This article is aimed to provide an overview of how we secure our Sync 365 environment and the infrastructure that is used
Location and Hosting provider
Sync 365 is hosted in Microsoft Azure and is located in Australia datacenters.
From a back end/systems perspective, we have taken the approach of full serverless and following the Azure Security Controls recommendations (which largely relates to CIS/NIST).
Overview of the Azure Security Benchmark V2 | Microsoft Learn
More specifically directed to the azure functions section - Azure security baseline for Azure Functions | Microsoft Learn as that is a majority of all our backend processing.
Additionally our main backend is azure managed mysql - Azure security baseline for Azure Database for MySQL | Microsoft Learn
With only access allowed internally and from our office IP’s.
Only company directors have access to the azure portal and items within it. Development changes are all controlled through Azure Devops and have an approval process to roll out any changes to production.
In terms of API’s that we will connect with
From the partner center
Partner Center API scenarios - Partner Center Rest API | Microsoft Learn
We will:
- Get Customers
- Get partner info
- Get licenses for the tenant
- Get subscriptions (if direct csp)
That provides the basis for our system to work. For any advanced features like filtering licenses by AzureAD information, adding usernames to invoices, syncing contacts to your PSA, creating a custom license from azuread information or mailbox counts, we need to connect to the customer tenant for the information.
Azure
- Get Users
- Get groups
Exchange
- Get mailboxes
Granular delegated admin privileges (GDAP) introduction - Partner Center | Microsoft Learn
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article