This Microsoft 365 Services Schedule (“Service Schedule”) forms part of the Master Services Agreement (“MSA”) between Empreus IT Support (“Provider”) and the Client. This Service Schedule should be read in conjunction with the MSA and all referenced legal documents.

In the event of any conflict between this Service Schedule and the MSA, the terms of this Service Schedule shall prevail to the extent of the inconsistency.

This Service Schedule governs the procurement, administration, and ongoing management of Microsoft 365 cloud services. The Provider procures Microsoft 365 licences through a Microsoft Cloud Solution Provider (CSP) distributor and delivers the managed service to the Client under the terms set out below.

In addition to the definitions set out in the MSA, the following definitions apply to this Service Schedule:

• “Microsoft 365” or “M365” means the suite of cloud-based productivity, collaboration, security, and compliance services provided by Microsoft Corporation, including but not limited to Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, and associated security and management tools.
• “CSP Distributor” means the Microsoft-authorised Cloud Solution Provider distributor through which the Provider procures M365 licences on behalf of the Client.
• “M365 Licence” means a Microsoft 365 subscription licence assigned to a user, as specified in the Quote. Licence types may include Microsoft 365 Business Basic, Business Standard, Business Premium, E3, E5, or other Microsoft licence plans.
• “M365 Tenant” means the Client’s dedicated Microsoft 365 environment, including all user accounts, mailboxes, data, and configuration settings.
• “Monthly M365 Fee” means the recurring monthly fee payable by the Client for the M365 Licences and managed services, as detailed in the Quote.

3.1 Licence Procurement and Management

The Provider shall procure M365 Licences through its CSP Distributor on behalf of the Client. The Provider will manage licence allocation, assignment, and renewal. The Client’s M365 Tenant is administered by the Provider under the CSP model, meaning the Provider holds the billing and administrative relationship with Microsoft on the Client’s behalf.

3.2 User and Mailbox Provisioning

The Provider shall manage user lifecycle administration, including:

• Creation of new user accounts and mailboxes (onboarding)
• Configuration of user profiles, groups, and distribution lists
• Licence assignment and reallocation as users join or leave
• Account deactivation, data preservation, and licence recovery (offboarding)
• Password resets and account recovery (delivered via Managed IT Services helpdesk)

3.3 Exchange Online Administration

The Provider shall administer Exchange Online, including:

• Mailbox configuration and management
• Shared mailbox, resource mailbox, and room calendar setup
• Mail flow rules, transport rules, and email routing
• Anti-spam, anti-phishing, and email security configuration
• Email signature management (where included in the Quote)
• Retention policies and litigation hold configuration

3.4 SharePoint and OneDrive Management

The Provider shall manage SharePoint Online and OneDrive for Business, including:

• SharePoint site creation, permissions, and access management
• OneDrive storage management and sharing policies
• Document library configuration and governance
• External sharing policies and controls

3.5 Microsoft Teams Administration

The Provider shall administer Microsoft Teams, including:

• Teams and channel creation, policies, and governance
• Meeting configuration and policies
• Guest access and external collaboration settings
• Teams telephony integration (where applicable and specified in the Quote)
• App and bot management policies

3.6 Security and Compliance Configuration

The Provider shall configure and manage M365 security and compliance features, including:

• Multi-Factor Authentication (MFA) enforcement and management
• Conditional Access policies (e.g., location-based, device-based, risk-based)
• Data Loss Prevention (DLP) policies for Exchange, SharePoint, and Teams
• Azure Active Directory (Entra ID) security configuration
• Security defaults and baseline policy implementation
• Compliance reporting and audit log management (where included in the licence plan)

3.7 Email Migration

Where the Client is migrating to Microsoft 365 from an existing email platform, the Provider shall plan and execute the email migration, including:

• Pre-migration assessment and planning
• Mailbox data migration (email, contacts, calendars)
• DNS record updates (MX, SPF, DKIM, DMARC, Autodiscover)
• Post-migration testing and validation
• User communication and training coordination

Migration is typically a one-off project and may be subject to a separate migration fee as specified in the Quote. The scope and complexity of the migration will be assessed and documented before commencement.

3.8 M365 Backup

The Provider shall implement and manage backup of M365 data, including:

• Exchange Online mailbox backup (email, contacts, calendars)
• SharePoint Online site and document library backup
• OneDrive for Business backup
• Microsoft Teams data backup (chat, files, channel content)

Backups are performed using a third-party backup solution selected by the Provider. Backup frequency, retention periods, and recovery point objectives (RPO) will be specified in the Quote. The Provider shall manage backup monitoring, alerting, and restoration requests.

The Client acknowledges that Microsoft’s native data protection features (e.g., retention policies, recycle bins) have limitations, and that the Provider’s backup service provides an additional layer of data protection beyond Microsoft’s standard offering.

3.9 Microsoft Intune / Endpoint Manager

Where included in the M365 Licence plan and specified in the Quote, the Provider shall configure and manage Microsoft Intune (Endpoint Manager), including:

• Device enrolment and registration policies
• Device compliance policies and conditional access integration
• Application deployment and management
• Device configuration profiles (e.g., Wi-Fi, VPN, email)
• Remote wipe and device retirement capabilities
• Reporting on device compliance and health

3.10 Microsoft Defender for Business

Where included in the M365 Licence plan and specified in the Quote, the Provider shall configure and manage Microsoft Defender for Business, including:

• Endpoint protection policy configuration
• Threat detection and alerting
• Security incident investigation and response coordination
• Vulnerability management and security recommendations
• Integration with M365 security centre and compliance portal

3.11 IT Support

All IT support related to the M365 Service — including helpdesk, user troubleshooting, on-site visits, after-hours support, and associated service levels and rates — is provided under the Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001). The Client must hold an active Managed IT Services subscription to receive support for the M365 Service.

3.12 Exclusions

The following are not included in the M365 Service:

• Custom application development on the M365 platform (e.g., Power Apps, Power Automate workflows) unless specified in the Quote
• Advanced compliance and eDiscovery configurations beyond the scope of the Client’s licence plan
• Third-party application integration unless specified in the Quote
• End-user training (available as an add-on service upon request)
• IT support services (provided under Managed IT Services)
• On-premises server infrastructure (e.g., hybrid Exchange, AD Connect) unless specified in the Quote

4.1 Tenant Ownership

The M365 Tenant belongs to the Client. The Provider administers the Tenant on the Client’s behalf under the CSP model. Upon termination of this Service Schedule and payment of all outstanding fees, the Client retains ownership of the Tenant, all user data, mailboxes, and documents stored within the M365 environment.

4.2 Administrative Access

The Provider will hold delegated administrative access to the Client’s M365 Tenant as required to perform the services under this Service Schedule. The Provider will maintain administrative access using secure, auditable methods and will restrict access to authorised personnel only.

The Client may request the removal of the Provider’s administrative access at any time. However, removal of administrative access will prevent the Provider from delivering the services described in this Service Schedule, and may constitute the Client’s termination of the managed service.

4.3 Global Administrator Credentials

The Provider recommends that the Client maintains at least one break-glass Global Administrator account with credentials known only to an authorised representative of the Client. This ensures the Client retains emergency access to the Tenant independent of the Provider. The Provider will assist the Client in setting up this account securely.

5.1 Licence Procurement

M365 Licences are procured by the Provider through its CSP Distributor. The Provider will recommend appropriate licence plans based on the Client’s requirements and will manage licence provisioning, assignment, and renewal.

5.2 Licence Types and Changes

The Client may request changes to licence types or quantities at any time. The Provider will confirm any fee changes before processing the request. Licence downgrades or removals may be subject to Microsoft’s licensing terms and minimum commitment periods.

5.3 Microsoft Licensing Terms

M365 Licences are subject to Microsoft’s licensing terms, acceptable use policies, and service agreements (including the Microsoft Customer Agreement). The Client shall comply with all Microsoft licensing terms. The Provider does not assume liability for Microsoft’s changes to licensing terms, pricing, feature availability, or service levels.

5.4 Annual vs Monthly Licences

M365 Licences may be procured on an annual commitment or month-to-month basis as specified in the Quote. Annual commitment licences typically offer lower per-user pricing but cannot be reduced in quantity during the commitment period. Month-to-month licences offer flexibility but may be priced higher. The Provider will advise the Client on the most cost-effective licensing approach.

6.1 Service Term

This Service Schedule operates on a month-to-month basis. Either party may terminate this Service Schedule by providing at least 30 days’ written notice in accordance with the Termination – Terms & Conditions.

6.2 Licence Commitment Periods

While this Service Schedule is month-to-month, individual M365 Licences may be subject to annual commitment periods as specified in the Quote. If the Client terminates this Service Schedule during an annual licence commitment period, the Client remains liable for the remaining licence fees for the unexpired portion of the annual commitment, in addition to any applicable Early Termination Cost.

6.3 Changes to Service

The Client may request changes to the M365 Service at any time, including adding or removing users, changing licence plans, or enabling additional features. The Provider will confirm any fee changes before processing the request.

