The application uses consented permissions to obtain metadata regarding your Microsoft 365 environment. Properties that may contain information that is sensitive to your organization are the following:
- Group and team membership and ownership information (names and job titles of members and owners).
- Group metadata (Group name and description).
- Teams channel metadata (Display name).
- Document display names (For documents with external links requiring your action).
The application stores—or caches—data with application-level encryption as well as encryption at rest. This ensures that engineers maintaining our production environment do not interact with your sensitive information.
When archiving with ShareGate Apricot the application needs to access the content and metadata of all your files. Whether your archive is created in ShareGate Apricot's provided storage or your own, the data is encrypted and not accessible to anyone outside of your tenant.
Access to administrative operations and production infrastructure is only granted to a few select engineers through Azure's Privileged Identity Management service with time restrictions and approval processes enabled. They must connect through a Virtual Private Network (VPN) with Multi-Factor Authentication (MFA).
We will contact you to obtain explicit consent in the event our engineers require administrative access that could reveal any of your organization's data to resolve issues you are facing with ShareGate Apricot.