This FAQ is intended to answer common security questions about the Directory Lite product. If you are looking for security information pertaining to Directory Premium, please see the Directory Premium Security FAQ.
How Does Directory Lite read and write to my Directory?
- Directory Lite connects directly to Azure Active Directory (AAD). Initially, Directory Lite will prompt for permissions to read from Azure Active directory for directory analysis. Respective write permissions will also need to be given when it is time for Hyperfish Lite to apply updated profile photos.
Which Active Directory objects and properties does Directory Lite modify?
- When Directory Lite updates profile photos, write permissions to Azure Active Directory (AAD) will need to be granted. This will allow Directory Lite to write profile photo changes to AAD. These changes will require approval, unless the automatic approval functionality is enabled.
How does Directory secure the data sent between Azure Active Directory and the Directory Lite cloud service?
- Directory Lite secures all communication over HTTPS, a TCP/IP protocol used by Web servers to transfer web content securely. The data transferred is encrypted so that it cannot be read by anyone other than the recipient.
What kind of information is stored by Directory Lite, and for how long?
- The User Principal Name and Azure AD Identifier for user objects are stored indefinitely.
- User properties and analysis information are stored transactionally, as Directory Lite does not require attribute details to calculate the overall completion statistics of a given directory.
- When a user submits a profile photo to be updated, the previous and new photos are stored 30 days for administrator approval.
Where is Directory Lite data stored?
- All Directory data is hosted in Azure. For more information about Azure security, please refer to the Microsoft Azure Security documentation: https://www.microsoft.com/en-us/trustcenter/Security/AzureSecurity
Who can access the Directory Lite Profile Update Page?
- The Directory Lite Profile Page is a self-service page, from which users can update profile photos. It can be accessed by navigating to https://app.hyperfish.com, or by logging in with Office 365 credentials.
- If profile photos are missing or incomplete, users will be contacted through secure contact channels with a link to their Profile Page. This link is uniquely generated for the user, and expires after 30 days.
If there are service disruptions with Directory Lite, are any of my profile pictures lost?
- No - Directory Lite does not host any directory information. All information will repopulate as soon as service and directory connection is restored. Additionally, all Hyperfish Lite systems and data are made fully redundant. Point-in-time recovery is available through daily backups and transactional logging.