Microsoft Booking Security Architecture

%3CLINGO-SUB%20id%3D%22lingo-sub-1251060%22%20slang%3D%22en-US%22%3EMicrosoft%20Booking%20Security%20Architecture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1251060%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20customer%20is%20planning%20to%20use%20this%20Microsoft%20Booking%20and%20would%20like%20to%20know%20the%20following%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20style%3D%22font-weight%3A%20400%3B%22%3EWhat%E2%80%99s%20the%20architecture%20design%20of%20this%20service%3F%3C%2FLI%3E%0A%3CLI%3EHow%20is%20confidentiality%20of%20store%2Fregistered%20information%20managed%20(i.e.%20Customer%20A%20should%20no%20be%20able%20to%20search%20or%20see%20Customer%20B%20booking%20information)%3C%2FLI%3E%0A%3CLI%20style%3D%22font-weight%3A%20400%3B%22%3EWhere%20are%20all%20the%20submitted%20information%20stored%3F%20(e.g.%20SharePoint%20site%2C%20mailbox%2C%20etc.)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThese%20are%20some%20of%20the%20question%20asked%20by%20security.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1251060%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ebooking%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1447809%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Booking%20Security%20Architecture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1447809%22%20slang%3D%22en-US%22%3EDear%20Jiehher%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAny%20luck%20on%20the%20reply%20from%20Microsoft%3F%20or%20any%20documentation%20you%20managed%20to%20find%3F%3CBR%20%2F%3E%3CBR%20%2F%3EMy%20side%20has%20similar%20security%20considerations.%20Especially%20in%20terms%20of%20if%20preventing%20mass%20booking%20by%20Bots%20(as%20we%20see%20the%20submission%20did%20not%20utilize%20anti-bot%20like%20Encapture)%3B%20and%20also%20data%20protection%20(eg.%20there%20is%20customer%20database%2C%20but%20is%20there%20access%20control%20on%20Staffs%20and%20any%20housekeeping%20functions).%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1734129%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Booking%20Security%20Architecture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1734129%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20seen%20Security%20issue%20that%20when%20the%20mailbox%20user%20is%20created%20for%20the%20Bookings%20calendar%20its%20creating%20a%20user%20in%20Azure%20AD%20which%20is%20allowing%20signin.%26nbsp%3B%20Has%20anyone%20else%20seen%20this%20and%2For%20seen%20a%20solution%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CP%3Emikie%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1879535%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Booking%20Security%20Architecture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1879535%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64936%22%20target%3D%22_blank%22%3E%40sup%20mikie%20swie%20o365%3C%2FA%3E%26nbsp%3BWe%20can%20see%20it%20create%20a%20customer%20profile%20but%20not%20one%20in%20azure%20have%20you%20any%20more%20information%20on%20what%20you%20are%20seeing%20or%20how%20you%20are%20creating%20the%20account%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

My customer is planning to use this Microsoft Booking and would like to know the following:

  • What’s the architecture design of this service?
  • How is confidentiality of store/registered information managed (i.e. Customer A should no be able to search or see Customer B booking information)
  • Where are all the submitted information stored? (e.g. SharePoint site, mailbox, etc.)

These are some of the question asked by security.

3 Replies
Dear Jiehher,

Any luck on the reply from Microsoft? or any documentation you managed to find?

My side has similar security considerations. Especially in terms of if preventing mass booking by Bots (as we see the submission did not utilize anti-bot like Encapture); and also data protection (eg. there is customer database, but is there access control on Staffs and any housekeeping functions).

I've seen Security issue that when the mailbox user is created for the Bookings calendar its creating a user in Azure AD which is allowing signin.  Has anyone else seen this and/or seen a solution?

 

thanks

mikie

@sup mikie swie o365 We can see it create a customer profile but not one in azure have you any more information on what you are seeing or how you are creating the account?