Overview of data handled by On Demand Migration
On Demand Migration accesses customer SharePoint data (content) from the source tenancy and writes the data to a SharePoint site on the target tenancy.
- Metadata that defines the SharePoint site structure and properties is temporarily stored in memory and deleted when the migration is completed.
- Documents stored in the document libraries and lists of the SharePoint site are temporarily stored in Azure blob storage for the duration of the migration. The storage container is deleted when the migration is complete.
- Manifest files and associated migration log files may be retained by the application for troubleshooting purposes. Manifest files contain data to identify the list items and documents. The troubleshooting data is stored in a separate storage account. Troubleshooting data is automatically deleted after 30 days.
- The application does not require or store any passwords
Admin Consent and Service Principals
On Demand Migration requires access to the customer’s Azure Active Directory and Office 365 tenancies. The customer grants that access using the Microsoft Admin Consent process, which will create a Service Principal in the customer's Azure Active Directory with minimum consents required by On Demand Migration. The Service Principal is created using Microsoft's OAuth certificate based client credentials grant flow https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow. Customers can revoke Admin Consent at any time. See https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/delete-application-portal and https://docs.microsoft.com/en-us/skype-sdk/trusted-application-api/docs/tenantadminconsent for details.
In addition to the base consents required by On Demand and On Demand Migration, On Demand Migration requires the following consents:
Location of customer data
When a customer signs up for On Demand, they select the region in which to run their On Demand organization. All computation is performed and all data is stored in the selected region. The currently supported regions can be found here: https://regions.quest-on-demand.com/.
Windows Azure Storage, including the Blobs, Tables, and Queues storage structures, are replicated three times in the same datacenter for resiliency against hardware failure. The data is replicated across different fault domains to increase availability. All replication datacenters reside within the geographic boundaries of the selected region.
See this Microsoft reference for more details: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Privacy and protection of customer data
The most sensitive customer data processed by On Demand Migration is the SharePoint content including documents and their associated metadata.
- While the migration task is running, SharePoint documents, list items, and associated metadata, are temporary stored in Azure Blob containers. When the migration task is complete, this data is deleted.
- All migration project data and logs are encrypted at rest.
To ensure that customer data is kept separate during processing, the following policies are strictly applied in On Demand Migration:
- The data for each customer is stored in separate Azure storage containers. This information is protected through the Azure built in data at rest Server-Side encryption mechanism. It uses the strongest FIPS 140-2 approved block cipher available, Advanced Encryption Standard (AES) algorithm, with a 256-bit key.
- A separate Elasticsearch server instance is used for each customer.
More information about Azure queues, tables, and blobs: