9.9. Terms & Conditions

PASSWORD POLICY – ACSC ESSENTIAL 8 ALIGNED
This policy defines how XSTRA enforces strong password and lockout standards across all managed systems. These settings are based on the Australian Cyber Security Centre’s (ACSC) Essential Eight cybersecurity framework, and align with mitigation strategies including Restrict Administrative Privileges and User Application Hardening. Minimum Password Requirements
  • Passwords must be at least 14 characters long.
  • Passwords must meet complexity requirements:
    • Must not contain the user’s name or username.
    • Must include at least three of the following character types:
      • Uppercase letters (A–Z)
      • Lowercase letters (a–z)
      • Numbers (0–9)
      • Special characters (e.g., !, $, #, %)
Password Expiry, History & Reuse
  • Passwords must be changed at least every 150 days.
  • Users must wait at least 1 day between password changes.
  • The last 10 passwords are remembered and cannot be reused.
Recommended Password Format
We recommend using long, strong passphrases instead of short complex passwords. Example: Everysummerisfishingtime2025!!
This approach improves memorability without compromising security.
ACCOUNT LOCKOUT POLICY – BRUTE FORCE PROTECTION
XSTRA enforces account lockout settings to reduce the risk of credential stuffing and brute-force login attempts.
. Account Lockout Settings
  • Lockout occurs after 10 invalid logon attempts.
  • Locked accounts are disabled for 30 minutes.
  • The lockout counter resets after 30 minutes of no failed attempts.
  • Lockout policy is applied to all Client accounts.
    These settings are part of our baseline security posture and align with ACSC recommendations under the Essential Eight.
    For more information on the ACSC Essential Eight framework and guidance, visit:
https://www.cyber.gov.au/acsc/view-all-content/essential-eight
SESSION TIMEOUT POLICY – IDLE DISCONNECTION
To reduce resource usage and enhance security, XSTRA enforces automatic disconnection of idle XDESK sessions.
. Policy Setting:
  • XDESK sessions that are active but idle (no keyboard/mouse input) will be automatically disconnected after 2 hours of inactivity.
    This policy helps to:
    • Free up system resources tied to inactive sessions.
    • Minimise the risk of unattended sessions being exploited.
    • Enforce better session management across hosted XDESK environments.
Note: This applies to all users accessing XDESK services, unless specific exclusions are documented. This setting is aligned with security best practices and complements our existing session management and timeout policies across XSTRA platforms.
Important Clarification on Data Protection and Backup Guarantees
Any mention – whether verbal, written, included in quotations, marketing materials, or communications from XSTRA – of “100% protection” from cyber threats (such as viruses, malware, ransomware, trojans, etc.), or any similar claim, should be understood as referring only to the scope of our backup strategy, which is designed to ensure your business data is backed up within a defined and documented protocol. This protocol is publicly available on our website and is intended to mitigate the impact of data loss events by allowing for data restoration.
However, clients must understand the following:
  • XSTRA’s backup services are provided on a best-effort basis, and “100% protection” is conditional on the backup protocol being properly followed, up to date, and in a healthy state at the time of restoration.
  • We make no guarantees that data can be restored to the most recent state. Restoration will be to a point in time deemed appropriate, considering the circumstances and state of the backup system at the time.
  • XSTRA does not claim real-time protection from cyber threats or live detection/remediation of malicious activity.
  • XSTRA does not guarantee protection from reputational damage, data leakage, or unauthorized dissemination of data that may occur outside of our managed systems or backup scope.
  • Our focus is on ensuring that, in the event of a cyber incident, your business is not left without a path to recover critical data – thus containing the impact and reducing the risk of a catastrophic, total data loss scenario.
  • For a better understanding of XSTRA’s emerging Cybersecurity capabilities follow this link to information on XFORCELINK
XDESK – User Account – Disablement & Deletion Policy
Often Clients forget to disable a User account with us and as a result they incur costs that should have been avoided. To assist Clients with this problem, and unless we have written directives from the Client to the contrary, XSTRA will:
  • disable remote application and/or desktop access (including RDP and/or ICA) for any User Account that has not been used for 45 days
  • delete any User Account in Active Directory that has not been logged into for the past 135 days