7.1 Monthly M365 Fee

The Client shall pay the Monthly M365 Fee as specified in the accepted Quote. Monthly M365 Fees are invoiced in advance in accordance with the Payment – Terms & Conditions.

7.2 Inclusions

Unless otherwise stated in the Quote, the Monthly M365 Fee includes:

• M365 Licences for the number and type of users specified in the Quote
• Ongoing Tenant administration and user lifecycle management
• Exchange Online, SharePoint, OneDrive, and Teams administration
• Security and compliance configuration (MFA, Conditional Access, DLP)
• M365 data backup (Exchange, SharePoint, OneDrive, Teams)
• Microsoft Intune / Endpoint Manager management (where included in the licence plan)
• Microsoft Defender for Business management (where included in the licence plan)

7.3 Exclusions

The following are excluded from the Monthly M365 Fee and may be charged separately:

• Email migration from an existing platform (one-off project fee)
• Additional M365 Licences beyond the quantity specified in the Quote
• Third-party backup solution licensing fees (if not bundled in the Quote)
• Custom development (Power Apps, Power Automate, Power BI) unless specified
• End-user training sessions
• IT support services (provided under Managed IT Services)
• On-premises infrastructure (hybrid Exchange, AD Connect) unless specified

7.4 Microsoft Price Changes

Microsoft may change M365 licence pricing from time to time. If Microsoft increases licence prices, the Provider reserves the right to pass through the increase to the Client. The Provider will notify the Client at least 30 days in advance of any price change taking effect.

7.5 Payment Terms

All payment obligations under this Service Schedule are subject to the Payment – Terms & Conditions published at empreusitsupport.com.au/payment-terms-and-conditions, which are incorporated by reference.

8.1 User Administration Notifications

The Client shall promptly notify the Provider of any changes to user requirements, including new starters, leavers, role changes, or department moves. Delays in notification may result in continued billing for unused licences, security risks from active accounts for departed staff, or delays in onboarding new users.

8.2 Microsoft Licensing Compliance

The Client shall comply with all Microsoft licensing terms and acceptable use policies. The Client shall not share, transfer, or misuse M365 Licences in breach of Microsoft’s terms. The Provider is not liable for any penalties, claims, or damages arising from the Client’s non-compliance with Microsoft licensing terms.

8.3 Data Ownership and Responsibility

The Client is responsible for all data stored within the M365 Tenant, including emails, documents, files, and Teams content. The Client shall ensure that data stored in M365 complies with all applicable laws, regulations, and industry requirements.

While the Provider implements backup and security measures, the Client is ultimately responsible for data governance, classification, and retention decisions within the M365 environment.

8.4 Security Cooperation

The Client shall cooperate with the Provider’s security recommendations, including MFA enrolment for all users, adherence to Conditional Access policies, and prompt reporting of suspicious activity or potential security incidents.

The Client shall ensure staff are trained on basic security practices, including recognising phishing emails, using strong passwords, and not sharing credentials.

8.5 Acceptable Use

The Client shall use the M365 Service in compliance with all applicable laws, Microsoft’s acceptable use policies, and the Provider’s guidelines. The Client shall not use the M365 Service for unlawful, abusive, or fraudulent activities.

8.6 Timely Reporting of Issues

The Client agrees to promptly report any M365 issues, access problems, or suspected security incidents through the Provider’s designated support channels as set out in the Managed IT Services – Service Schedule.

9.1 Microsoft’s Shared Responsibility Model

The Client acknowledges that Microsoft operates a shared responsibility model for M365 data. While Microsoft ensures platform availability and infrastructure security, the Client (and by extension, the Provider) is responsible for data protection, backup, and recovery.

Microsoft’s native retention features (e.g., deleted items recovery, recycle bins, retention policies) have limitations in scope and duration. The Provider’s backup service provides comprehensive data protection beyond Microsoft’s standard offering.

9.2 Backup Service

The Provider shall maintain backups of the Client’s M365 data as specified in the Quote. Backup scope, frequency, and retention periods are detailed in the Quote. The Provider will monitor backup health and alert on failures.

9.3 Data Restoration

The Client may request restoration of backed-up M365 data through the Managed IT Services helpdesk. Restoration requests will be processed in accordance with the service levels defined in the Managed IT Services – Service Schedule. The Provider will use commercially reasonable efforts to restore data as promptly as possible.

9.4 Backup Limitations

The Provider’s backup service is dependent on third-party backup software and Microsoft’s API capabilities. The Provider does not guarantee that all M365 data types can be backed up or restored with complete fidelity. Certain data types (e.g., Teams channel configurations, Planner tasks, some metadata) may have limited backup or restore capability depending on the backup solution and Microsoft API limitations.

10.1 Migration Scope

Where email migration is included in the Quote, the Provider will plan and execute the migration of the Client’s existing email data to Exchange Online. Migration scope typically includes email messages, contacts, and calendar items.

10.2 Migration Planning

The Provider will conduct a pre-migration assessment to identify the source platform, data volume, user count, and any technical constraints. A migration plan will be agreed with the Client prior to commencement.

10.3 DNS Changes

Email migration requires changes to the Client’s DNS records (MX, SPF, DKIM, DMARC, Autodiscover). The Provider will coordinate DNS changes with the Client or the Client’s domain registrar. The Client is responsible for providing access to DNS management or authorising the Provider to make changes on the Client’s behalf.

10.4 Migration Limitations

The Provider will use commercially reasonable efforts to migrate all email data accurately. However, certain data types, formatting, or metadata may not transfer with complete fidelity depending on the source platform. The Provider does not guarantee zero-downtime migration. Brief periods of email disruption may occur during DNS propagation.

10.5 Post-Migration Support

The Provider will provide post-migration support for a period of 14 days following go-live, including troubleshooting mail flow issues, verifying data integrity, and resolving user-reported problems.

11.1 Definitions

“Confidential Information” means any non-public, proprietary, or sensitive information disclosed by one party to the other, including trade secrets, client lists, business strategies, financial data, technical documentation, user credentials, M365 Tenant configuration, and any information clearly identified or reasonably understood as confidential.

“Data Protection Laws” means all applicable legislation relating to the protection of personal data and privacy, including the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and if applicable, the General Data Protection Regulation (GDPR) (EU) 2016/679.

11.2 Confidentiality Obligations

Each party shall use Confidential Information solely for the purpose of fulfilling obligations under this Agreement. Neither party shall disclose Confidential Information to any third party without prior written consent, except as necessary to perform under this Agreement or as required by law.

11.3 M365 Data

The Client’s M365 data (including emails, documents, files, and Teams content) is Confidential Information. The Provider shall access Client data only to the extent necessary to perform the services described in this Service Schedule and shall not use, copy, or disclose Client data for any other purpose.

11.4 Data Residency

M365 data is stored in Microsoft’s data centres. The geographic location of data storage is determined by the M365 Tenant region configured at the time of setup (typically Australia for Australian clients). The Provider will configure the Tenant region in accordance with the Client’s requirements and applicable data residency regulations.

11.5 Data Breach Notification

In the event of a confirmed or reasonably suspected data breach affecting the Client’s M365 data or Tenant security within the Provider’s control, the Provider shall promptly notify the Client and provide sufficient details about the nature and scope of the breach.

11.6 Survival

The confidentiality and data protection obligations under this section shall survive termination of this Service Schedule for as long as the Receiving Party possesses or controls any Confidential Information or personal data belonging to the Disclosing Party.

12.1 Provider Warranty

The Provider warrants that it will use commercially reasonable efforts to administer, configure, and manage the M365 Service in accordance with this Service Schedule and industry best practices.

12.2 Microsoft Platform

The M365 Service is hosted on Microsoft’s cloud platform. The Provider does not make any representations or warranties with respect to the performance, availability, uptime, or reliability of Microsoft’s platform. Microsoft’s platform is subject to Microsoft’s own service level agreements and terms.

12.3 Backup Disclaimer

While the Provider implements M365 backup measures, the Provider does not guarantee that all data can be backed up or restored with complete fidelity due to limitations in third-party backup software and Microsoft’s APIs.

12.4 Disclaimer of Implied Warranties

Except as expressly set out in this Service Schedule and the MSA, the Provider disclaims all implied warranties, including warranties of merchantability, fitness for a particular purpose, and non-infringement, to the maximum extent permitted by law. Nothing in this Service Schedule excludes or limits any consumer guarantee or statutory right that cannot be excluded under Australian Consumer Law.

13.1 The Provider shall not be liable for any indirect, incidental, consequential, or special damages arising from the use or inability to use the M365 Service, including lost profits, lost data, business interruption, or loss of goodwill, regardless of the legal theory, even if advised of the possibility of such damages.

13.2 The Provider’s aggregate liability under this Service Schedule shall not exceed the total Monthly M365 Fees actually paid by the Client in the six (6) months immediately preceding the date on which the claim arose.

