EveryCloud Value - Microsoft Application Permission

1. Permission Type

Cloud analytics platforms typically operate with:

Read‑only permissions granted through Microsoft APIs
No write or modification capabilities
No storage of customer or partner passwords

2. Categories of Data Accessed

These platforms require access to a defined set of data categories for analysis and reporting, including:

Identity
Business contact
Financial
Transaction
Technical
Profile
Usage
Marketing & communication
Aggregated data

Specific Microsoft Entra ID (Azure AD) user object fields may also be accessed, depending on the features enabled.

3. How Permissions Are Granted

Permissions are established through a structured onboarding process that typically includes:

Authentication using Global Administrator credentials
Authorisation of the cloud application registration
Acceptance of applicable licensing or usage agreements
Automated start of API‑driven data ingestion

This process usually completes within minutes, and initial insights appear within a short timeframe.

4. Data Privacy & Control

The customer remains the data owner and data controller at all times
The platform acts as a data processor
All data remains mastered and controlled within the customer's Microsoft tenant
Sensitive or special‑category data is not required or processed

5. Technical Enforcement of Permissions

Permission boundaries are enforced through common cloud‑security practices, including:

Read‑only API access
TLS 1.2+ encryption in transit and AES encryption at rest
Per‑tenant data segregation
Strong authentication and MFA
Federated identity via Microsoft Entra ID
Segmented, containerised architecture with modern network controls

Summary Statement

This permissions model provides visibility into Microsoft cloud environments while maintaining strict read‑only boundaries. Access is minimised, encrypted, and controlled through Microsoft-native identity and security controls, ensuring that customer data remains protected and unaltered.