지금 지원 담당자와 채팅
지원 담당자와 채팅

On Demand Migration Current - Security Guide - SharePoint Migration

Introduction

Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest strives to meet standards designed to provide its customers with their desired level of security as it relates to privacy, confidentiality, integrity, and availability.

This document describes the security features of On Demand Migration for SharePoint. This includes access control, protection of customer data, secure network communication, and cryptographic standards.

About On Demand Migration for SharePoint

Use On Demand Migration for SharePoint to migrate Microsoft SharePoint site collections, and the sites, lists, list items, document libraries, and documents contained in the site collections, between Office 365 tenancies.

Most of these services are delivered via Microsoft Azure cloud services.

Architecture overview

The following schema shows the key components of the On Demand Migration for SharePoint configuration.

Figure 1: High-Level Architecture

Authentication and Consents

Authentication is required when you log on to On Demand. Authorization is the consent required to create and access an On Demand organization.

Authentication of users

User access to On Demand Migration for SharePoint is authenticated with Microsoft Entra ID. Authenticating with Microsoft Entra ID offers inherent granular control and enables centralized configuration management. This method permits the configuration of advanced security layers using your own conditional access policies, including Multi-Factor Authentication (MFA), integration with Okta Inc., and other applications compatible with the Microsoft Authentication Library (MSAL).

The process of registering a SharePoint Office 365 tenant into On Demand Migration for SharePoint is managed through the standard Azure Admin Consent workflow.

A Microsoft Entra ID access token (constrained to the Quest On Demand application) is obtained when the user navigates through the authentication process. This Microsoft Entra ID access token has a lifetime limit of 10 minutes after which it is automatically refreshed if the user is actively using the application. The user is automatically logged out following a period of inactivity. If the user token is revoked in Microsoft Entra ID, the user will continue to have access to On Demand until the token expires after 10 minutes. User access to the On Demand organization can be also revoked within On Demand by an On Demand Organization Administrator, resulting in access loss after token expiry.

Quest On Demand Application Consent

As part of the login process with Microsoft Entra ID, users must consent to the set of minimal permissions required by the Quest On Demand application. By default, all users are allowed to consent to applications for permissions that do not require administrator consent. This behavior might be deactivated in some Microsoft Entra ID tenants and may require tenant administrators to enable user consent flow for the Quest On Demand application.

The base consents required by Quest On Demand is shown below.

NOTE:

  • The ability to consent on behalf of your organization is available if logging in as the global administrator in the tenant.
  • The ability to request consents will only be available if the global administrator has enabled the admin consent workflow. For more details see the article How to enable the admin consent workflow.
  • The verified publisher domain and permissions will be clearly labeled and detailed.
셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택