Exchange Online mailboxes, SharePoint Online and OneDrive According to section Microsoft 365 Backup in the Provider's Backup Policy published online
Free correction of errors that occur on Core Services that are in operation Ja
Free Reactive user support on the services, up to 30 minutes per. inquiry Ja

Countries may differ. Data storage in accordance with Microsoft's current Service Description

Security SLA for Managed Microsoft 365

SLA Point SLA Value
Requirements for multifactor authentication (MFA), for users, guest users and administrators Ja
Microsoft 365 online services are protected with relevant security settings according to documentation for Microsoft's "Best Practice" Ja
Built-in antispam and antimalware features in the license are enabled Ja
Microsoft Purview Standard unified audit logging enabled, 90 days land history Ja
Microsoft Purview land surveys and reporting. Up to 30 minutes per inquiry included Ja
DKIM verification of mail sender domain activated Ja
When blocking the sending of e-mails to the user, the Supplier is notified1 Ja
In the event of a block for sending e-mails to the customer's tenant, the Supplier is notified1 Ja
SharePoint Online: Sharing is limited to new and existing guest users. All users can share2 Ja
Group with permission to invite guest users (Azure Portal) Default all users Ja
Access to the Customer's Azure portal is restricted to administrator accounts Ja

1Microsoft blocks the sending of e-mail when system limits are exceeded
2The sharing policy can be changed upon written request from the Customer to support@braathe.no

Managed Microsoft 365 Online Core Services

The following Microsoft online services are considered Core Services with respect to the Supplier's SLA:

  • Microsoft 365 Office apps online
  • Exchange online
  • SharePoint Online
  • OneDrive for Business
  • teams
  • Azure Active Directory

The supplier must have good expertise in the above-mentioned Core Services.

Core services include free administration, operation and error correction applicable to the Manufacturer's online services and relevant to the subscription.

Additional products outside defined Core Services

Inquiries regarding other Microsoft Online products, services and functions are supported according to the "Best effort" principle with 30 minutes of Reactive User Support. Further assistance in connection with such inquiries can be provided in accordance with the Service description "Hourly-based Consulting Services".

Managed Microsoft 365 establishment

The following establishment is included in the establishment fee for the Service:

  • Creation of Microsoft O365 Online tenant for the Customer, with registration of up to 3 of the Customer's own domain names.
    • Adaptation of existing Tenant, if the Customer has such before
  • Establishment of necessary subscriptions and associated licenses
  • Establishment of necessary user environment on the basis of lists sent from the Customer *
    • User accounts and licensing
    • Resource and room accounts
    • Groups and registration of users
    • Common mailboxes
    • Sending user information for first-time login
  • Configuration of included online core services, including setup of the current security SLA for the services:
    • Azure Active Directory
    • Exchange Online
    • SharePoint Online
    • OneDrive for Business
    • teams
  • Support according to Service Description «Support» for transfer from previous system
  • Access to user guides

* The supplier sends out necessary list templates

365 Workplace

General

365 Arbeitsplass Service packages are delivered in the following variants:

  • 365 Workplace Business
  • 365 Workplace E3
  • 365 Workplace E5
  • 365 Workplace F3.

Additional functionality to the packages can be provided under conditions as stated above in Part 2: Managed Microsoft 365.

365 Workplace Business, E3 and E5

365 Workplace Business Premium, E3 and E5 provide the Customer with a full-fledged solution for the users' PC-based workplaces. The packages include licensing, setup, operation, and management of Microsoft 365 presence, as well as setup, operation, administration, security features, and user support related to users' PCs and mobile devices.

365 Workplace F3

365 Workplace F3 provides the Customer with a full-fledged online Microsoft 365 solution. 365 Workplace F3 includes online editions of Microsoft 365 Apps. For packages based on the MS 365 F series, the service does not include support on endpoints, only limited basic operation of mobile devices (Tablets and mobile phones).

License and data location

For the Online packages, data and server services are delivered from Microsoft's data centres.

Package Business Online E3 Security Online E5 High Security Online F3 Online
Basic license1 MS 365 BP MS 365 E3 MS 365 E5 MS 365 F3
cisco umbrella X X
Operation SLA 365 Workplace 365 Workplace 365 Workplace 365 Workplace2
Security Baseline Ja Ja Ja Ja
Power BI Pro X

1See the Microsoft website for detailed functionality and content in the license and services from the manufacturer

2For packages based on the MS 365 F series, the service does not include operation and support for endpoints, only limited basic operation of mobile devices based on MAM (Tablets and mobile phones).

365 Arbeitsplass is delivered either as stand-alone service packages, or as part of BRA Complete packages. The packages include licenses for software as specified later in this Service Description, as well as services as defined under the SLA section.

The packages include licenses and access to server software operated from Microsoft's cloud.

