On Demand Audit security features are only one part of a secure environment. Customers need to operate by their own best security practices when proceeding with auditing their data. Special care needs to be given to protecting the credentials of the Microsoft Entra ID Tenants Global Administrator accounts.
Change Auditor Integration
When On Demand Audit is configured to connect to an on premises Change Auditor installation, care must be taken to ensure that the Change Audit installation is configured according to security best practices to protect Change Auditor coordinators.
Secure the Change Auditor installation
Any Change Auditor users that have the Change Auditor administrator role can modify the configuration for On Demand Audit integration through the Change Auditor client and thereby expose data to other organizations. Therefore, the members of the Change Auditor administrators must be carefully managed.
Secure Change Auditor Coordinator Servers
All Change Auditor coordinators communicate with On Demand Audit cloud components and must be secured. This communication is secured and encrypted by means of a unique X.509 certificate installed on each coordinator in the Certificate Store. This certificate provides the identity and access for On Demand Audit from for on premises components and therefore must be protected so that the On Demand Audit organization and data remains protected. For correct operation, only the Change Auditor Coordinator service and local computer administrators can access certificates in the Certificate Store. To protect the certificate, it is essential that only trusted users have administrative rights on coordinators because these users may gain access to the certificate.
If a certificate is suspected of being compromised it should be replaced with a new unique certificate to secure the environment. Please contact Quest support for this procedure.