Enterprise-Grade Trust & Data Privacy in Microsoft 365
How we secure your environment without compromising your data privacy.
As your trusted Managed Service Provider, we require administrative access to manage, monitor, and protect your Microsoft 365 environment. However, administrative power should not mean a lack of privacy. We offer two distinct, industry-leading compliance frameworks to give your leadership team absolute peace of mind that your proprietary data and emails remain strictly confidential.
Framework A
Zero-Standing Privileges
GDAP & Privileged Identity Management
Requires dedicated internal IT staff to manage approvals
Our technicians hold no active administrative permissions by default. Access is granted through Microsoft’s Granular Delegated Admin Privileges (GDAP) — scoped to only the roles required — and activated on a just-in-time basis via Privileged Identity Management (PIM), with optional client approval required before any elevation is granted.
- •No standing access to mailboxes or OneDrive files
- •Each elevation requires explicit justification
- •Access automatically expires after a defined window
- •Optional client sign-off before any elevation is granted
Framework B
Recommended for most clientsImmutable Transparency
Advanced Auditing & External Log Streaming
No dedicated staff required — works silently in the background
We maintain efficient administrative access to your tenant, but every single action is permanently logged. Microsoft 365 creates an unalterable audit trail for all administrative activity, and we stream those logs in real time to an independent third-party repository that neither we nor any other party can modify or delete.
- •Real-time alerts to your management team on sensitive actions
- •Tamper-evident logs in an external read-only repository
- •Compliance-ready audit trail for your officers and insurers
- •Purview-configured alerting on mailbox permission changes
Which framework is right for a smaller business?
Framework B is the right choice for most small to medium businesses. It provides strong, independent accountability — every action SoftSol takes in your environment is permanently recorded and cannot be altered — without requiring any ongoing effort from your side. No approvals to manage, no workflows to monitor, no dedicated staff needed. The audit trail works silently in the background and is available to you or your compliance officers at any time.
Framework A is a more sophisticated architecture suited to larger organisations that employ a dedicated, full-time IT administrator or compliance officer who is available to review and approve elevation requests as they arise. Without that internal resource, Framework A’s approval workflows become a bottleneck and an operational burden rather than a benefit.
Still not sure? We can walk you through it.
Contact SoftSol and we will explain both options in plain terms and recommend the right fit for your organisation’s size, staffing, and risk appetite. There is no wrong answer — both frameworks exceed the standard levels of transparency offered by most managed service providers.