officeatwork | Content Chooser for Office
- 7 minutes to read
Last updated by the developer on: October 17, 2019
General information
Information provided by officeatwork 365 to Microsoft:
| Information | Response | |
|---|---|---|
| App name | officeatwork | Content Chooser for Office |
| ID | WA104380602 | |
| Office 365 clients supported | Excel for iPad, Excel 2016 for Mac, Excel Online, Word for iPad, Word 2016 for Mac, Word Online, Word 2013 Service Pack 1 or later, PowerPoint for iPad, PowerPoint 2016 for Mac, PowerPoint Online, PowerPoint 2013 Service Pack 1 or later, Excel 2013 Service Pack 1 or later, OneNote Online | |
| Partner company name | officeatwork 365 | |
| Physical address | Bundesplatz 12, 6300 Zug, Switzerland | |
| URL of partner website | https://www.officeatwork365.com/ | |
| URL of Privacy Policy | https://links.officeatwork.com/officeatwork-privacystatement | |
| URL of Terms of Use | https://go.microsoft.com/fwlink/?LinkID=521715&omkt=en | |
| Main telephone number | +41 41 544 7100 | |
| Description of available licensing options, if any | Business; Enterprise; Government; NOP&NGO; Education; Personal (free) | |
| Licensing contact | Roman Stalder (roman.stalder@officeatwork.com) | |
| Licensing telephone number | https://links.officeatwork.com/officeatwork-buy |
Feedback
Questions or updates to any of the information you see here? Contact us!
How the app handles data
Information provided by officeatwork 365 on how this app collects and stores organizational data, and what control an organization has over this data.
Data access using Microsoft Graph
List any Microsoft Graph permissions this app requires, and for each, whether they are delegate or application permissions, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.
Permission Delegated/Application Justification/Purpose Is any of this data stored in app database(s)? Azure AD App ID openid Delegated Used to enable sign in with an organizational and/or Microsoft Account. No data is stored. 8cf0fbc9-28f7-4bfb-94db-237b049fcbf7 User.ReadBasic.All Delegated Used to interactively read information about, add and remove the designated officeatwork administrators. Used to store the oid (object ID / User ID) of the designated officeatwork Administrators in an encrypted Azure Cosmos DB instance. Only officeatwork administration are able to configure the product settings. 8cf0fbc9-28f7-4bfb-94db-237b049fcbf7 profile Delegated Used to store the oid (object ID / User ID) of the designated officeatwork Administrators in an encrypted Azure Cosmos DB instance to capture who can perform administration tasks for the officeatwork subscriptions on a Microsoft 365 tenant basis. Each tenant has their own tenant document and access to that document is restricted to the corresponding tenant only. 8cf0fbc9-28f7-4bfb-94db-237b049fcbf7 openid Delegated Used to enable sign in with an organizational and/or Microsoft Account. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a profile Delegated Used to read the user’s oid (Object ID / User Id) for investigating support issues. Used to store the oid in AppInsights for support reasons. The AppInsights storage is only accessible by selected officeatwork engineering and support staff. The transfer of event data is encrypted. Each event in AppInsights will automatically be deleted after three months, including the oid for those events. edb24f8f-38af-4b3e-9475-0da243678d5a offline_access Delegated Used to automatically re-sign-in the user when re-launching the product. This saves the user from having to manually sign-in to the product on every launch of the product. We do not use this permission other than to the user's convenience of automatically signing in the user. edb24f8f-38af-4b3e-9475-0da243678d5a Delegated Used to pre-populate the login hint in following authentication flows to enable the best possible authentication experience for users. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a User.ReadWrite Delegated Used to: A) read and write product-specific user settings for the convenience of the user. This will, for instance, allow the product to 'remember' the language setting the user has selected. So next time the user signs into the product the language will be set correctly. officeatwork does not store user settings of any kind on any of their own servers or services. B) help the user to identify the account they signed in with by displaying the name and photo of the account. C) read the first name, last name, and e-mail address of the user during the evaluation or free phase of the product so that we can connect, communicate and support the users during this phase. Used for unlicensed users only (evaluation or free) to store the first name, last name, and e-mail address in our marketing automation tool enabling us to offer the best possible evaluation support. Evaluation users that become licensed users will remain in our marketing automation tool. The marketing automation tool offers an opt-out link in each email communication. edb24f8f-38af-4b3e-9475-0da243678d5a Files.ReadWrite.All Delegated Used for the ‘OneDrive Feature’ to interactively allow the user to find and load files from the user’s OneDrive. There are no processes in place that would read or write files other than in a well-guided interactive user experience within the product where the user gets to decide what files to find and use. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a Group.ReadWrite.All Delegated Used for the ‘Teams Feature’ to interactively allow the user to find and load files from the user’s Teams teams. There are no processes in place that would read or write files other than in a well-guided interactive user experience within the product where the user gets to decide what files to find and use. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a User.Read.All Delegated Used for the ‘Teams Feature’ to be able to determine in what Teams the user is a member of. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a Sites.Read.All Delegated Used for the ‘SharePoint Feature’ to interactively allow the user to find and load files from the user’s SharePoint Online document libraries. There are no processes in place that would read files other than in a well-guided interactive user experience within the product where the user gets to decide what files to find and use. No data is stored. edb24f8f-38af-4b3e-9475-0da243678d5a
Data access using other Microsoft APIs
Apps and add-ins built on Microsoft 365 may use additional Microsoft APIs other than Microsoft Graph to collect or process organizational information. List any Microsoft APIs other than Microsoft Graph this app uses, and for each, the justification and purpose (what does the app use this information for?), and whether the app stores any of this information in its databases.
Microsoft API Justification/Purpose Is any of this data stored in app database(s)? Exchange Web Services (EWS) Interactively allow the user to find and load files from the user’s SharePoint Online document libraries in a way not yet available via the Graph. The product does not store any data coming from SharePoint in the product’s databases.
Non-Microsoft Services Used
If the app transfers or shares organizational data with non-Microsoft service(s), list the non-Microsoft service(s) the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.
No data is transferred.
Add-in Data Access
List the permissions this app requires for accessing your organization's data, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.
Permission Description ReadWrite Document Can read and make changes to your document Send Data Can send data over the Internet
Telemetry data
Does any organizational information, including EUII (end-user identifiable information) and OII (organizational identifiable information), appears in this application's telemetry/logs? If yes, describe what data is present and what controls/processes an organization has in place to archive and/or delete it. If no, describe the controls/processes in place to prevent EUII and OII from appearing in telemetry/logs.
Not specified.
Storing and securing organizational data
Describe where/how is this application's data is stored and how access to it is controlled. Is it encrypted? Who can access it? How do you ensure that only authorized systems/individuals can access it? Examples: 2FA for all admins, Privileged Access Management (PMA), partitioning service admin accounts from Azure AD/corporate user accounts, protected IP ranges between systems, etc.
Not specified.
Organizational controls for data stored by partner
Describe any capabilities an organization's administrators have to control their information residing in partner systems, e.g. deletion, retention, auditing, archiving, end-user policy, etc.
Not specified.
Human review of organizational information
Are humans involved in reviewing or analyzing any organizational data that is collected or stored by this app?
Yes
Feedback
Questions or updates to any of the information you see here? Contact us!
Information from the Microsoft Cloud App Security catalog appears below.
Note
The information on this page is based on a self-attestation report provided by the app developer on the security, compliance and data handling practices followed by the app. Microsoft makes no guarantees regarding the accuracy of the information. Contact us if you believe information about an app is outdated.
Feedback
Questions or updates to any of the information you see here? Contact us!