Chatta subito con l'assistenza
Chat con il supporto

Nova Current - Reporting Security Guide

Overview of data handled by Nova Reporting

Nova Reporting manages the following types of customer data:

·Microsoft Entra and Office 365 users, groups and contacts with their properties returned by the Microsoft Graph API including account name, email addresses, contact information, department, membership, licenses, and other properties.

·Microsoft product usage statistics and activity, such as Exchange emails, Yammer posts, Skype messages, Teams calls, OneDrive storage, SharePoint files, etc.

·The application does not store or deal with any product contents, such as Exchange/Teams messages or OneDrive file contents - only statistics relating to counts and sizes are stored.

·Audit events returned by the Management Activity API.

·Service Status Messages returned by the Management Activity API.

·Exchange objects are collected via the Microsoft Exchange Online PowerShell API.

·The application does not store or deal with end-user passwords of Microsoft Entra objects.

·The application stores administrative account name and password to perform data collections. The data are stored in Azure Key Vault and is encrypted at rest.

 

In addition to the base consents, Nova Reporting requires to assign Global Reader role. The details on how this can be done can be found here.

Admin Consent and Service Principals

Nova Reporting requires access to the customer’s Microsoft Entra and Office 365 tenancies. The customer grants that access using the Microsoft Admin Consent process, which will create a Service Principal in the customer's Microsoft Entra ID with minimum consents required by Nova Reporting. The Service Principal is created using Microsoft's OAuth certificate based client credentials grant flow https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow. Customers can revoke Admin Consent at any time. See https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/delete-application-portal and https://docs.microsoft.com/en-us/skype-sdk/trusted-application-api/docs/tenantadminconsent for details.

 

Following is the base consent required by Nova Reporting.

 

Permissions2

 

Location of customer data

When a customer signs up for Nova, they select the region in which to run their Nova organization. All computation is performed and all data is stored in the selected region. The currently supported regions are:

-US (hosted in the AWS us-east-1 region in North Virginia)

-EMEA (hosted in the AWS eu-west-1 region in Ireland)

 

The databases are hosted in AWS RDS with read-replicas in alternative Availability Zones for resiliency against hardware failure and to increase availability. All replication datacenters reside within the geographic boundaries of the selected region. Daily snapshots are stored for 30 days.

 

Management Activity/API Audit events and application logs are stored in Azure Data Explorer clusters hosted on Microsoft Azure Virtual Machines, in the following regions:

-US (hosted in the Azure West US region in Washington)

-EU (hosted in the Azure North Europe region in Ireland)

Privacy and protection of customer data

The most sensitive customer data processed by Nova Reporting is the Microsoft Entra and Office 365 data including users, groups and contacts and their associated properties. Nova Reporting does not store or deal with end-user passwords of Microsoft Entra objects, nor user-generated data such as Email/Teams message content or OneDrive files. All data and logs are encrypted at rest.

 

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione