🎉 Seamless is released. Read more →
Admin guide
Systemoverview

System overview

Architecture

Seamless is hosted in Microsofts' Datacenter in the Switzerland North region and is developed and operated by AskMeWhy ↗︎ (opens in a new tab), a Zurich-based boutique software provider. We choose Azure as our operating platform due to our extensive experience with Microsoft Azure, which has proofed that it allows us to quickly add additional services when needed. This enables us to grow incrementally if more performance, scalability, or security is required.

The following diagram illustrates the Seamless architecture as of September 2024.


Seamless Admin Center and Teams App Both are Azure Web Apps, hosting administrative and user-facing applications, with authentication via Entra ID, ensuring compliance with Microsoft security standards.

App Telemetry Application insights record operations and maintain 90 days of logs for teams, guests, and policies.

Customer Configurations Customer settings (templates, policies, etc.) are stored securely in Cosmos DB, accessible only to Seamless and protected by encrypted keys. Customers can irreversibly delete their configurations.

Microsoft Graph All Seamless components use Microsoft Graph to interact with your Microsoft 365 tenant and access data.

Microsoft Entra ID Microsoft Entra ID and the Identity Platform secure access to Seamless, with dedicated app registrations supporting Conditional Access.

Microsoft 365 Tenant Your Microsoft 365 tenant manages data and provides productivity, security, and compliance services for your organization.

Platform & Technology Stack

Seamless operates within Swiss Microsoft Azure datacenters, ensuring high performance, scalability, reliability, security, and compliance.

The platform leverages Next.js for fast-loading web applications with server-side rendering, alongside shadcn components for React-based UI design.

We use Tailwind CSS, a customizable, utility-first framework for building custom user interfaces without opinionated styles.

On the backend, Azure Functions power serverless operations, with Azure Cosmos DB handling scalable customer configurations and Microsoft Graph API for data access.

What customer data we store

To ensure compliance with the Swiss Data Protection Law (revDSG), Seamless is designed in a way that we do not retain any personal or customer information within our system at any time. We do not use any information for marketing purposes or to contact the customer.

The following data is stored:

  • user's object IDs
  • Tenant ID
  • Terms acceptance data
  • Admin user display name
  • Policy and template configurations

When using Seamless, we temporarily collect users' object IDs (Microsoft Entra ID User IDs) in our application telemetry, specifically in Microsoft Azure Application Insights, solely for support purposes. This data is automatically purged after a 90-day period. It's crucial to emphasize that, as AskMeWhy, we are unable to use these object IDs to identify individuals or connect them with any other personal details such as names, emails, or phone numbers.

Additionally, we maintain the Tenant ID (GUID). However, it's essential to note that we cannot determine the company associated with this GUID. We only store this value to identify whether a customer has completed a 30-day trial and to prevent multiple trial instances.

Furthermore, we retain the date and display name (not email address) of the admin user who accepted our "Privacy Policy" and "Terms & Conditions" upon their initial use. This information serves as evidence of their acceptance of our terms.

Lastly, all policy and template configurations are stored, encompassing details such as titles, descriptions, GUIDs, and technical information. If a customer decides to discontinue using Seamless, they have the option to delete all customer configurations.

How we store customer data

All customer-specific configurations are securely stored in Cosmos DB. The application ensures that customers can only access their own configurations, maintaining strict access control.

Furthermore, information such as the assigned template, host or renewal policy are stored directly within the customers Entra ID, safeguarding it from access by AskMeWhy or any other parties.

Example: Inactive guestPermissions