Chatta subito con l'assistenza
Chat con il supporto

On Demand Migration Current - Security Guide - Teams Migration

Administrator Consent and Service Principals

On Demand Migration requires access to the customer’s Microsoft Entra ID and Office 365 tenancies. The customer grants that access using the Microsoft Admin Consent process, which will create a Service Principal in the customer's Microsoft Entra ID with minimum consents required by On Demand Migration for Teams. The Service Principal is created using Microsoft's OAuth certificate based client credentials grant flow.

Customers can revoke Admin Consent at any time. For more details, see https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/delete-application-portal and https://docs.microsoft.com/en-us/skype-sdk/trusted-application-api/docs/tenantadminconsent.

The base consents required by Quest On Demand and all associated online services for both source and target tenants is shown below.

Quest On Demand - Core - Basic

On Demand Migration

The base consent required by all On Demand Migration services is.

Quest On Demand - Migration - Basic - Minimal or Quest On Demand - Migration - Basic - Full consent for the source tenant.

Quest On Demand - Migration - Basic - Full consent for the target tenant.

The consents apps are as shown below:

Quest On Demand - Migration - Basic - Minimal Quest On Demand - Migration - Basic - Full
On Demand Migration for Teams

In addition to the base consents, On Demand Migration for Teams requires the following consents:

Quest On Demand - Migration - Teams - Minimal or Quest On Demand - Migration - Teams - Full consent for the source tenant.

Quest On Demand - Migration - Teams - Full consent for the target tenant.

Quest On Demand - Migration - Mailbox Migration - Minimal or Quest On Demand - Migration - Mailbox Migration - Full consent for the source tenant.

Quest On Demand - Migration - Mailbox Migration - Full for the Target tenant

Quest On Demand - Migration - SharePoint - Minimal or Quest On Demand - Migration - SharePoint - Full consent for the source tenant.

Quest On Demand - Migration - SharePoint - Full for the Target tenant.

The consent apps are as shown below:

Quest On Demand - Migration - Teams - Minimal Quest On Demand - Migration - Teams - Full

Role based access control

Quest On Demand is configured with default roles that cannot be edited or deleted, and allows you to add custom roles to make permissions more granular. Each access control role has a specific set of permissions that determines what tasks a user assigned to the role can perform. For more information about role-based access control, see the Quest On Demand Migration User Guide.

Azure datacenter security

Microsoft Azure datacenters have the highest possible physical security and are considered among the most secure and well protected datacenters in the world. They are subject to regular audits and certifications including Service Organization Controls (SOC) 1, SOC 2 and ISO/IEC 27001:2005.

Relevant references with additional information about the Windows Azure datacenter security can be found here:

Overview of data managed by On Demand Migration for Teams

On Demand Migration for Teams manages the following type of customer data:

  • Office 365 groups, Microsoft Teams, channels, messages and files with their properties returned by Teams Graph API. The content processed by the service is not persistently stored by the product. Only migrated message IDs are stored in the product database.
  • Some data from Teams content can be stored by the product for troubleshooting purposes. This includes data to identify the items where some troubleshooting is required, e.g., a Team or channel name, attachment file names. The data is stored in product Elasticsearch database and Azure table storage and is encrypted at rest.
  • The application does not store or deal with end-user passwords.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione