This information has been provided by Brainstorm Inc. about how this app collects and stores organizational data and the control that your organization will have over the data the app collects.

How does the BrainStorm Microsoft Teams App handle data?

Data Handling

Security and Compliance


Identity

 

Data Handling


Data access using Microsoft Graph

For additional information see the following documentation: Microsoft Graph permissions.

 

Permission

Type of permission (Delegated/Application)

Is data collected? Justification for collecting it?

Is data stored? Justification for storing it?

User.Read

delegated

To allow users to sign-in to the app and allow the app to read the profile of the currently signed-in user.

We store this data in our Azure Table storage to send personalized notifications from QH portal in MS Teams.

User.ReadBasic.All

delegated

To allows the app to read a basic set of profile properties of other users on behalf of the signed-in user, in order to display this in the app. This includes display name, first and last name, email address and photo.

We store this data in our Azure Table storage to send personalized notifications from QH portal in MS Teams.


Not-Microsoft services used:

BrainStorm QuickHelp tracks the information of users who installed the BrainStorm Microsoft Teams App to have the ability to send the personalized notifications to these end users.

Data access via bots

The BrainStorm Microsoft Teams App contains a bot or a messaging extension, that can access the personal identifiable information (PII): the roster (first name, last name, display name, email address) of users that have the app added. 

1.0.5 Version

  • Currently published
  • Includes static app and one-way communication
  • Bot-notifications
    1. All messages and link clicks in messages are tracked and associated with QuickHelp user identity
  • Static App
    1. All links clicks are tracked without associating with user identity.

1.1.0 Version

  • Will include two-way communication and search extensions
    1. Uses email addresses to send the personalized one-way communications


Security and Compliance

 

 

Identity


This information has been provided by BrainStorm, Inc. about how this app handles authentication, authorization, application registration best practices, and other Identity criteria.

Information

Response

Do you integrate with Microsoft Identify Platform (Azure AD)?

Yes

Have you reviewed and complied with all applicable best practices outlined in the Microsoft identity platform integration checklist?

Yes

Does your app use MSAL (Microsoft Authentication Library) for authentication?

Yes

Does your app support Conditional Access policies?

No

Does your app request least privilege permissions for your scenario?

Yes

Does your app's statically registered permissions accurately reflect the permissions your app will request dynamically and incrementally?

Yes

Does your app support multi-tenancy?

Yes

Does your app have a confidential client?

No

Do you own all the redirect Unified Resource Identifier (URI) registered for your app?

Yes

For your app, what do you avoid using?

- Wildcard redirect URIs

Does your app expose any web APIs?

No

Does your permission model only allow calls to succeed if the client app receives the proper consent?

No

Does your app use preview APIs?

No

Does your app use deprecated APIs?

No