Admins connect securely via browser to the Eido web app using HTTPS (port 443 inbound). Authentication is handled through Microsoft Entra using OAuth2, ensuring secure identity verification and session management.

The TypeScript/Angular based frontend hosted on Azure App Service manages the user interface, authentication flows, and session handling. All communications with backend services occur over encrypted channels.

Azure App Services handles business logic, data ingestion, and policy management. The backend connects to Microsoft Graph API for read-only Intune and Entra data access, with optional write capability for policy management.

Customer configuration, telemetry, and reporting data are stored in Azure SQL Database encrypted at rest. Azure Key Vault securely manages all secrets, tokens, and credentials. Azure Blob Storage handles policy backups and configuration snapshots (if Policy Management is enabled only).

The platform connects to third-party services including Dell Warranty API for device information retrieval, and notification services like Teams, Slack, and ServiceNow. All built in connections use HTTPS (port 443 outbound).

Azure Application Insights collects logs and telemetry for system monitoring, diagnostics, and troubleshooting. This ensures platform reliability and enables proactive issue resolution.

Encryption Standards

All data encrypted in transit using TLS 1.2+ and at rest using Azure-managed AES-256 encryption. Trust boundaries clearly separate customer environment, Eido's

An optional feature enabling organizations to track software usage across Intune-managed Windows devices. A PowerShell script deployed to endpoints creates a scheduled task that periodically sends anonymized usage data to Eido's servers over HTTPS (port 443 outbound). This data powers license optimization reports stored in Azure SQL.

When enabled, Eido can write configuration data back to Microsoft Intune via Graph API, allowing advanced policy management capabilities. This optional write access is controlled through customer-approved permissions and follows the same security protocols as read operations.