    • before deleting the User Account in Active Directory, we will check if the User Account exists in Azure Active Directory (Azure AD) via the Active Directory Sync service if it exists, and if the User Account does exist in Azure AD, and there is an Office 365 license assigned to the User and the User has logged into their Office 365 account within the past 135 days, we will:
      • convert the User Account in Azure AD to a Cloud Only account type, or else
      • we will also un-assign the Office 365 license, follow any client specific policies or procedures for removing an Office 365 license from a User, and then delete the User Account from Azure AD
XDESK – System Maintenance Schedule
See XDEVICE for Maintenance Schedules, Caveats, Terms & Conditions
XDEVICE – PC Edition subscription is mandatory
To maintain the security and integrity of each Client’s XDESK environment, it’s essential to minimise cyber risk by closing off potential vulnerabilities—especially those exposed through unmanaged or unmonitored PC systems. As part of this strategy, all Windows PCs owned and used within the Client’s environment must be covered by an XDEVICE PC Edition subscription. This ensures a consistent layer of protection, simplifies IT administration, and improves overall visibility and control. To make this requirement easy and cost-effective, as of 1st July 2025, each XDESK User subscription includes one complimentary XDEVICE PC Edition subscription. This policy strikes the right balance between workability, administration, and the challenge of tracking every PC across a Client’s environment. Note: If the number of PCs exceeds the number of active XDESK Users, any additional XDEVICE PC Edition subscriptions will be billed separately at the prevailing rate. In most cases, we will require the Client to reach out to us to have XDEVICE subscriptions added to their PC’s.
XDESK – SAVE YOUR WORK BEFORE YOU DISCONNECT FROM YOUR SESSION
Virtual Desktop Session Persistence – Users will find that for the majority of the time, virtual desktop sessions are persistent between logon and logoff events. However, persistent sessions will be terminated from time to time to facilitate maintenance and other administrative tasks. It is therefore important that you SAVE all of your work before you disconnect from your virtual desktop session. To understand when your session might be restarted, refer to our XDEVICE Maintenance Schedule for details, dates and times.
XDESK SUPPORT POLICY
This policy outlines what support is included with your XDESK subscription and the options available for additional assistance.
  • 1. What’s Included in XDESK Support – XSTRA provides remote support for the XDESK Virtual Desktop service on a best-effort basis, focusing on:
    • Ensuring you can successfully connect to your XDESK environment.
    • Ensuring the XDESK system is operating as expected.
    • Microsoft operating system software directly integrated into the XDESK service.
    • Citrix Virtual Apps and Desktops software and other core components used within XDESK
  • 2. Third-Party Software Support Options – XSTRA does not provide complimentary support for third-party applications installed in XDESK. However, we offer two structured services to help clients manage third-party software needs:
    • Office 365 – Support for Microsoft Office 365 (e.g., Outlook, Teams, OneDrive) is available through our X365-Plus product.
    • XDESK – App-Pool Support
      • Billable service for installation and maintenance of XSTRA approved third-party software within XDESK.
      • Pricing: From $6 per user per month per software title.
      • Covers installation and configuration only.
      • Excludes training or ongoing usage support.
      • Complex or vendor-supported apps (e.g., AutoCAD, Adobe) are excluded.
      • Example of Apps Included:
        • Common browsers (Chrome, Edge)
        • All XSTRA-developed software
    • XDESK – Chaperone Support
      • XSTRA acts as a liaison between you and a third-party support team.
      • We co-ordinate communication and provide technical context.
      • Pricing: 50% off our Schedule 1 Rates and Charges.
      • Ideal for resolving issues with third-party software, services, or systems.
    • High-Risk Configurations (Elevated Privileges)
      • If your setup requires elevated permissions (e.g., admin access), XSTRA can support this. However:
        • Increases risk and reduces XSTRA’s visibility.
        • Setup and any further troubleshooting will be billed at our standard rates and charges.
      • Pricing: 50% off our Schedule 1 Rates and Charges.
Apple MacOS
XSTRA provides limited support for Apple Mac computers solely for the purpose of enabling users to connect to the login screen of our hosted XDESK services. Any additional support for devices running “MacOS” will be charged to the Client at our standard Schedule 1 Rates and Charges.
GENERAL LEGAL INFORMATION
Click Here

Need more help with this?
© 2021–2025 XSTRA Group Pty Ltd (Australia). All rights reserved.

Thanks for your feedback.