What access does Office Protect have to my tenant?
If you are as concerned about your data security as we are, then you may be wondering just how much access to your Microsoft 365 tenant you are giving to Office Protect.
Do I need to give Office Protect my Tenant's global admin? Isn’t it unsafe?
You do not give Office Protect your global admin password: our authorization process is there so that you do not have to. Instead of asking you to authorize Office Protect to access Microsoft 365 using an existing Microsoft 365 Global Administrator, we create a specific user called firstname.lastname@example.org. (To learn more, consult the "Why is there a user called Secmon in my Microsoft 365 tenant?" article)
If you did not buy Microsoft 365 through Sherweb:
Once you have clicked 'PROCEED' during the authorization steps, we redirect you to a Microsoft page to verify your identity. Once authenticated, you will have the opportunity to review the permissions Office Protect requires to operate. This process follows security best practices.
What information does Office Protect store?
We retain your tenant’s name/domain. Once you have authorized us, we will use a security token issued by Microsoft to interact with your tenant. We do not store your tenant admin or password. In fact, we never have access to them.
What about logs?
We retain the events we received from Microsoft 365 for 24 hours.
We also store the Office Protect events indefinitely, for now, but that retention period may be shortened in the future.
Once I authorize the service, what prevents Office Protect from taking unwanted action on my tenant?
Before receiving permission to ask you to authorize our application to interact with your tenant, we had to register with Microsoft as a company. If we were to do anything "bad" to our clients, we would quickly be banned by Microsoft and would no longer be able to operate. Our product is based on trust. We invite you to contact Microsoft if anything we do is not to the highest standards.
Is it permanent? Can I revoke access?
It is not permanent: you can remove our access to your tenant at any time.
What about GDPR?
Office Protect is fully compliant with the rules pertaining to GDPR.
If you have any questions, please browse our other FAQs, or contact us directly.