Security is a top priority for CoreView! This article provides an overview of our approach to security and compliance and important links to detailed documentation, including technical aspects.
Security and compliance
At CoreView, our security and compliance programs are managed by a cross-functional Information Security Steering Committee (ISSC) to ensure we address the security needs of the entire organization.
We adhere to GDPR regulations and maintain ISO 27001, ISO 9001, ISO 27018, SOC 2 Type II, and SOC 3 certifications.
Additionally, CoreView is proud to be a Microsoft Preferred Solution & Gold Partner, demonstrating CoreView’s adherence to rigorous Microsoft performance scoring requirements. We conduct annual risk, business impact, and vendor assessments, with quarterly reviews by our risk management team.
Our approach includes robust authentication, encryption, vulnerability management, rapid patching, continuous monitoring, extensive incident response capabilities and employee training to protect your data. Our commitment is to ensure the highest level of security and compliance for our clients’ Microsoft 365 environments.
For more details, you can visit our security page and legal page.
For details on CoreView’s privacy program, visit our Privacy Policy.
Enterprise applications
CoreView utilizes the following applications to onboard and import data from your Microsoft 365 tenant.
To use these applications, permissions must be granted. Below is a list of the apps, their purpose, and links to complete and detailed lists of permissions to be provided:
Integration App
During onboarding, you will be prompted to use this app, which is necessary to complete the onboarding process and for the proper functioning of CoreView.
By using this app, you provide consent to a set of permissions required for accessing the Graph API and the Office 365 Management API. These permissions allow the app to collect reporting data from your tenant.
Registration App (service accounts)
During onboarding, you will be prompted to use this app, which is necessary to complete the onboarding process and for the proper functioning of CoreView.
By using this app, specific read-only non-interactive accounts are created to connect to your tenant and collect reporting data.
Service accounts can't be removed, or the application will not work properly.
Alternatively, you can manually enter previously created service accounts in the Microsoft 365 Admin Center, without granting CoreView any extra permissions.
- For more information about what these accounts are, their purpose and characteristics, and how you can identify them in Entra ID, click here.
- You can view the complete and detailed list of permissions to be provided for the Registration App here.
- Instructions on how to create service accounts automatically and manually are provided here.
Graph management
This app is necessary for the proper functioning of:
that use the Graph PowerShell module or Graph API endpoints.
By using this app, you will authorize the use of the Microsoft Graph module.
This app is optional, but it is need to be activated to use the functionalities listed above.
You can grant and revoke permissions for this app at any time, directly from CoreView.
- More information about Graph management is available here.
Extra-consents
For CoreView to work properly with applications like Endpoint, BitLocker, and SharePoint, it's necessary to grant the required permissions to the CoreView application on the Microsoft side.
These apps are optional, but they need to be activated to use all the functionalities.
You can grant and revoke permissions for this app at any time, directly from CoreView.
- You can find the list of all apps and their respective permissions here.
Data management
- CoreView imports data from your Microsoft 365 tenant via API, performing both full and delta imports. For a comprehensive understanding of our data import process, please refer to our data import guide
- CoreView maintains historical data for specific reports, each with its own retention period. For a detailed overview of these reports and their respective retention durations, please consult our report history and retention guide.
Do you have questions?
Visit our Frequently Asked Questions on security and compliance.