User authentication for d.velop contracts for Microsoft 365 takes place via Microsoft Entra ID in the customer’s Microsoft 365 tenant. Logging can be done based on Microsoft Entra ID monitoring functions or via the Microsoft 365 monitoring protocol in the Security & Compliance Center. This logging takes place in the customer’s Microsoft 365 tenant and is not accessible by d.velop.

Changes to data

Documents and metadata are stored in a SharePoint site of the customer. With SharePoint versioning enabled by default, all changes to documents and metadata can be retrieved on demand via the SharePoint version history. This logging is done in the SharePoint tenant of the customer.

Background activities

Some activities of d.velop for contracts for Microsoft 365 cannot be recorded via the mentioned possibilities. These are recorded in a separate audit log. This includes, among other things:

Time-controlled sending of e-mails for due date notifications
Executing the permission rule set
Changes to the customer instance configuration in the product's own configuration database
Time-controlled consistency checks of the SharePoint structure

If required, extracts can be requested by e-mail from the d.velop support.

Miscellaneous

A monitoring and logging on the technical cloud infrastructure is carried out and guaranteed by d.velop (see also TOM - technical organizational measures).

Changes in Microsoft 365

System architecture