Should we ask suppliers about their Microsoft 365 email security in tenders?

Updated

When choosing a supplier to manage your Microsoft 365 email, it's important to understand how they handle email security. Email is a common target for cyberattacks such as phishing, malware, and business email compromise. If your supplier doesn't have strong security measures in place, your business could face data breaches, downtime, or loss of customer trust.

Why email security matters for UK SMEs

For small and medium-sized businesses, email is often the main communication channel with customers and suppliers. A successful cyberattack on your email system can lead to stolen personal data, disruption of daily operations, and potential fines under UK GDPR and the Data Protection Act 2018 if sensitive information is exposed. Additionally, many UK businesses need to meet Cyber Essentials or ISO 27001 standards, which require robust email security controls.

A typical scenario

Imagine a UK business with around 50 employees using Microsoft 365 for email and collaboration. Without proper security, an employee might receive a convincing phishing email that tricks them into revealing their login details. The attacker could then access confidential emails, send fraudulent invoices to customers, or spread malware internally. A reliable IT partner would implement multi-factor authentication (MFA), set up anti-phishing policies, monitor suspicious activity, and regularly update security settings to reduce this risk.

What to ask your Microsoft 365 email supplier

  • Do you enforce multi-factor authentication for all user accounts?
  • How do you configure anti-spam and anti-phishing filters within Microsoft Defender for Office 365?
  • What policies are in place to prevent business email compromise and spoofing (e.g., SPF, DKIM, DMARC records)?
  • How is email data backed up, and how quickly can it be restored after an incident?
  • Do you monitor and respond to suspicious login attempts or unusual email activity?
  • Are security updates and patches applied promptly to Microsoft 365 services?
  • Can you provide evidence of compliance with relevant standards like Cyber Essentials or ISO 27001?

Simple internal checks you can do

  • Review who has admin access to your Microsoft 365 environment and limit it to essential staff.
  • Check that MFA is enabled for all users, especially those with access to sensitive data.
  • Verify that email forwarding rules are monitored and restricted to prevent data leaks.
  • Ensure your organisation's domain has correct SPF, DKIM, and DMARC records set up to reduce spoofing.
  • Confirm that regular backups of email data are taken and tested for recovery.

Discussing these points with your current or prospective IT supplier during a tender or review process helps ensure your Microsoft 365 email environment is secure and resilient. It also supports audit readiness and compliance with UK data protection expectations.

For tailored advice and practical support, consider consulting a trusted managed IT provider or IT advisor familiar with UK SME needs. They can help you assess risks, improve security settings, and maintain your email system's integrity without unnecessary complexity.

Tools & software for this topic

Not ready to change IT providers yet? These buying guides walk through tools your team can use to improve things on your own.

We may earn a small commission if you sign up with any of these tools and services, at no extra cost to you. We only feature tools that are appropriate for British businesses like yours.

Tools you can try right away

These tools line up with the topics in this guide and are commonly used by small and mid-sized businesses.

AvePoint Cloud Backup

Best for: Best for UK SMEs needing comprehensive Microsoft 365 backup with granular recovery

Reliable cloud backup for Microsoft 365 with flexible restore options

AvePoint Cloud Backup is commonly used to protect Microsoft 365 data including emails, files, and Teams. It offers flexible restore options and supports compliance with UK data protection standards. Many organisations use it to reduce risk and simplify data recovery.

View AvePoint Cloud Backup plans

Backupify (Datto)

Best for: Best for UK SMEs using Microsoft 365 that want reliable, automated backup with straightforward restore tools

Automated cloud backup for Microsoft 365 with easy recovery options

Backupify (Datto) is commonly used to protect Microsoft 365 data including emails, files, and calendars. It offers automated backups with simple recovery options, helping businesses reduce data loss risk and maintain productivity without complex setup.

View Backupify (Datto) plans

Barracuda Email Protection

Best for: Best for UK SMEs needing comprehensive email filtering with easy management

Protects business email from spam, phishing, and malware threats

Barracuda Email Protection is commonly used to secure business email by filtering spam, phishing, and malware. It offers straightforward administration and integrates well with Microsoft 365, helping reduce email-related risks and improve productivity.

