Skip to content
English
More support Aura Customer Knowledge Base
Contact us
  • There are no suggestions because the search field is empty.

Aura Insights - Architecture, Security and Data Flows

Aura Insights - Azure Architecture Overview

This SaaS Service has been developed in line with Microsoft best practice for SaaS applications and allows geographically isolated data stores to be accessed from a single domain using Microsoft’s Azure Front Door. 

Our hosted systems utilize Microsoft Zero Trust principles, through the use of Entra ID, whilst the system architecture follows Defense in Depth principles through the use of layered security controls. 

Your data is always encrypted in transit and at rest, and collected using Microsoft managed Graph API and Function App that allows you to retain account IDs and data control within your own tenant.

c

Azure Function – Data Access

Client Data is transmitted using HTTPS across the public internet.

Client Tenant Data Exit Points

Microsoft Graph – a tenant does not have any control over this endpoint as the infrastructure belongs to Microsoft. The only control that the tenant has here is via the Entra ID Client App that we use to access tenants’ data. The tenant can approve or revoke access to their data by granting, or not, consent to our Entra ID Application.

Azure Function – this function is deployed under the tenant’s Azure account, and it has
full control over it. It can even whitelist the public IP of our services, so only Aura Insight can interrogate those functions.

We copy data from the client tenant and our entry points (application gateway or front
door) are protected by a WAF (Web Application Firewall).

b

Aura Insights – Azure Function Application for Call Queues

Function Application

Azure Function Application – System Assigned Managed Identity.

The Azure Function Application will need to be deployed in the Client’s Azure estate.

The service will consist of the following

  • Function Application
  • Storage Account
  • Service Plan
  • Key Vault

The Function Application can be given an identity with the permissions to only view the Call Queue and Auto Attendant data.

This System Assigned Managed Identity is controlled by the client through Entra ID.

a

Real Time Data Refresh

Aura Insights uses an Azure function to look for the Calls in Queue data, however Microsoft apply restrictions to Azure consumption plans – a maximum runtime of 10 minutes.

The Calls In Queue application has a time trigger to check if this is running every 2 minutes. If an instance is already running, it will exit.

The Function App runs a  Get-CsCallQueue command every 5 seconds and pushes info to Aura Insights. The output contains statistical data on the number of active calls that are in the queue.

  • Calls In Queue data is collected every 5 seconds
  • Aura Insights checks the service is running every 2 minutes
  • The service runs for 10 minutes at a time
  • The service runs 144 times a day
  • The service collects all Call Queue data no matter how many queues

Cloud Service and Function Applications

Cloud Service – Code Hosted

License Adoption: Read only (write if required)
Role Assignment – Global Reader
If the client wants to manage licensing in License Adoption, then write permission can be granted. Scheduled tasks pull data directly from client tenant using Graph API scheduled tasks. Webhooks are also used where Microsoft pushes the change data into Aura Insights.

Function Applications – Client Azure Installed

Call Queues: Read only
Role Assignment – Global Reader or Teams Comms Admin Calls in Queue – Runs every 5 seconds in 10 min loops, 144 times a day

Consumption Plan: $25/month
Flex Consumption Plan: $53/month

Security by Design

Global multi-tenant platform

Aura Insights has recently gone through a series of upgrades to our architecture in the Microsoft Azure.

This allows us to provide our clients with the full benefits of Microsoft’s enhanced security and high availability offered through the Azure. Aura Insight has a security by design approach with a ‘Zero Trust’ methodology.

Aura Insights can also offer an updated collection method to take advantage of the Entra ID security, through System Assigned Identity Management.

Code follows all GDPR guidelines, and we recently attained the ISO 27001 certification.

Security

Verify explicitly
Always authenticate and authorize based on the available data points, including user identity, location, device, service or workload, data classification, and anomalies.

Least privileged access
Limit user access with just-in-time and justenough access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity.

Assume breach
Segment access by network, user, devices, and application. Use encryption to protect data, and use analytics to get visibility, detect threats, and improve your security.

Governance is the system of rules, practices, and processes an organization uses to direct and control its activities. Many governance activities arise from external standards, obligations and expectations. It also provides a framework for attaining a company's objectives and encompasses most areas management, from action plans and internal controls to performance measurement and corporate disclosure.

Risk enables an organization to evaluate all relevant business and regulatory risks and controls and monitor mitigation actions in a structured manner.

Compliance refers to the country/region, state or federal laws or even multi-national regulations such as GDPR regulations that an organization must follow. These regulations define what types of data must be protected, what processes are required under the legislation, and what penalties are issued to organizations that fail to comply.

Example compliance regulations are:
  • CCPA (California Consumer Privacy Act; USA)
  • GDPR (General Data Protection Regulation; Europe)
  • SOC 2 – Audit Framework
  • NIST – Standards Institute (US equivalent ISO 27001)