The agent can be installed by a standard user. No administrative rights are needed to install the agent. No special firewall or antivirus exceptions are needed.
The agent application does not save, transmit or use the user’s Microsoft 365 credential. The agent operates using a delegated permission model and never has access to the user’s credential. In most enterprise scenarios, the agent will silently authenticate when the user is logged in. If authentication is required, the user will authenticate directly with either Microsoft, your company’s on-premises ADFS server or your 3rd party identity provider.
The agent is not designed to store data locally under normal operation. However, it can store temporary files on a user’s machine if connectivity to Microsoft Azure is limited. This temporary data does not contain display names, usernames, email addresses, passwords, or any other sensitive information. Regardless of the anonymized nature of this data, it is encrypted at rest. All data gathered by the agent is encrypted from inception until successful transmission to our SaaS platform. This includes in-memory, during transmission, and while at rest.
When testing Microsoft services, the agent is designed to connect to the same endpoints as your user’s Microsoft 365 applications. By design, our agent will operate in the same manner as a Microsoft 365 application and communicate with any of the IP ranges and hosts required by Microsoft. Microsoft publishes their up-to-date list here: https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
In addition to the standard endpoints used with Microsoft Apps and services, the agent will also need to access our Microsoft Azure based service. This endpoint can vary depending on the location of your data:
All communications with our API maintain the following standards:
Please read our Data Privacy here: Data Privacy
Child pages: