Infrastructure Security Overview

Created by Leon, Modified on Fri, 09 Feb 2024 at 01:11 PM by Brendan Gibson

This article is aimed to provide an overview of how we secure our Sync 365 environment and the infrastructure that is used

Location and Hosting provider

Sync 365 is hosted in Microsoft Azure and is located in Australia datacenters.

From a back end/systems perspective, we have taken the approach of full serverless and following the Azure Security Controls recommendations (which largely relates to CIS/NIST).

Overview of the Azure Security Benchmark V2 | Microsoft Learn

More specifically directed to the azure functions section - Azure security baseline for Azure Functions | Microsoft Learn  as that is a majority of all our backend processing.

Additionally our main backend is azure managed mysql - Azure security baseline for Azure Database for MySQL | Microsoft Learn

With only access allowed internally and from our office IP’s.

Any credentials are stored salted and hashed and we take a "store minimum data" stance where we aim to hold the minimum amount of data we can to perform the tasks required


Only company directors have access to the azure portal and items within it. Development changes are all controlled through Azure Devops and have an approval process to roll out any changes to production.


In terms of API’s that we will connect with

From the partner center

Partner Center API scenarios - Partner Center Rest API | Microsoft Learn

We will:

  • Get Customers
  • Get partner info
  • Get licenses for the tenant
  • Get subscriptions (if direct csp)


That provides the basis for our system to work. For any advanced features like filtering licenses by AzureAD information, adding usernames to invoices, syncing contacts to your PSA, creating a custom license from azuread information or mailbox counts, we need to connect to the customer tenant for the information.



  • Get Users
  • Get groups



  • Get mailboxes
This is all done via your GDAP relationships and permissions available and all log will be related to whatever user you grant partner consent with.

Granular delegated admin privileges (GDAP) introduction - Partner Center | Microsoft Learn

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article