Index
How can I access my data?
Your data is only available to select users. After a global administrator has consented ShareGate, any global admin, SharePoint admin, or groups admin can log in to ShareGate Protect with their Microsoft 365 account.
Access your data from the:
Dashboard - View a snapshot of workspace creation in your tenant and data on inactivity, external sharing reviews, purpose tags, and sensitivity tags.
Manage page - View your team and group data, filter and sort for better visibility, perform bulk actions, export information, and drill down on details from the team and group details.
Activity page - View and export the team and group activity in your environment.
Archive - Monitor and manage the archived items in your environment, including your teams, groups, files, and folders.
Click My Account to see the user account that is currently signed in.
Your Microsoft Azure data, including your tenant ID, object IDs, and group information, remain separate and secure in Azure. This data cannot be accessed from ShareGate.
Can ShareGate access my data?
ShareGate uses consented permissions to obtain data about your Microsoft 365 environment.
Properties that may contain information sensitive to your organization include:
Group and team membership and ownership information - The names and job titles of members and owners.
Group metadata - Group names and descriptions.
Teams channel metadata - Display names.
Document display names - For documents with external sharing links.
Any data stored by ShareGate is done so using application-level encryption as well as encryption at rest. This ensures that engineers maintaining your production environment do not interact with your sensitive information.
When archiving, ShareGate needs to access the content and metadata of your files. Whether your archive exists in ShareGate's default storage or your own, this data is encrypted and not accessible to anyone outside of your tenant.
Can ShareGate engineers access my data?
Each user or application that has access to production data uses a unique, individual identity managed by Azure AD.
Access to administrative operations and production infrastructure is only granted to a select few engineers through Azure's Privileged Identity Management service. There are time restrictions and approval processes enabled. The engineers must use strong passwords to connect through a Virtual Private Network (VPN) with Multi-Factor Authentication (MFA).
All machine users have separate application identities that can either be configured by MSI or ID and secret.
We will contact you to obtain explicit consent if our engineers require administrative access (for example, to resolve an issue you may be facing) that may reveal any of your organization's data.