View Barracuda Email Protection plans

CleanTalk

Best for: Best for UK SMEs seeking straightforward, low-maintenance spam and bot protection

Helps reduce spam and phishing risks with cloud-based email filtering

CleanTalk is a cloud-based email security tool commonly used to block spam and reduce phishing attempts. It offers simple integration and minimal ongoing management, making it suitable for small businesses with limited IT resources.

View CleanTalk plans

CloudAlly

Best for: Best for UK SMEs needing straightforward backup for Microsoft 365 and Google Workspace

Reliable cloud backup to protect Microsoft 365 and SaaS data

CloudAlly offers cloud-to-cloud backup for popular SaaS platforms like Microsoft 365 and Google Workspace. It is commonly used by SMEs to reduce data loss risk with automated daily backups and easy recovery options.

View CloudAlly plans

CubeBackup

Best for: Best for UK SMEs needing straightforward backup of Google Workspace or Microsoft 365 accounts

Reliable cloud backup for Google Workspace and Microsoft 365 data

CubeBackup is commonly used to back up Google Workspace and Microsoft 365 data, helping businesses protect emails, contacts, and files. It offers automated backups with easy restoration options, suitable for organisations wanting to reduce data loss risk without complex setup.

View CubeBackup plans

Need hands-on help?

If you’d rather have a provider handle this for you, here are firms that work on Microsoft 365 & Email in United Kingdom.

Top firms for Microsoft 365 & Email
Cloud10 IT & Cloud Services
Manchester, England

Overview

Cloud10 IT & Cloud Services is a managed IT services provider based in Manchester, England. They specialise in delivering reliable IT support tailored for small and medium-sized enterprises (SMEs), charities, and professional services. With a focus on fostering secure communication and efficient issue resolution, this IT support company plays a vital role in enhancing the operational integrity of their clients.

This MSP is dedicated to providing consistent and effective support that simplifies the IT experience for its clients. They ensure that technical issues are resolved swiftly and that there is ongoing communication throughout the process. By offering a range of services, Cloud10 helps organisations streamline their operations while maintaining compliance with regulations such as the UK GDPR and Cyber Essentials.

What clients say about this company

Feedback from clients highlights the exceptional level of support they receive from Cloud10. Many appreciate the ease of raising issues and the prompt response times that facilitate smooth resolutions. Clients often remark on how well the team communicates during troubleshooting, which builds trust and reassurance.

5.0★
Solid Rock IT UK
London, England

Overview

Solid Rock IT UK is a managed IT services provider based in London, England. They focus on delivering reliable IT support and tailored solutions for a range of clients, including small and medium-sized enterprises, charities, and educational institutions. With a commitment to security, this IT support company helps clients navigate their IT challenges efficiently.

This MSP specialises in various areas, including cybersecurity, network cabling, and WiFi solutions. They aim to ensure that clients maintain robust IT systems while offering clear communication and thorough follow-up for all services. Solid Rock IT UK places a strong emphasis on delivering personalised support to meet the unique needs of each customer.

What clients say about this company

Clients appreciate the consistent follow-up and clear communication provided by this company. Many have noted the professionalism of their engineers, who demonstrate expertise when addressing issues related to hardware upgrades and system setups at clients' locations.

The company's dedication to thoroughness and transparency has also garnered positive feedback. Clients feel reassured by Solid Rock IT UK's honest approach and their ability to resolve IT issues promptly, helping them achieve necessary cybersecurity certifications and improve their network setups.

4.9★
Optima Computers
London, England

Overview

Optima Computers is a managed IT services provider based in London, England. This IT support company focuses on offering reliable IT solutions to a variety of clients, including small and medium-sized enterprises, charities, and professional services. Their aim is to ensure technology functions smoothly, helping organisations maintain productivity and efficiency.

This MSP provides a range of services, including IT support, data recovery, and WiFi solutions. They are known for their commitment to customer satisfaction, providing clear communication and timely assistance. With a strong emphasis on reliability and transparency, this company tailors its services to meet the specific needs of their clients while adhering to relevant standards such as UK GDPR and Cyber Essentials.

