Dialogue Cloud

On Premises

Compliance Information - Attendant Console for Microsoft Teams

This document describes compliance-related aspects of the AnywhereNow SaaS platform.

Important

This is not a legal document. It only serves to provide an overview of the architecture and compliance-related policies.

AnywhereNow SaaS Platform Architecture

The AnywhereNow SaaS platform is a modern, multi-tenant platform developed for SaaS solutions. The platform is hosted in Microsoft Azure.

Authentication

For authentication, the standard Microsoft Authentication mechanism is used. As the authentication is handled by and hosted by Microsoft, AnywhereNow does not have access to the user credentials.

When using the Team app, we rely on Microsoft SSO for Teams Apps.

Provisioning

The AnywhereNow SaaS platform was designed for auto-provisioning. When a user logs in for the first time, a customer tenant and user profile are created automatically.

Tenant segregation

Customer data is stored in a dedicated customer tenant. Each tenant has a unique set of credentials that only allows access to the data within the customer tenant.

Customer data maintained by AnywhereNow

Tenant level settings

Some configuration is stored at tenant (customer) level. This includes queue configuration and calendar and mail settings.

User data

The following data is stored by AnywhereNow inside the customer tenant:

  • Personal contacts
  • Contact notes
  • Favorites
  • Preferences such as layout, user-interface language and queue subscriptions

Technical data

The platform also stores data needed for the proper functioning of the solution.

Cache data

Cache data is temporary data, used to optimize the performance and responsiveness of the solution.

All cache data is time-limited; it will be discarded or refreshed after a certain amount of time.

Data can be cached on the client or the server. Personal data cached on the client is always encrypted to prevent unauthorized access.

Logging data

Standard logging does not include personally identifiable information.

However, when investigating customer issues, AnywhereNow might need to temporarily elevate the log level to obtain detailed data required to analyze the behavior. In case this log data contains personally identifiable information, it will only be handled by persons who are authorized to do so.

As soon as the inspection is completed, to log level will be returned to normal.

Azure Region

AnywhereNow Attendant service is available from 3 main Azure Regions. Besides EMEA, the Attendant Console has now a regional presence in the Americas and Asia-Pacific region.

  • EMEA Europe Azure Region: Amsterdam
  • AMER American Azure Region: Iowa
  • APAC Asia-Pacific Azure Region: Singapore

Administrative approval

For Attendant Console for Microsoft Teams to function correctly, it needs access to specific Microsoft 365 resources in customer's tenant.

An administrator with sufficient privileges must grant access to these resources. As long as an administrator has not granted access, users will see a popup like this one.

This popup will appear one timeper user that has no admin roles, and on a tenant that has not been granted consent by a tenant admin yet.

Once consent has been granted, you will not see it again (for instance when ordering new Attendant Console user license for that user).

A tenant admin user must have the following roles:

Administrators will be presented with an overview of the request permissions and have the option to grant access (consent).

Administrative Approval for the Front End

Currently, AnywhereNow requires the following permissions:

  • Read all users’ full profiles
    • Read contact photo and other contact details
  • Read presence information of all users in your organization
    • Read presence status for contacts
  • Read user relevant people lists
    • Read contact details such as telephone number
  • Sign in (automatically) an read user details
    • Sign in and read the user profile
  • Maintain access to data you have given access to
    • Durable access to above-mentioned resources

Note

The exact list of requested permissions might change over time.

Administrative approval for the Teams Bot per Azure Region

Via the Admin Portal that is delivered with the Attendant Console, an administrator can give admin consent for the Teams Bot App registration.

Currently, the permissions that are needed for the Teams Bot are :

  • Access media streams in a call as an app
  • Initiate outgoing 1 to 1 calls from the app
  • Initiate outgoing group calls from the app
  • Join group calls and meetings as an app
  • Join group calls and meetings as a guest
  • Read directory data
  • Read online meeting details
  • Read and create online meetings
  • Read all users’ relevant people lists
  • Read all users’ full profile
  • Sign in and read user profile

Note

The exact list of requested permission might change over time.

Data retention policy

Data retention covers three areas: user data, customer settings, and logging data.

Personal user data

The personal user data is maintained by the SaaS platform for as long as the user has a valid subscription.

After the subscription is terminated or disabled, the user data will be maintained for 90 days. This allows the users to re-enable the subscription within this period.

After these 90 days the user data will be deleted (purged) and can no longer be recovered.

The personal user data can also be deleted upon a formal, verified request from the user. This will include the subscription itself. It can take up to 14 days for this request to be completed.

Tenant settings

When the last user of a tenant has been deleted, the tenant (customer) and its configuration is deleted automatically.

Logging data

Logging data is maintained for up to a week, unless it is used during investigation of issues. This data will be deleted after the issue has been closed.

Data residency

When enrolling a new customer, the primary and backup region are chosen. Customer data will never be stored outside of these regions.

Data for European customers resides in the West Europa region, which is located in Amsterdam. North Europe region (Dublin) is used for backups and fallback.

Customer information are stored in an isolated, secured and encrypted database.

Security validation

The AnywhereNow SaaS platform was architected using the secure-by-design principle.

Security has been tested and verified by an independent third party.

We also perform internal OWASP compliance test and penetration tests (pentest) at regular interval to ensure the security of our solution.

AnywhereNow SaaS platform is ISO-27001 certified.

AnywhereNow SaaS platform is SOC-2 certified.