Data Security and Encryption

EUM uses end-to-end Encryption as a technical security measure to protect Customer data being processed while data is in transit and at rest. 

Data in Transit 

Transmission of data between the application and Azure is secured using an encrypted TLS 1.2+ connection with AES encryption. SSL/TLS certificates used for websites are recommended to be signed by a publicly known Certificate Authority using the SHA256 with a 2048 bit key.  EUM preference is to have the Azure App Service manage the SSL/TLS certificates. This requires a proof of domain ownership by adding entries to the client's external DNS.

Cookies containing session information and other sensitive data from the EUM platform are all configured with HttpOnly and Secure flags enabled. This protects the cookie contents from being accessed by scripting as well as from being transmitted over unencrypted connections. 

Data at Rest

As described in Personal Data and Data Storage, all Customer data is stored within the Customer's own Microsoft 365 tenant.  Microsoft is responsible for encrypting and decrypting the data that is stored at rest in SharePoint Online. 

For further information please visit : https://learn.microsoft.com/en-us/purview/encryption?view=o365-worldwide

Storage Data (Optional archive of Azure Audit Logs)

Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted. 
For further information please visit: https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption.