Power365 is architected to prevent data commingling by logically separating customer data. Customer data are differentiated using a Customer Identifier. The Customer Identifier is a unique identifier generated by Power365 when the customer signs up for the application. This identifier is used throughout the solution to ensure strict data separation of customers' data.
Customer data is further separated as customer related services are isolated from any other OS process by the Microsoft Service Fabric exclusive process model. See https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-hosting-model#exclusive-process-model for more information.
All communication to Power365 - including the user interface and associated Azure services - are secured with HTTPS. There are no unsecured external HTTP calls within Power365.
All communication with Azure Active Directory uses OAuth2 access tokens for Microsoft Graph API operations and HTTPS for PowerShell operations.
On-premises directory sync agents communicate with on-premises Active Directory using LDAP or LDAPS over TLS 1.2 as configured within the user interface and communicate with Power365 cloud services using HTTPS.
On-premises device agents poll the Device Agent Cache Service (DACS) using unencrypted UDP or HTTP for efficiency. No sensitive information is exchanged, just a Boolean value indicating when there are jobs queued for the device agent. If DACS indicates there are jobs queued, the device agent communicates securely with the Power365 web service using HTTPS to retrieve the job details.
Power365 Desktop Agent communicates with Power365 web services using HTTPS over TLS 1.2.
Power365 Migration reads and writes content using HTTPS over TLS 1.2 data channels.
Power365 Email Rewrite Services communicates with Microsoft 365 tenants using TLS 1.2 encrypted data channels.
Power365 relies upon Microsoft 365 for authentication which provides customers with an integrated authentication experience where you can move from Power365 to a Microsoft portal seamlessly, without multiple logins and passwords. All while keeping your account security under your organization’s policies, rules, and security protocols.
Power365 also supports Multi Factor Authentication (MFA) for organizations that have enabled MFA within Microsoft 365.
Registering an Azure Active Directory tenant into Power365 is handled through the Azure Admin Consent workflow and customers can revoke Admin Consent at any time. See https://msdn.microsoft.com/en-us/skype/trusted-application-api/docs/tenantadminconsent for details.
Power365 is configured with role-based access that can be modified only by authorized administrators within the customer’s organization and by system administrators.
Each role has a specific set of permissions that determines what tasks a user assigned to the role can perform:
System Administrator – Reserved for Internal Use. Grants an authenticated user full access to all clients within Power365. This role may grant other users access to applications and assign a permission role to their account.
Client Administrator – Grants an authenticated user full access to the assigned client’s projects. This role may grant other users access to applications and assign a permission role to their account.
Power User – Grants an authenticated user full access to the assigned client’s projects. This role may navigate projects, view reports, and modify application configurations but cannot view Power365 licenses or grant others access.
Operator – Grants an authenticated user access to the assigned client’s migration project and Directory Sync workflow functionality. This role may navigate projects, mange schedules, waves, and migration related actions. This role cannot view Power365 licenses or reports, grant others access or modify application configurations including what is in and out of scope for migration. The Operator role also cannot access the edit, remove, or add functionality for configurations and profiles in Active Directory.
For more information on role-based access control, please refer to the Binary Tree Power365 product documentation.
© ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center
