Your data, your privacy.

Aether is fully committed to maintaining the highest standards of privacy protection and ensuring that all personal information entrusted to us is handled with the utmost diligence, security, and responsibility. We prioritize the careful management of your data, adhering to strict protocols to safeguard your privacy at every step of our processes.

Information Collection

When customers grant our platform access to their Microsoft 365 tenants, we gather data from these environments. This is enabled when customers authorize our Entra ID Enterprise Application in their tenant. An app registration is then created within their Entra ID tenant, containing details such as the application's ID and the permissions it requires. You can refer to Microsoft's official documentation for further technical information on how this process works.

Data points that we collect
Microsoft Graph API
  • AccessReview.Read.All - Read all access reviews
  • AppCatalog.Read.All - Read all app catalogs
  • Application.Read.All - Read all applicaionss
  • AuditLog.Read.All - Read all audit log data
  • CloudPC.Read.All - Read Cloud PCs
  • DelegatedAdminRelationship.Read.All - Read Delegated Admin relationships with customers
  • Device.Read.All - Read all devices
  • DeviceManagementApps.Read.All - Read Microsoft Intune apps
  • DeviceManagementConfiguration.Read.All - Read Microsoft Intune device configuration and policies
  • DeviceManagementManagedDevices.Read.All - Read Microsoft Intune devices
  • DeviceManagementRBAC.Read.All - Read Microsoft Intune RBAC settings
  • DeviceManagementServiceConfig.Read.All - Read Microsoft Intune configuration
  • Directory.Read.All - Read directory data
  • DirectoryRecommendations.Read.All - Read all Entra ID recommendations
  • Domain.Read.All - Read domains
  • Group.Read.All - Read all groups
  • GroupMember.Read.All - Read all group memberships
  • IdentityProvider.Read.All - Read identity providers
  • IdentityRiskEvent.Read.All - Read all identity risk event information
  • IdentityRiskyServicePrincipal.Read.All - Read all identity risky service principal information
  • IdentityRiskyUser.Read.All - Read all identity risky user information
  • Organization.Read.All - Read organization information
  • People.Read.All - Read all users' relevant people lists
  • Policy.Read.All - Read your organization's policies
  • PrivilegedAccess.Read.AzureAD - Read privileged access to Entra ID roles
  • PrivilegedAccess.Read.AzureADGroup - Read privileged access to Entra ID groups
  • PrivilegedAccess.Read.AzureResources - Read privileged access to Azure resources
  • RecordsManagement.Read.All - Read Records Management configuration, labels and policies
  • Reports.Read.All - Read all usage reports
  • ReportSettings.Read.All - Read all admin report settings
  • RoleManagement.Read.All - Read role management data for all RBAC providers
  • RoleManagement.Read.CloudPC - Read Cloud PC RBAC settings
  • RoleManagement.Read.Directory - Read all directory RBAC settings
  • SecurityActions.Read.All - Read your organization's security actions
  • SecurityAlert.Read.All - Read all security alerts
  • SecurityEvents.Read.All - Read your organization's security events
  • SecurityIncident.Read.All - Read all security incidents
  • ServiceHealth.Read.All - Read service health
  • ServiceMessage.Read.All - Read service messages
  • ServicePrincipalEndpoint.Read.All - Read service principal endpoints
  • ThreatAssessment.Read.All - Read threat assessment requests
  • ThreatHunting.Read.All - Run hunting queries
  • ThreatIndicators.Read.All - Read all threat indicators
  • ThreatSubmission.Read.All - Read all of the organization's threat submissions
  • User.Read Delegated - Sign in and read user profile
  • User.Read.All - Read all users' full profiles
  • UserAuthenticationMethod.Read.All - Read all users' authentication methods
Windows Defender ATP
  • Alert.Read.All - Read all alerts
  • Machine.Read.All - Read all machine profiles
  • RemediationTasks.Read.All - Read all remediation tasks
  • Score.Read.All - Read Threat and Vulnerability Management score
  • SecurityBaselinesAssessment.Read.All - Read all security baselines assessment information
  • SecurityConfiguration.Read.All - Read all security configurations
  • SecurityRecommendation.Read.All - Read Threat and Vulnerability Management security recommendations
  • Software.Read.All - Read Threat and Vulnerability Management software information
  • User.Read.All - Read user profiles
  • Vulnerability.Read.All - Read Threat and Vulnerability Management vulnerability information

Data Access

We recognize the sensitive nature of the information entrusted to us by our customers, and therefore we ensure that only authorized personnel with a specific need to access the data for support or system maintenance purposes are permitted to do so.

Security Measures

We are deeply committed to securing your data and have implemented several safeguards to protect it. These include, but are not limited to:

  • Restricting data access exclusively to personnel who are authorized and have a legitimate need to access the information for support or maintenance purposes.
  • Employing modern encryption technologies to secure all data exchanged between our platform and our servers, as well as the data stored within our databases.
  • Utilizing firewalls to block unauthorized access to our systems.
  • Actively monitoring our systems to detect and address any potential security threats in real time, with immediate investigations of any unusual activity.
  • Adhering to Microsoft's security best practices for securing app registrations, including regular secret rotation and the use of role-based access control to ensure only authorized personnel can access sensitive components.
  • App registrations include a client secret or certificate, which serves as the authentication method for our application when acting on behalf of the customer to access Entra ID or other Microsoft services.
At any time, customers retain the right to revoke our access to their data by removing the app registration from their tenant. Doing so will prevent the application from accessing the data further. Customers may also request data deletion by contacting us directly.

Data Retention

We retain customer data as long as the services are in use. Should a customer choose to discontinue using our platform, we will remove their data within a reasonable time frame. For assistance with this process, please reach out to your account manager.

Contact Information

If you have any inquiries regarding our privacy policy or how we handle your data, please reach out to us via our service desk.

Policy Updates

This privacy policy may be updated periodically. Any changes will be posted on this page, and we recommend that you review this page regularly to stay informed of any updates.

This policy was last revised on 09-01-2023

Cookie Consent

We use cookies to improve your experience on our website. By continuing to use our site, you agree to our use of cookies.