Security & Compliance
Your security is our top priority. Learn how we protect your data and maintain compliance with industry standards.
Read-Only by Design
BridgeTenant connects to your Microsoft 365 tenant with read-only permissions only. We will never modify, delete, or alter any data or configuration in your environment. This is our core architectural principle.
Security Features
Encryption Everywhere
TLS 1.3 for data in transit, AES-256 for data at rest. All sensitive data is encrypted at every layer.
Secure Infrastructure
Hosted on Microsoft Azure with geo-redundant storage, DDoS protection, and network isolation.
Minimal Data Collection
We only collect configuration data necessary for assessments. No personal user content is accessed.
Access Controls
Role-based access control (RBAC), multi-factor authentication, and audit logging for all actions.
Data Residency
Choose your data region: EU (West Europe), US (East US), or Germany (Germany West Central). Your data stays in the region you select.
Incident Response
24/7 security monitoring, documented incident response procedures, and breach notification within 72 hours.
Compliance & Certifications
We maintain certifications and compliance with leading security frameworks.
ISO 27001
In ProgressInformation security management system certification. Audit planned for Q4 2026.
GDPR
CompliantFull compliance with EU General Data Protection Regulation, including Data Processing Agreements.
SOC 2 Type II
Planned Q4 2026Service Organization Control audit for security, availability, and confidentiality.
Microsoft Partner
BridgeTenant is a member of the Microsoft Partner Network. Our application is registered in Microsoft Entra ID and uses official Microsoft Graph APIs with proper OAuth 2.0 authentication flows.
Microsoft Graph Permissions
We request only the minimum permissions necessary to perform security assessments. All permissions are read-only.
| Permission | Purpose |
|---|---|
| User.Read.All | Count users and check MFA settings |
| Group.Read.All | Inventory groups and membership |
| Policy.Read.All | Review security policies |
| Organization.Read.All | Get tenant information |
| Directory.Read.All | Read directory configuration |
Full permission list available in our documentation. You can revoke consent at any time from the Azure Portal.
Our Security Practices
Secure Development Lifecycle
Code reviews, static analysis, dependency scanning, and penetration testing are part of our development process.
Employee Security
Background checks, security training, and principle of least privilege for all team members.
Vendor Management
All third-party services are vetted for security and compliance before integration.
Business Continuity
Regular backups, disaster recovery procedures, and geo-redundant infrastructure ensure service availability.
Security Questions?
We're happy to discuss our security practices with prospective and current customers.