Chat now with support
Chat mit Support

On Demand Migration Current - Security Guide - SharePoint Migration

Introduction

Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest strives to meet standards designed to provide its customers with their desired level of security as it relates to privacy, confidentiality, integrity, and availability.

This document describes the security features of On Demand Migration for SharePoint. This includes access control, protection of customer data, secure network communication, and cryptographic standards.

About On Demand Migration for SharePoint

Use On Demand Migration for SharePoint to migrate Microsoft SharePoint site collections, and the sites, lists, list items, document libraries, and documents contained in the site collections, between Office 365 tenancies.

Most of these services are delivered via Microsoft Azure cloud services.

Architecture overview

The following schema shows the key components of the On Demand Migration for SharePoint configuration.

Figure 1: High-Level Architecture

Authentication and Consents

Authentication is required when you log on to On Demand. Authorization is the consent required to create and access an On Demand organization.

Authentication of users

User access to On Demand Migration for SharePoint is authenticated with Microsoft Entra ID. Authenticating with Microsoft Entra ID offers inherent granular control and enables centralized configuration management. This method permits the configuration of advanced security layers using your own conditional access policies, including Multi-Factor Authentication (MFA), integration with Okta Inc., and other applications compatible with the Microsoft Authentication Library (MSAL).

The process of registering a SharePoint Office 365 tenant into On Demand Migration for SharePoint is managed through the standard Azure Admin Consent workflow.

A Microsoft Entra ID access token (constrained to the Quest On Demand application) is obtained when the user navigates through the authentication process. This Microsoft Entra ID access token has a lifetime limit of 10 minutes after which it is automatically refreshed if the user is actively using the application. The user is automatically logged out following a period of inactivity. If the user token is revoked in Microsoft Entra ID, the user will continue to have access to On Demand until the token expires after 10 minutes. User access to the On Demand organization can be also revoked within On Demand by an On Demand Organization Administrator, resulting in access loss after token expiry.

Quest On Demand Application Consent

As part of the login process with Microsoft Entra ID, users must consent to the set of minimal permissions required by the Quest On Demand application. By default, all users are allowed to consent to applications for permissions that do not require administrator consent. This behavior might be deactivated in some Microsoft Entra ID tenants and may require tenant administrators to enable user consent flow for the Quest On Demand application.

The base consents required by Quest On Demand is shown below.

NOTE:

  • The ability to consent on behalf of your organization is available if logging in as the global administrator in the tenant.
  • The ability to request consents will only be available if the global administrator has enabled the admin consent workflow. For more details see the article How to enable the admin consent workflow.
  • The verified publisher domain and permissions will be clearly labeled and detailed.
Self-Service-Tools
Knowledge Base
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Kontakt
Unterstützung bei der Lizenzierung
Technische Support
Alle anzeigen
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen