Chatta subito con l'assistenza
Chat con il supporto

Content Matrix 9.10 - Security Guide

Admin Consent and Service Principals

Quest® Content Matrix can access the customer’s Microsoft Entra ID and Microsoft 365 tenancies. The customer grants that access using the Microsoft Admin Consent process, which will create a Service Principal in the customer's Entra ID with minimum consents required by Quest® Content Matrix migration. The Service Principal is created using Microsoft's OAuth certificate based client credentials grant flow https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow.

Customers can revoke Admin Consent at any time. See https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/delete-application-portal?pivots=portal and https://docs.microsoft.com/en-us/skype-sdk/trusted-application-api/docs/tenantadminconsent for details.

Following is the base consent required by Quest® Content Matrix.

OAuth Accept

Location of Customer Data

·All computation is performed on server(s) provided by the customer.

·All data and application logs are stored in a SQL server or file provided by the customer.

·In case of migration using "Import API" option, binary contents of files are uploaded to Azure blob storage. Quest® Content Matrix can use either SPO provided Azure container blob storage or customer provided private Azure container blob storage.

Privacy and Protection of Customer Data

Encryption of secrets uses MS DPAPI (PBKDF2, AES).

Security-sensitive information like the password and OAuth tokens used in SharePoint and Public Folder connections are encrypted using Microsoft DPAPI (ProtectedData Class (System.Security.Cryptography) | Microsoft Docs).

Network Communications

 

Source

Target

Port/Protocols

Content Matrix Console

 

Job DB, Agent DB

MSSQL (default 1433 TCP) or SQLCE

SharePoint Server (remote machine)

Native Web Service

User selected port (TCP)

Nintex Web Service

443 (TCP) or 80 (TCP)

MEWS

Native Web Service port (TCP)

SharePoint DB

MSSQL (default 1433 TCP)

Quest Web Services

Metalogix License Service

443 (TCP)

Nintex Conversion Service

443 (TCP)

Azure Cloud

Azure Blob Storage

443 (TCP)

Azure Queue

443 (TCP)

Microsoft 365 (SPO CSOM)

443 (TCP)

Nintex Online

443 (TCP)

PowerShell

Content Matrix Agents

135 (TCP) and dynamic ports (TCP)

Content Matrix Agents

Agent DB

MSSQL (default 1433 TCP) or SQLCE

 

Figure 2: List of protocols used and associated ports

.

 

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione