This FAQ is intended to answer common security questions about the Hyperfish Lite product. If you are looking for security information pertaining to Hyperfish Premium, please see the Hyperfish Premium Security FAQ.
How Does Hyperfish Lite read and write to my Directory?
- Hyperfish Lite connects directly to Azure Active Directory (AAD). Initially, Hyperfish Lite will prompt for permissions to read from Azure Active directory for directory analysis. Respective write permissions will also need to be given when it is time for Hyperfish Lite to apply updated profile photos.
Which Active Directory objects and properties does Hyperfish Lite modify?
- When Hyperfish Lite updates profile photos, write permissions to Azure Active Directory (AAD) will need to be granted. This will allow Hyperfish Lite to write profile photo changes to AAD. These changes will require approval, unless the automatic approval functionality is enabled.
How does Hyperfish secure the data sent between Azure Active Directory and the Hyperfish Lite cloud service?
- Hyperfish Lite secures all communication over HTTPS, a TCP/IP protocol used by Web servers to transfer web content securely. The data transferred is encrypted so that it cannot be read by anyone other than the recipient.
What kind of information is stored by Hyperfish Lite, and for how long?
- The User Principal Name and Azure AD Identifier for user objects are stored indefinitely.
- User properties and analysis information are stored transactionally, as Hyperfish Lite does not require attribute details to calculate the overall completion statistics of a given directory.
- When a user submits a profile photo to be updated, the previous and new photos are stored 30 days for administrator approval.
Where is Hyperfish Lite data stored?
- All Hyperfish data is hosted in Azure. For more information about Azure security, please refer to the Microsoft Azure Security documentation: https://www.microsoft.com/en-us/trustcenter/Security/AzureSecurity
Who can access the Hyperfish Lite Profile Update Page?
- The Hyperfish Lite Profile Page is a self-service page, from which users can update profile photos. It can be accessed by navigating to https://app.hyperfish.com, or by logging in with Office 365 credentials.
- If profile photos are missing or incomplete, users will be contacted through secure contact channels with a link to their Profile Page. This link is uniquely generated for the user, and expires after 30 days.
If there are service disruptions with Hyperfish Lite, are any of my profile pictures lost?
- No - Hyperfish Lite does not host any directory information. All information will repopulate as soon as service and directory connection is restored. Additionally, all Hyperfish Lite systems and data are made fully redundant. Point-in-time recovery is available through daily backups and transactional logging.