The security and confidentiality of your data are at the heart of Jint App's design. This section details the fundamental principles guiding our development and integration with your Microsoft 365 environment.

Jint App is designed to be a secure information aggregator within your Microsoft 365 tenant.

No Storage of Sensitive Data

We do not store any personal data or sensitive user content on our servers. Jint App acts as a window, displaying information directly from Microsoft 365 services via Microsoft Graph's and SharePoint's secure APIs.

To better understand how Graph API permissions work, see the Microsoft Graph permissions overview.

User-Controlled Access

Administrator consent is required to deploy the application across your organization, but all data access always occurs within the context of the logged-in user. Permissions are "delegated," meaning their prerogatives cannot exceed the user's permissions within your Microsoft 365 tenant. Simply put, Jint App cannot see what the user themselves cannot see.

Administrator Control

As a Jint App administrator, you maintain granular control, defining the scope of each widget and information sources, which allows you to precisely control what is displayed in your intranet.

Anonymized Configuration Data

The only data we store is anonymized and aggregated configuration data via Azure Application Insights. This data is used solely for the improvement of our services, with no link to your users' content.

Anonymization Process: From the moment of collection, potentially sensitive information (name, surname, job titles) is excluded. We ensure that this data cannot be directly linked to a person or specific content within your intranet.

Secure Storage and Purpose: This data is transmitted via a secure connection to a dedicated Azure Log Analytics Workspace, hosted in a Microsoft-certified data center. It is then securely stored and accessible only to our engineering and product teams for the exclusive purposes of performance analysis and continuous service improvement. It is never used for advertising targeting or shared with third parties.

Detailed Permission Justification

Here, we detail each permission required by Jint App, explaining precisely why it is necessary for the proper functioning of your application, in adherence to the principle of least privilege.

Microsoft Graph Permissions

These permissions are essential as they allow Jint App to interact with the various Microsoft 365 services in your organization. This interaction occurs securely, using the unified Microsoft Graph API. It is important to note that all these permissions are "delegated," meaning they can never exceed the access rights of the logged-in user.

To learn more about permissions in Microsoft, see the Microsoft Graph permissions reference.

• Calendars.ReadWrite (Calendar Access): Allows the "My Meetings" and "My Summary" widgets to display the user's Outlook events and confirm a user's presence at one of their meetings.
• Mail.Read (Email Read): Used by the "My Emails" and "My Summary" widgets to display headers (sender, subject) and allow the user to access their Outlook messages. Jint App does not scan or store the content of your emails.
• Sites.Read.All (SharePoint Site Access): Essential for widgets like "News," "File Explorer," or "Search," allowing the display of articles, documents, or other SharePoint items configured by the administrator.
• Tasks.ReadWrite (Task Management): Allows the "My Tasks" and "My Summary" widgets to display the user's Planner tasks. The write capability is limited to the ability to mark tasks as completed directly from the application. Deletion is not allowed via Jint App.
• User.Read.All (Read All User Profiles): Necessary to display user profiles (name, photo, title) in the directory, news (authors), or other widgets requiring information about users in the tenant. This permission allows for building a complete view of the enterprise directory.
• GroupMember.Read.All (Read Group Memberships): Necessary to display members of Teams teams or security groups relevant to the user, which is crucial for directory and audience features.
• Files.Read.All (Read All Files): This permission is required for file explorer and document search functionalities within the intranet, allowing Jint App to access and display documents stored in SharePoint Online or OneDrive, always respecting the user's access rights.

Microsoft Graph Scopes

These scopes represent the sets of permissions that Jint App requests to establish and maintain a secure session with your Microsoft 365 environment. To better understand the scopes granted to Microsoft Graph, see Scopes and permissions in the Microsoft identity platform.

• profile (Basic User Profile): Allows Jint App to access basic user profile information, such as their display name, first name, and last name. This data is used to personalize the user experience and display the user's identity within the application.
• openid (User Identifier): This permission is part of the OpenID Connect protocol and allows Jint App to receive a unique identifier for the authenticated user. It is crucial for authentication and ensuring that the user is who they claim to be.

SharePoint Online Permissions

These permissions are specifically dedicated to Jint App's interaction with your SharePoint Online sites and content.

• AllSites.Read (Read All SharePoint Online Sites): This permission is specifically required for accessing SharePoint Online sites and ensures that Jint App can read the properties and data of sites and lists across your entire tenant.
• Sites.Search.All (Execute Search Queries on SharePoint Sites): Allows Jint App to use the SharePoint search engine to perform queries and retrieve relevant results for the user. This is an essential permission for widgets like "News," "File Explorer," or "Search," allowing the display of articles, documents, or other SharePoint items configured by the administrator.
• TermStore.Read.All (Read Term Store): This permission allows Jint App to read your SharePoint's taxonomy and metadata (e.g., news categories, document types) to ensure consistent display and structured content navigation.