365 Workplace Operation SLA

SLA operation and Administration for 365 Workplace SLA Value
Microsoft 365 server services and data storage from Microsoft Nettsky Ja
Management of Exchange, SharePoint, Teams and Endpoint Manager server services, as well as users, groups and devices in Azure Active Directory Ja3
Operation of Windows Server Virtual machine in the Provider's data center, for SSO user and password synchronization. If needed1
Free correction of errors that occur on the services that are in operation, including:

  • Microsoft 365 Tenant, Customer's subscriptions and access and services in Microsoft cloud
  • Administrative tools included in licenses and used in the package
  • Operating system and Microsoft 365 Apps installed on users' devices3
Ja
Backup of Exchange Mailboxes, SharePoint and Onedrive License and operation included2
Backup storage Charged according to consumption
Free Reactive user support for the services; up to 30 minutes per. inquiry3 Ja
Proactive Operation of AAD-registered Windows PC client equipment, including operating system3 Ja
Proactive Operation of Desktop versions of Microsoft Office programs installed on AAD-Joined devices3 Ja
Free Reactive Support on PC and other clients, including Mac, iOS and Android; up to 30 minutes per. inquiry3 Ja
Free Reactive user support on professional applications installed on the client, up to 30 minutes per. inquiry3 Ja
Free administration of O365 tenant, license subscription and AAD Online user accounts Ja
Free assistance in handling warranty cases for client units provided by the Supplier Ja
Free assistance and advice on license purchases, assistance with manufacturers' license audit Ja
Free virus removal on client equipment in case of virus infection3 Ja
Free standard preparation after disk replacement, repair and virus removal3 Ja
Access to Company Portal with updated standard applications. Self-service for users Ja

1Applies to customers with services in accordance with «Digital Workplace from the Supplier's Data Center»
2See the Provider's "Backup Policy" as published on their website
3
For packages based on the MS 365 F series, the service does not include support on endpoints, only limited basic operation of mobile devices (Tablets and mobile phones).

Security SLA for 365 Workplace

Security SLA service levels are indicated with overall description below. Security SLA levels leverage functionality included in licensed Microsoft services and products. Security is put in focus at the same time that users are given a good experience. A more detailed technical description of settings can be sent to the customer on request. The technical basis is subject to continuous updating in line with changes in the products and the Manufacturer's "Best Practice".

Security SLA for 365 Workplace F3 Business E3 Security E5 Security
All settings from «Managed O365 security SLA» X X X X
Microsoft Security Baseline enabled (see separate section below) X X X
CYBR Online security training for users X X X X
Conditional access to the customer's online business data (conditional access) X X X X
Configuration of compliance requirements for Windows and Mac endpoints for access to Microsoft online services1 X X X
Mobile Application Management enabled for Android and iOS (see section below) X X X X
Deviation notification regarding the user's compliance with the Endpoint Manager policy is sent to the user X X X
Operation of Microsoft Defender Antivirus as included in the operating system and license. X X X
Operation of Microsoft Defender for Endpoint as included in the MS 365 license. Including health monitoring of updates and signature files. Deviation messages to the user in the event of an incident.2 BP P1 P2
Configuration of Windows Update for continuous updating of cumulative updates of the Windows Operating System.3 X X X
Operation and maintenance of Microsoft Endpoint Manager (Intune) for Windows X X X
Installation and operation of Cisco Umbrella X X
1 hour of annual security advice and review of the Customer's Microsoft Secure Score. Carried out at the Customer's request. X X X
Enabling Microsoft standard configuration of Office Message Encryption service (OME) and Azure Information Protection (AIP) X X X X
Operation of risk-based access control X
Compliance monitoring of risk-based conditional access, from registered units X

The compliance requirement can be adjusted for the Customer's solution on request. May be necessary if the Customer's equipment or software installations cannot satisfy compliance rules.

2Notifications of discrepancies can also be sent to the Customer's system manager. Notification setup is done on request support@braathe.no
3Does not apply to upgrading to new major versions of the operating system. The supplier can assist with upgrading main versions such as Hourly Consulting Assignments

Workplace online Core services

The following Microsoft and other online services are considered Core Services with respect to Supplier's SLA:

  • Microsoft 365 Office apps online
  • Exchange online
  • SharePoint Online
  • OneDrive for Business
  • teams
  • Azure Active Directory
  • Components of the Enterprise Mobility and Security License included in the Service, including
    • Endpoint Manager
    • Azure Active Directory P1 / P2
    • Azure Information Protection P1 / P2
    • Microsoft 365 Defender
  • Windows AutoPilot
  • Cisco Umbrella Cloud Security Platform

The supplier must have good expertise in the above-mentioned Core Services.

Core services include free administration, operation and debugging for online services. Inquiries regarding other Microsoft Online services and functions are supported according to the "Best Effort" principle within Reactive User Support, or as a consulting service according to the Service Description "Hourly Based Consulting Services".

Microsoft Security Baseline

The supplier uses the Microsoft Security Baseline to set security settings for the Customer based on functionality found in the Customer's licenses. Security Baseline represents Microsoft's "Best Practice" for security and is a comprehensive set of settings and system requirements that together reduce the risk of security breaches.

The supplier also makes its own adaptations and adjustments to settings to make the setup and use of devices as user-friendly as possible and at the same time secure.

Microsoft regularly releases new Security Baselines. These will be reviewed and tested by the Supplier at launch and gradually rolled out to Customers if necessary. If the new Security Baseline leads to significant changes in the use of the systems, the Supplier will notify the Customer in a reasonable time before rollout.

CYBR online security training for users

Access to CYBR AS online learning platform for digital security is included for all users of 365 Arbeidsplass. The platform uses the latest generation of AI to create training and training runs. Users get the opportunity to increase their awareness of cyber security and gain knowledge about how attacks often take place and how to protect themselves and their organisation. The portal is continuously updated with new material and the content can also be adapted to your business on request. Customer-specific adaptations are delivered as hourly consulting services.

Activation of the CYBR subscription for the Customer can be done by contacting the Customer's Sales Manager contact at the Supplier.

Establish a new business

Establishment as specified in the section «Managed Microsoft 365 establishment». Plus:

  • Setup of Microsoft Endpoint Manager to support the operation of the Customer's PCs with Windows 10 Pro or newer OS.
    • Setup of security SLA according to the user's service package
    • Setup of automatic deployment of Microsoft Office for desktops to the Customer's PCs with Windows 10 Pro or newer OS.
  • Setup of Windows AutoPilot self-service Windows 10 PC provisioning, including obtaining the necessary information from the Customer's new and existing PCs.

Mobile Application Management (MAM) Establishment and configuration

365 Workplace services are delivered with the Supplier's standard configuration of MAM included. MAM provides control, security and protection of the organisation's company data stored on Android and IOS devices based on central policy. Policy will be set as standard for all the Customer's users. The supplier recommends MAM as the minimum security level for IOS and Android devices. The Standard Policy can be sent on request.

The customer can request that the MAM Policy be adjusted, or that MAM be turned off in its entirety, based on a written request from the Customer's Contract Manager.

Mobile Device Management (MDM)

Mobile Device Management functionality is included in Microsoft Endpoint Manager licenses as part of Microsoft 365 packages. (Feature level depending on license package). License applies to up to 5 mobile phones and tablet devices per User. MDM gives the organization strengthened security, management and control with Mobile devices that access company data. Setup of MDM as an addition or alternative to MAM can be carried out at the Customer's request as an Hourly Consulting Service.

The supplier recommends the use of MDM for securing the organisation's mobile devices and tablets.

Restrictions and reservations

The best user experience will be achieved using the Supplier's standard client models with Windows 10 Pro/Windows 11 Pro or later versions. The supplier's possibilities for assistance, user support and repair times may be affected by the actual conditions surrounding third-party products and suppliers.

We advise against the use of devices older than 4 years, as this will lead to limitations in security, performance, functionality and compatibility.

Windows Home Edition is not supported and cannot be used in connection with the Supplier's services for the operation and administration of PC clients.

365 Workplace does not include the following additional work:

  • Physical attendance at the Customer / on-site work.
  • Hardware failure not covered by the manufacturer's warranties
  • Data recovery after data loss

Data storage

The solution requires that business information is stored in the Supplier's or Microsoft's data centers based on which 365 Workplace option is used. Users who store business information, private information or other personal data only locally on the client device, or in areas not covered by the service, are themselves responsible for securing such data.

Reset devices

As part of error correction procedures, virus removal and other situations, the Supplier reserves the right to delete and reset user devices to factory settings. Before deletion of data is implemented by the Supplier, the User must be notified. Work with securing data on devices in connection with error correction is not included in the service, but can be carried out as an hourly consulting service. This also applies to assistance in connection with the installation of applications that are not part of the service for distribution from the Supplier.

Verktøy

365 Workplace includes licenses and operation of necessary tools. The supplier chooses tools to be able to deliver according to the agreement's intentions. The tools can be included with the client or be third-party tools.

Changes December 2022

This version of the Service Description reflects a comprehensive update and upgrade of the 365 Workplace services. Some of the changes and improvements are listed here:

  • Name change - The services are now called 365 Arbeidsplass, the name "Bra 365" is no longer used.
  • Transition to Microsoft Security Baseline as a basis for giving our customers the best and most secure experience at the same time as good user-friendliness
    • Applies to the establishment of new customers from the launch of the Service Description
    • Existing customers will have their settings updated in accordance with the Service Description going forward. You will get
  • MAM setup as standard for new customers
  • Existing customers will be offered to establish a MAM policy at no additional cost
  • The 365 Workplace Business Premium service level has now been upgraded so that almost all security functionality in the product from Microsoft is activated. Included in this is the new Endpoint Protection for Business Premium as launched by Microsoft.
  • The Backup SLA has been updated to bring the Service Description in line with the change notice sent out Q2 2022
  • General revision of language
  • Clarifications