We want our customers to be confident and aware of our data collection practices when using PnP Package.
Note
The content on this page is subject to change. We recommend that you check back quarterly for updates.
Data Management Practices
Through its different features, PnP Package accesses, processes, and stores several kinds of data:
- Authentication
- Team/Group/Site data
- User data
- Teams channel/files
Here is how weβre managing data for these different categories:
| Data | Accessed | Cached | Stored | Notes |
| Authentication | β | β | π« | Access token for Application Permissions and cached while the function is working |
| Team/Group/Site data | β | β | β | ID of Teams/Group/Sites are accessed and cached. Site data will be stored in Azure. |
| User profiles | β | β | π« | Accessed and updated after each login. Stored as long as the organization is active. |
| User data | β | β | π« | Accessed while storing the Site data and cached but will removed. |
| Teams channel | β | β | π« | Name and unique ID of the channel. No cache. Stored as long as the organization is active. |
| Teams conversations | π« | π« | π« | No access. No cache. No storage. |
| Teams files | β | β | β | File accessed and cached in script. File storaged in Azure for template roll out. |
Microsoft Graph API Application Permissions
| Scope | Description | Justification | Admin Consent Required |
User.Read.All | Read all users‘ full profiles | Allows the app to read user profiles without a signed in user. | Yes |
TeamSettings.ReadWrite.All | Read and change all teams‘ settings | Read and change all teams‘ settings, without a signed-in user. | Yes |
Group.ReadWrite.All | Read and write all groups | Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user. | Yes |
SharePoint API Application Permissions
| Scope | Description | Justification | Admin Consent Required |
User.ReadWrite.All | Read and write user profiles. | Allows the app to read and update user profiles and to read basic site info without a signed in user. | Yes |
TermStore.ReadWrite.All | Read and write managed metadata. | Allows the app to write enterprise managed metadata and to read basic site info without a signed in user. | Yes |
Sites.FullControl.All | Have full control of all site collections. | Allows the app to have full control of all site collections without a signed in user. | Yes |
Microsoft Teams Apps Security And Compliance
To provide organizations with the information they need to accelerate and inform decisions about the Microsoft Teams apps and add-ins they use, Microsoft works with our Microsoft 365 developer partners. This information is supplemented by information from the Microsoft Cloud App Security app catalog and information provided by developers when they submit their apps. This security, data handling and compliance information is intended to help organizations assess and manage the risks of using these apps.
Note
Architecture And Flow Diagram
Resource Endpoints
All the traffic from and to the PnP Package platform uses HTTPS protocol on port 443. Here is a short description of each flow:
| Name | Comments |
|---|---|
| .msecnd.net and *.visualstudio.com | for performance metrics analysis |
Dependencies
Server
| Name | Version | Url | License |
| Microsoft.ApplicationInsights | 2.13.1 | https://licenses.nuget.org/MIT | MIT |
| Microsoft.Graph | 3.33.0 | https://licenses.nuget.org/MIT | MIT |
| Microsoft.Identity.Client | 4.36.1 | https://licenses.nuget.org/MIT | MIT |
| AngleSharp | 0.14.0 | https://github.com/AngleSharp/AngleSharp/tree/main#license | MIT |
| Microsoft.SharePointOnline.CSOM | 16.1.* | https://licenses.nuget.org/MIT | MIT |
| System.IdentityModel.Tokens.Jwt | 6.12.2 | https://licenses.nuget.org/MIT | MIT |
| PnP.Framework | 1.11.*-* | https://github.com/pnp/pnpframework/blob/dev/LICENSE | MIT |
| PnP.Core | 1.8.*-* | https://licenses.nuget.org/MIT | MIT |
| PnP.Core.Auth | 1.8.*-* | https://licenses.nuget.org/MIT | MIT |
| PnP.Core.Admin | 1.8.*-* | https://licenses.nuget.org/MIT | MIT |
| PnP.Core.Transformation | 1.8.*-* | https://licenses.nuget.org/MIT | MIT |
| PnP.Core.Transformation.SharePoint | 1.8.*-* | https://licenses.nuget.org/MIT | MIT |
| PowerShellStandard.Library | 5.1.0 | https://github.com/PowerShell/PowerShell/blob/master/LICENSE.txt | MIT |
| System.Reflection.Emit | 4.7.0 | https://licenses.nuget.org/MIT | MIT |
| System.Runtime.Loader | 4.3.0 | https://dotnet.microsoft.com/en-us/dotnet_library_license.htm | MIT |