What clients say about this company

Clients often appreciate the personal and attentive service provided by Optima Computers. Many highlight the reliability and speed of their IT support, mentioning prompt responses to issues and effective resolutions. Positive experiences include efficient repairs and transparency regarding costs and procedures.

The commitment to customer care is frequently noted, with clients expressing gratitude for the patience and professionalism of the staff. This managed IT services provider has built a reputation for being friendly and approachable, making the technology-related challenges easier to face for their clients.

4.9★
XPS Solutions Ltd
Hessle, England

Overview

XPS Solutions Ltd is a managed IT services provider based in Hessle, England. This IT support company focuses on delivering comprehensive IT solutions to small and medium-sized enterprises (SMEs), charities, and professional services across the UK. They aim to assist clients in improving their IT infrastructure and ensuring smooth operations.

This MSP offers a range of services, including IT support and WiFi management, tailored to meet the needs of their clients. Their commitment to effective communication, quick response times, and problem resolution underlines their reliability. By adhering to standards such as UK GDPR and Cyber Essentials, they ensure that their solutions are secure and compliant.

What clients say about this company

Clients appreciate the prompt and effective support provided by XPS Solutions Ltd. Many have praised the team's professionalism and their ability to resolve issues rapidly, demonstrating a strong commitment to customer satisfaction. Their staff are often described as helpful and knowledgeable.

Feedback highlights the company's emphasis on empathy and clear communication throughout the support process. Clients report feeling reassured by the team's dedication to solving problems efficiently and providing excellent service, which effectively reduces stress and builds confidence in their IT systems.

5.0★
Stephensons IT Support Solutions Ltd
Barnsley, England

Overview

Stephensons IT Support Solutions Ltd is a managed IT services provider based in Barnsley, England. This IT support company focuses on delivering reliable support for various technology needs, particularly for small and medium-sized enterprises (SMEs) and educational institutions. Their goal is to ensure clients have seamless access to technology and are equipped to handle any IT challenges.

This MSP offers a range of services, including IT support, hardware repair, and maintenance. They are known for their clear communication and transparent pricing, which help build trust with clients. With a focus on resolving issues quickly and efficiently, this provider supports clients in maintaining smooth operations and enhancing their overall tech experience.

What clients say about this company

Clients appreciate the professionalism and reliability of Stephensons IT Support Solutions Ltd. Many have noted the clear communication throughout their service experience, which contributes to a positive working relationship. Customers often describe the company as honest and straightforward, valuing the transparency in pricing and service timelines.

Feedback highlights the quick resolution of IT issues, with clients reporting satisfaction with the speed of service. Many users have recommended this IT support company for its competitive pricing and the quality of repairs. Overall, clients express confidence in the support provided, often returning for additional services when needed.

5.0★
Com Cubed Computers
Londonderry, Northern Ireland

Overview

Com Cubed Computers is a managed IT services provider based in Londonderry, Northern Ireland. They offer a range of IT support services, helping small to medium enterprises (SMEs), charities, and professional services to manage their technology needs effectively. This IT support company focuses on delivering reliable solutions, ensuring clients have the right tools and support for their operations.

This MSP assists clients with various services, including computer repairs, technical support, and system management. They are committed to transparency and organisation, providing clear communication throughout the service process. By aligning with standards such as UK GDPR and Cyber Essentials, they prioritise security and data protection for all their clients.

What clients say about this company

Clients appreciate the consistent communication and reliability offered by this managed IT services provider. They often highlight the efficiency of the repairs and services, such as replacing screens or removing batteries, praising the company's timely follow-up and dedication to making sure everything works well after a service.

Feedback reflects a strong appreciation for the honesty and transparency displayed by Com Cubed Computers. Customers frequently commend their fair pricing and the quality of documentation provided during the service process, reinforcing trust in their expertise and commitment to client satisfaction.

4.7★
See all Microsoft 365 & Email service companies
By city
London, England
View all
Manchester, England
View all
Bristol, England
View all
Norwich, England
View all
Southampton, England
View all
Cardiff, Wales
View all
Edinburgh, Scotland
View all
Glasgow, Scotland
View all

Related reading