Your data is secure at all times both at rest and in-transit.
Below, we'll take you through the details of the type of data stored by ShareGate Apricot and how it is secured.
Note: The app stores all the required data in Microsoft Azure's East US 2 region.
Index
User security-critical data
This data includes application access tokens as well as encryption keys. This type of data is stored in Azure KeyVault. The application has a registered identity to access these tokens and all accesses are fully audited and logged. This is the most secure data layer.
Key Vault uses HSMs (Hardware Security Modules) to provide an even higher level of encryption for all data stored within it.
Access tokens
User access tokens are cached in Azure Blob Storage using at rest encryption (256-bit AES encryption) and application-level encryption (256-bit AES encryption).
User data
This is data that is recovered from your Microsoft 365 environment. This includes team or group membership and ownership information as well as files and content from teams or groups that were archived. All data in this category has three layers of encryption:
- Encryption in transit (TLS 1.2)
- Encryption at-rest (256-bit AES encryption)
- Application-level encryption (256-bit AES encryption) using a per-tenant key that is stored in Key Vault (see User security-critical data)
Some file and content metadata is also indexed in Azure Search to allow you to efficiently search and browse your archived data.
Application state data
This is the state data that is used to track different settings and options associated with your user account as well as actions taken in the application. For example, customizations made to email notifications, policy settings, actions taken to manage your tenant, etc.
Data in this category has two layers of encryption:
- Encryption in transit (TLS 1.2)
- Encryption at-rest (256-bit AES encryption)