We take data security very seriously and understand the
importance of protecting your SharePoint and Microsoft 365 data
At Sprocket 365, security is our top priority. As a product that sits on top of SharePoint, we leverage the advanced security features of Microsoft's trusted platform to ensure that your data is always protected. Our comprehensive security measures are designed to safeguard your information from unauthorised access, data breaches and other potential threats.
We are committed to implementing industry-leading security practices, regularly auditing our applications, systems and networks to maintain the highest level of protection for your data.
Sprocket consists of a client layer, which is implemented by two Microsoft SharePoint Framework Apps. The client layer reads data from various external systems, such as Microsoft Graph or SharePoint Search and displays this data in web parts within a SharePoint site.
Sprocket provides a number of Web Parts and customisers for SharePoint Modern. This page details the technical architecture of Sprocket and the services in which is depends on.
Sprocket 365 is built with Microsoft SharePoint Framework (SPFx), which is the recommended way and technology issued by Microsoft for implementing custom solutions for the Microsoft 365 platform.
The solution consists of an SPFx app package “Sprocket 365”, which has to be deployed into the customer’s SharePoint Online App Catalog. Once deployed to the App Catalog, the app package can be installed as Apps on the desired SharePoint sites. Refer to our installation page for more information.
When deploying Sprocket, a set of permission requests are created that need to approved in the “API Management” section in the SharePoint Admin Center.
Be aware the you might not need all permissions, if you don’t need the functionality that requires them. Also note, that everything is executed under the context of the logged in user. That means users will only be able to load data, they are have permission to.
The below list are the Microsoft Graph permissions that are needed for all of Sprocket’s web parts to function correctly. For more information on Microsoft Graph and what these permissions request mean please refer to Microsoft Graph permissions reference article.
Microsoft Graph API
- Delegated: User.Read.All
- Delegated: People.Read.All
- Delegated: Directory.Read.All
- Delegated: Group.Read.All
- Delegated: Files.Read.All
- Delegated: Presense.Read.All
- Delegated: Sites.ReadWrite.All
- Delegated: Contacts.Read.All
All business information is stored within your Microsoft 365 tenant e.g. documents, configuration, pages etc.
When Sprocket functionality is loaded within SharePoint it will call our Sprocket API service to ensure your tenant has a valid Sprocket subscription and enough seats. For us to determine this information we store your tenant ID, user IDs (no personal) & tenant admin information. See managing your subscription for more information.
Knowledge Hub (Optional Modules)
Sprocket 365 includes our Knowledge Hub feature which leverages SharePoint Modern and adds additional capabilities for providing a better user experience for your workforce to access policies, procedures, and knowledge base articles. All page content and navigation is stored within your Microsoft 365.
Knowledge Hub provides significant enhancements (included within your subscription) that you may wish to utilise. These additional features require additional permissions to be granted.
Knowledge Hub can be split into three key features; Content, Reading Lists, & Converters.
The content features of Knowledge Hub is essentially the enhanced user experience within SharePoint – providing a hierarchy navigation, search & other commands like print, table of contents, read duration etc. All of this content and functionality uses SPFx and fits within the standard Sprocket scope as per detailed in the ‘platform’ section above. No additional security is required for this to function. There is no dependency on Sprocket services and no data is stored outside of your Microsoft 365 tenant.
Sprocket’s Reding List feature enables Admin’s and management staff to ensure the workforce has acknowledged & read the required pages of the Knowledge Hub’s. For those pages that have been marked as required to be read – users will need to navigate to each of the pages and click the ‘mark as read’ button. Admins & managers can produce reports on who has read what pages on what dates.
For a tenant to utilise the Reading List feature of Knowledge Hub a tenant admin must approve the Sprocket Knowledge Hub Application. The approval grants Sprocket’s API to connect to your tenants Microsoft Graph with the following permissions:
- Application: User.Read.All
- Application: Sites.Read.All
- Application: GroupMember.Read.All
For more information on Microsoft Graph and what these permissions request mean please refer to Microsoft Graph permissions reference article.
A popular feature for Sprocket subscribers to use our Sprocket Converters to help with content management. The converters allow admins to convert existing Word documents into SharePoint pages & PDF documents directly from within SharePoint.
Subscribers will use a SharePoint document library to store policies & procedures making use of its co-authoring, version control, meta data etc.
When a document is converted it can be used to convert the Word document into a SharePoint page for the consumption of the workforce. At the same time the Word document can be converted to PDF and the PDF stored in a defined SharePoint document library and link created between the page and the PDF.
Further questions about security?
If you have any concerns about the security of our product, or if you think you may have discovered a security vulnerability, please contact our team immediately. We take all security issues very seriously and will work quickly to address any problems. To email us with a vulnerability or other security questions, send an email to [email protected]