cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Booking Security Architecture

Jiehher
Microsoft

‎Mar 24 2020 07:53 PM

‎Mar 24 2020 07:53 PM

Microsoft Booking Security Architecture

My customer is planning to use this Microsoft Booking and would like to know the following:

  • What’s the architecture design of this service?
  • How is confidentiality of store/registered information managed (i.e. Customer A should no be able to search or see Customer B booking information)
  • Where are all the submitted information stored? (e.g. SharePoint site, mailbox, etc.)

These are some of the question asked by security.

Labels:
5,096 Views
6 Likes
6 Replies
Reply
6 Replies
wtoh365

‎Jun 08 2020 01:57 AM

‎Jun 08 2020 01:57 AM

Re: Microsoft Booking Security Architecture

Dear Jiehher,

Any luck on the reply from Microsoft? or any documentation you managed to find?

My side has similar security considerations. Especially in terms of if preventing mass booking by Bots (as we see the submission did not utilize anti-bot like Encapture); and also data protection (eg. there is customer database, but is there access control on Staffs and any housekeeping functions).
2 Likes
Reply
sup mikie swie o365

‎Oct 01 2020 04:39 AM

‎Oct 01 2020 04:39 AM

Re: Microsoft Booking Security Architecture

I've seen Security issue that when the mailbox user is created for the Bookings calendar its creating a user in Azure AD which is allowing signin.  Has anyone else seen this and/or seen a solution?

 

thanks

mikie

0 Likes
Reply
LaurenceSM

‎Nov 12 2020 12:55 AM

‎Nov 12 2020 12:55 AM

Re: Microsoft Booking Security Architecture

@sup mikie swie o365 We can see it create a customer profile but not one in azure have you any more information on what you are seeing or how you are creating the account?

0 Likes
Reply
Markus_Johnsen

‎May 04 2021 06:35 AM - edited ‎May 04 2021 06:36 AM

‎May 04 2021 06:35 AM - edited ‎May 04 2021 06:36 AM

Re: Microsoft Booking Security Architecture

Have seen some webinars + read the documentation, so got the info from there. Hope some of these answers help :smile:

 

  • What’s the architecture design of this service?

Markus_Johnsen_0-1620135103959.png

 

  • How is confidentiality of store/registered information managed (i.e. Customer A should no be able to search or see Customer B booking information)

No sure what you mean here. Only way you can see booking info is if you have access to the Bookings app. Per now you have Administrator, Viewer and Guest role. Admin and viewer are the only ones that can access the app, and have to have a account and O365 license, and be invited to the Booking calendar. 

 

  • Where are all the submitted information stored? (e.g. SharePoint site, mailbox, etc.)

From the FAQ-page:

 

Where is Bookings data stored?

Bookings is a Microsoft 365 app, meaning all data is stored within the Microsoft 365 platform and in Exchange. Bookings uses shared mailboxes in Exchange to store customer, staff, service, and appointment details. Compliance policies for shared mailboxes in Exchange also apply for Bookings mailboxes.  All customer data (including information provided by customers when booking) is captured in Bookings and is stored within the app, thus it is stored within Exchange. 

0 Likes
Reply
fc tx

‎Nov 10 2021 02:33 AM

‎Nov 10 2021 02:33 AM

Re: Microsoft Booking Security Architecture

Hi,
When talking about Booking Data flow I expect something telling me where the customer's datas ( the person who book a meeting in my personal - or shared - agenda) are stored during all the booking process? Which informations are stored, deviated from the main/initial purpose - technical => e.g IP, localisation, type of browser etc. or personal e.g => requested infos in the Booking's web page.
many thanks in advance for your infos

Frederic
0 Likes
Reply
Markus_Johnsen

‎Nov 10 2021 04:26 AM

‎Nov 10 2021 04:26 AM

Re: Microsoft Booking Security Architecture

Hi,

I doubt that the Booking app stores that kind of information (IP, localisation, type of browser etc. or personal). However, it might be logged/audited in Endpoint manager or Security Centre (Defender for Endpoint). Think Booking app only stores that is nessecary for the request, in an exchange server.

Markus
0 Likes
Reply