13.3 The Provider shall not be liable for any outages, data loss, feature changes, or performance issues caused by Microsoft’s platform, Microsoft’s API changes, or any other action by Microsoft.

13.4 The Provider shall not be liable for data loss resulting from limitations in the backup solution or Microsoft’s APIs, provided the Provider has implemented backup measures in accordance with this Service Schedule.

13.5 The Provider shall not be liable for any penalties or claims arising from the Client’s non-compliance with Microsoft licensing terms.

13.6 Any claim must be brought within twelve (12) months from the date on which the Client first became aware, or reasonably should have become aware, of the basis for such claim.

13.7 The limitations in this section shall not apply to damages resulting from the Provider’s gross negligence or wilful misconduct, or any liability that cannot be excluded by law.

14.1 By the Provider: The Provider shall indemnify and hold the Client harmless from any third-party claims arising from the Provider’s gross negligence or wilful misconduct in performing Services under this Service Schedule.

14.2 By the Client: The Client shall indemnify and hold the Provider harmless from any third-party claims arising from the Client’s misuse of the M365 Service, non-compliance with Microsoft licensing terms, data stored in the M365 Tenant, or violation of applicable laws or regulations.

Neither party shall be liable for delays or failures due to events beyond their reasonable control, including natural disasters, war, strikes, pandemics, governmental actions, Microsoft platform outages, or CSP Distributor disruptions. The affected party shall notify the other promptly and use reasonable efforts to resume performance as soon as feasible.

If a Force Majeure event prevents performance for more than 30 days, either party may terminate this Service Schedule upon written notice. The Client remains liable for all fees accrued up to the termination date.

16.1 Termination

Termination of this Service Schedule is governed by the Termination – Terms & Conditions published at empreusitsupport.com.au/termination-terms-conditions, which are incorporated by reference.

16.2 Tenant Transition

Upon termination and payment of all outstanding fees, the Provider will cooperate with the Client (or the Client’s new provider) to transition the M365 Tenant out of the Provider’s CSP management. This may involve transferring the CSP relationship to the Client’s new provider or converting the Tenant to direct Microsoft billing.

Transitional support will be provided at the post-termination hourly rate specified in the Termination – Terms & Conditions ($320 inc. GST per hour), unless otherwise agreed in writing.

16.3 Data Retention Post-Termination

Upon termination, the Client retains ownership of all data within the M365 Tenant. The Provider will remove its administrative access within 7 days of the effective termination date (or upon completion of the Tenant transition, whichever is later).

M365 backup data held by the Provider will be retained for 30 days following termination to allow the Client to request any final restorations. After 30 days, backup data will be securely deleted.

16.4 Licence Commitments

If the Client terminates this Service Schedule during an annual M365 Licence commitment period, the Client remains liable for the remaining licence fees for the unexpired portion of the annual commitment.

17.1 Relationship to MSA

This Service Schedule supplements and forms part of the Master Services Agreement. All terms of the MSA (including the Director’s Guarantee, Governing Law and Dispute Resolution, and Privacy Policy reference) apply to this Service Schedule as if set out in full herein.

17.2 Prerequisite Service Schedule

The Client acknowledges that an active Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001) is required to receive IT support for the M365 Service.

If the Managed IT Services subscription is terminated or expires, the Provider is not obligated to provide helpdesk, user troubleshooting, or on-site support for M365. The Provider will continue to administer the M365 Tenant and licences under this Service Schedule, but user-facing support will not be available.

17.3 Cross-References

This Service Schedule is subject to the following Empreus IT Support legal documents, all of which are incorporated by reference:

• Master Services Agreement (EMPREUS-MSA-001)
• Managed IT Services – Service Schedule (EMPREUS-SS-MIT-001)
• Payment – Terms & Conditions (empreusitsupport.com.au/payment-terms-and-conditions)
• Termination – Terms & Conditions (empreusitsupport.com.au/termination-terms-conditions)
• Quote – Terms & Conditions (empreusitsupport.com.au/quote-terms-conditions)
• Privacy Policy (empreusitsupport.com.au/privacy-policy)

17.4 Amendments

No modification to this Service Schedule shall be valid unless made in writing and signed by both parties.

17.5 Severability

If any provision of this Service Schedule is found to be unenforceable, the remaining provisions shall remain in full force and effect.

17.6 Entire Agreement

This Service Schedule, together with the MSA and all incorporated documents, constitutes the entire agreement between the parties regarding the Microsoft 365 Services described herein and supersedes all prior agreements, representations, and understandings on this subject matter.