Chat now with support
Chat mit Support

On Demand Migration Current - Security Guide - General Migration

Introduction

Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest strives to meet standards designed to provide its customers with their desired level of security as it relates to privacy, confidentiality, integrity, and availability.

This document describes the security features of On Demand Migration. This includes access control, protection of customer data, secure network communication, and cryptographic standards.

About On Demand Migration

On Demand Migration provides the following functionality in a robust project management interface with in-depth monitoring and reporting:

  • Analyzes Microsoft Entra ID structure and highlights the problems that might adversely affect the migration.
  • Migrates users, groups, and the related information between Microsoft Entra ID tenants or maps the existing source/target accounts.
  • Migrates hybrid accounts (on-premises users/groups synchronized with Microsoft Entra ID.)
  • Migrates Microsoft Office 365 mailboxes.
  • Automatically redirects on-premise Outlook clients to the new Exchange Online.
  • Grants access to the source tenant’s resources and applications for the migrated/mapped accounts.
  • Transfers OneDrive for Business content and permissions between tenants.
  • Ensures uninterrupted workflows during the migration:
    • Automatically replaces email addresses in outgoing and incoming messages, as if the senders have already been migrated to the target tenant (Domain Coexistence feature.)
    • Shares free/busy information between tenants.

On Demand Migration is hosted in Microsoft Azure and delivers most of its functions via Microsoft Azure cloud services.

Hybrid accounts migration works via the secure connection with Quest Migration Manager for Active Directory, installed on premises.

Architecture overview

The following schema shows the key components of the On Demand Migration configuration.

QIP - Quest Intellectual Property

Authentication and Consents

Authentication is required when you log on to On Demand. Authorization is the consent required to create and access an On Demand organization.

Authentication of users

User access to On Demand Migration is authenticated with Microsoft Entra ID. Authenticating with Microsoft Entra ID offers inherent granular control and enables centralized configuration management. This method permits the configuration of advanced security layers using your own conditional access policies, including Multi-Factor Authentication (MFA), integration with Okta Inc., and other applications compatible with the Microsoft Authentication Library (MSAL).

The process of registering a Microsoft Entra Id tenant into On Demand Migration is managed through the standard Azure Admin Consent workflow.

A Microsoft Entra ID access token (constrained to the Quest On Demand application) is obtained when the user navigates through the authentication process. This Microsoft Entra ID access token has a lifetime limit of 10 minutes after which it is automatically refreshed if the user is actively using the application. The user is automatically logged out following a period of inactivity. If the user token is revoked in Microsoft Entra ID, the user will continue to have access to On Demand until the token expires after 10 minutes. User access to the On Demand organization can be also revoked within On Demand by an On Demand Organization Administrator, resulting in access loss after token expiry.

Quest On Demand Application Consent

As part of the login process with Microsoft Entra ID, users must consent to the set of minimal permissions required by the Quest On Demand application. By default, all users are allowed to consent to applications for permissions that do not require administrator consent. This behavior might be deactivated in some Microsoft Entra ID tenants and may require tenant administrators to enable user consent flow for the Quest On Demand application.

The base consents required by Quest On Demand is shown below.

NOTE:

  • The ability to consent on behalf of your organization is available if logging in as the global administrator in the tenant.
  • The ability to request consents will only be available if the global administrator has enabled the admin consent workflow. For more details see the article How to enable the admin consent workflow.
  • The verified publisher domain and permissions will be clearly labeled and detailed.
Self-Service-Tools
Knowledge Base
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Kontakt
Unterstützung bei der Lizenzierung
Technische Support
Alle anzeigen
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen