Microsoft Windows Azure regions have the highest possible physical security and are considered among the most secure and well protected datacenters in the world. They are subject to regular audits and certifications including SAS 70 Type I and Type II and ISO/IEC 27001:2005. Relevant references with additional information about the Windows Azure region security can be found here:
A central audit log is kept which contains event information about migration jobs. No email body contents or user account credentials are stored within the log. Certain email meta-data is kept, such as subject lines and statistics around migration jobs.
The admin user has the ability to view log data pertaining to their migrations. Note that this admin user, by virtue of their privileges, already has the ability to view all data about mailboxes in the source environment (independent of ODME).
Single Layer of Access Control
ODME provides a single level of access in order to access the administrator services (e.g. executing an email migration).
All communications to and from the ODME web application goes over TLS, and the SSL certificates need to be issued by certificate authorities that are, by default, trusted in Windows Server 2019. Self-signed certificates are allowed as well when connecting to on-premises servers. Please refer to ODME documentation for more details.
For on-premise Microsoft Exchange migrations, the default port used (during the migration) is port 443 (HTTPS). A customer has the choice of using a non-encrypted connection using HTTP. It is also possible for a customer to use non-standard ports, and specifying these port numbers in the URL (e.g. https://xyz:454).
ODME communicates with Exchange servers (on-premise Exchange, Live@edu and Office 365) over port 443 by default. Port 80 may be used if the customer configures their on-premise server that way.
To communicate with G Suite, ODME uses Gmail API. The default port is 443. OAuth 2.0 is used for read-only access to directory service. For fetching email, calendar and contacts ODME uses Service account’s certificate credentials.
Also, ODME uses the limilabs Mail.dll library. This library supports the latest Transport Layer Security (TLS) protocol to authenticate the server and secure client-server communication.
