Salesforce

Publisher Attestation: The information on this page is based on a self-assessment report provided by the app developer on the security, compliance, and data handling practices followed by this app. Microsoft makes no guarantees regarding the accuracy of the information.

Last updated by the developer on: October 18, 2019

General information

Information provided by salesforce.com to Microsoft:

Information Response
App name Salesforce
ID WA104379334
Office 365 clients supported Outlook 2013 or later, Outlook 2016 for Mac, Outlook on the Web
Partner company name salesforce.com
Physical address 350 Mission Street San Francisco CA 94105
URL of partner website https://www.salesforce.com/
URL of Privacy Policy https://www.salesforce.com/company/privacy
URL of Terms of Use https://az158878.vo.msecnd.net/marketing/Partner_2147484336...
Main telephone number 4158121323
Description of available licensing options, if any A Salesforce license is required to use Salesforce within Outlook
Licensing contact same as above
Licensing telephone number n/a

Feedback

Questions or updates to any of the information you see here? Contact us!

How the app handles data

Information provided by salesforce.com on how this app collects and stores organizational data, and what control an organization has over this data.

Data access using Microsoft Graph

This application does not use Microsoft Graph.

Data access using other Microsoft APIs

Apps and add-ins built on Microsoft 365 may use additional Microsoft APIs other than Microsoft Graph to collect or process organizational information. List any Microsoft APIs other than Microsoft Graph this app uses, and for each, the justification and purpose (what does the app use this information for?), and whether the app stores any of this information in its databases.

Microsoft API Justification/Purpose Is any of this data stored in app database(s)?
Exchange Web Services (EWS) The add-in uses functions from Office.js and EWS to copy content and attachments about an email an Outlook user has decided to log into Salesforce. Similar capabilities are used on the calendar side, to log appointments into Salesforce. The add-in uses functions like getUserIdentityTokenAsync to get the current Outlook user identity, GetItem (.js and EWS) to get and set AdditionalProperties and the content of the current email message when saving to Salesforce records, GetAttachment (EWS) to retrieve the attachments from Exchange and add to the paired Salesforce email, UpdateItem (.js), GetFolder (.js) to get the drafts folder, CreateItem (.js), which is used to create a draft message.
JavaScript API for Office The add-in uses functions from Office.js and EWS to copy content and attachments about an email an Outlook user has decided to log into Salesforce. Similar capabilities are used on the calendar side, to log appointments into Salesforce. The add-in uses functions like getUserIdentityTokenAsync to get the current Outlook user identity, GetItem (.js and EWS) to get and set AdditionalProperties and the content of the current email message when saving to Salesforce records, GetAttachment (EWS) to retrieve the attachments from Exchange and add to the paired Salesforce email, UpdateItem (.js), GetFolder (.js) to get the drafts folder, CreateItem (.js), which is used to create a draft message.

Non-Microsoft Services Used

If the app transfers or shares organizational data with non-Microsoft service(s), list the non-Microsoft service(s) the app uses, what data is transferred, and include a justification for why the app needs to transfer this information.

Not Applicable

Add-in Data Access

List the permissions this app requires for accessing your organization's data, the justification and purpose for this permission (what does the app use this information for?), and whether the app stores any of this information in its databases.

Permission Description
ReadWrite Mailbox This add-in can read or modify the contents of any item in your mailbox, and create new items. It can access personal information -- such as the body, subject, sender, recipients, or attachments -- in any message or calendar item. It may send this data to a third-party service.
Send Data Can send data over the Internet

Telemetry data

Does any organizational information, including EUII (end-user identifiable information) and OII (organizational identifiable information), appears in this application's telemetry/logs? If yes, describe what data is present and what controls/processes an organization has in place to archive and/or delete it. If no, describe the controls/processes in place to prevent EUII and OII from appearing in telemetry/logs.

Not specified.

Storing and securing organizational data

Describe where/how is this application's data is stored and how access to it is controlled. Is it encrypted? Who can access it? How do you ensure that only authorized systems/individuals can access it? Examples: 2FA for all admins, Privileged Access Management (PMA), partitioning service admin accounts from Azure AD/corporate user accounts, protected IP ranges between systems, etc.

Not specified.

Organizational controls for data stored by partner

Describe any capabilities an organization's administrators have to control their information residing in partner systems, e.g. deletion, retention, auditing, archiving, end-user policy, etc.

Not specified.

Human review of organizational information

Are humans involved in reviewing or analyzing any organizational data that is collected or stored by this app?

No

Feedback

Questions or updates to any of the information you see here? Contact us!

Information from the Microsoft Cloud App Security catalog appears below.

Note

The information on this page is based on a self-attestation report provided by the app developer on the security, compliance and data handling practices followed by the app. Microsoft makes no guarantees regarding the accuracy of the information. Contact us if you believe information about an app is outdated.

View in a new tab

Feedback

Questions or updates to any of the information you see here? Contact us!