Chatta subito con l'assistenza
Chat con il supporto

On Demand Audit Current - Security Guide

Overview of Data Handled by On Demand Audit

On Demand Audit collects events from a variety of on premises and Microsoft Cloud services that includes:

  • Exchange Online
  • SharePoint Online
  • One Drive for Business
  • Microsoft Entra ID
  • Azure Sign-ins and Risk events
  • On premises Change Auditor Active Directory

For further details on collected data, please consult the following references:

On Demand Audit does not record or store any user passwords.

Admin Consent and Service Principals

On Demand Audit requires access to the customer’s Microsoft Entra and Microsoft 365 tenants. The customer grants that access using the Microsoft Admin Consent process, which will create a Service Principal in the customer's Microsoft Entra ID with minimum consents required by On Demand Audit (Groups, Users, Contacts).

The Service Principal is created using Microsoft's OAuth certificate-based client credentials grant flow https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow.

Customers can revoke Admin Consent at any time. For more information, see: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/delete-application-portal?pivots=portal and https://docs.microsoft.com/en-us/skype-sdk/trusted-application-api/docs/tenantadminconsent.

 

The following is the base consent required by On Demand.

In addition to the base consents required by On Demand, On Demand Audit requires the following consents:

On Demand Audit currently uses the Office 365 Management Activity API, Microsoft Graph API, and Azure AD Graph API for reading events from Micorsoft 365 and Microsoft Entra ID using a “limited permissions model” which does not require global administrator permissions. After the consent has been granted using the global administrator account, thereafter all auditing operations will be driven by the token generated using the Application Service Principal.

The Admin Consent process of On Demand Audit will create a Service Principal in the customer's Microsoft Entra tenant with the following permissions.

  • Permissions required for On Demand Audit to read audit log activities and activity data from Microsoft Entra ID and Microsoft 365.
  • Permissions required for On Demand Audit to read the identity risk event information.
  • Permissions required for On Demand Audit to read service health information.
  • Permissions required for On Demand Audit to read user profile data and directory data such as users, groups, and applications.

Location of Customer Data

When a customer signs up for On Demand, they select the region in which to run their On Demand organization. All computation is performed in and all data is stored in the selected region. The currently supported regions can be found here https://regions.quest-on-demand.com/.

On Demand Audit customer data is stored in the selected On Demand region, entirely within Azure Services provided by Microsoft. For more information, see Achieving Compliant Data Residency and Security with Azure.

 

For US Organizations:

  • All On Demand Audit data is stored and processed within the United States, using a single Azure Datacenter. Azure “West US 2” is used for all processed data within On Demand Audit. For disaster recovery duplicate copies of all data are stored in Azure “East US 2” and Azure “Central US”.

For Europe Organizations:

  • All On Demand Audit data is stored and processed within the European Union, using a single Azure Datacenter. Azure “Northern Europe” is used for all processed data within On Demand Audit. For disaster recovery duplicate copies of all data are stored in Azure “Western Europe”.

For UK Organizations:

  • All On Demand Audit data is stored and processed within the UK, using a single Azure Datacenter. Azure “UK South” is used for all processed data within On Demand Audit. For disaster recovery duplicate copies of all data are stored in Azure “UK West”.

For Canada Organizations:

  • All On Demand Audit data is stored and processed within Canada, using a single Azure Datacenter. Azure “Canada Central” is used for all processed data within On Demand Audit. For disaster recovery duplicate copies of all data are stored in Azure “Canada East”.

For Australia Organizations:

  • All On Demand Audit data is stored and processed within Australia, using a single Azure Datacenter. Azure “Australia East” is used for all processed data within On Demand Audit. For disaster recovery duplicate copies of all data are stored in Azure “Australia Southeast”.

All on premises data from Change Auditor is transmitted to and retained in the selected On Demand organization and region.

On Demand Audit makes use of Amazon SES (Simple Email Service) to provide email alerting capabilities via the On Demand Notification Service. These services require Amazon data centers outside of Azure data centers. All data is stored and processed within the matching region selected in On Demand.

NOTE: Fore more information, see the Quest On Demand Global Settings Security Guide.

Privacy and Protection of Customer Data

The most sensitive customer data collected and stored by On Demand Audit is the event data from activity occurring in the Microsoft Entra ID and Microsoft 365 environment and event data from all connected Change Auditor installations. All data is segregated based on the organizational identifier. Whenever event data is stored or retrieved within the system the organizational identifier ensures data remains separate.

All event data is protected by service-level encryption present in Microsoft Azure Services.

For information on privacy and protection of customer data within On Demand and email alerting provided by Amazon SES, please refer to thethe Quest On Demand Global Settings Security Guide.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione