This article is aimed to provide an overview of how we secure our Sync 365 environment and the infrastructure that is used
Location and Hosting provider
Sync 365 is hosted in Microsoft Azure and is located in Australia datacenters.
From a back end/systems perspective, we have taken the approach of full serverless and following the Azure Security Controls recommendations (which largely relates to CIS/NIST).
Overview of the Azure Security Benchmark V2 | Microsoft Learn
More specifically directed to the azure functions section -Azure security baseline for Azure Functions | Microsoft Learn as that is a majority of all our backend processing.
Additionally our main backend is azure managed mysql -Azure security baseline for Azure Database for MySQL | Microsoft Learn
With only access allowed internally and from our office IP’s.
Only company directors have access to the azure portal and items within it. Development changes are all controlled through Azure Devops and have an approval process to roll out any changes to production.
In terms of API’s that we will connect with
From the partner center
Partner Center API scenarios - Partner Center Rest API | Microsoft Learn
We will:
That provides the basis for our system to work. For any advanced features like filtering licenses by AzureAD information, adding usernames to invoices, syncing contacts to your PSA, creating a custom license from azuread information or mailbox counts, we need to connect to the customer tenant for the information.
Azure
Exchange
Granular delegated admin privileges (GDAP) introduction - Partner Center | Microsoft Learn