Overview
System overview

System overview

Guests components

Guests consists of the following components:

  • Admin center: The web console, accessible at https://admin.guests.one (opens in a new tab), empowers administrators to manage guests and configure templates and policies for guest governance & lifecycle.
  • Teams app: Designed for Microsoft Teams, this app enables end-users to seamlessly invite and manage guests, enhancing collaboration and productivity.
  • Agent: Operating discreetly in the background, the Guests agent regularly monitors your guests and executes actions based on the policies defined in the admin center.

System Architecture

Guests is hosted in Microsofts' Datacenter in the Switzerland North region and is developed and operated by AskMewhy, a Zurich-based boutique software provider. We choose Azure as our operating platform due to our extensive experience with Microsoft Azure, which has proofed that it allows us to quickly add additional services when needed. This enables us to grow incrementally if more performance, scalability, or security is required.

The following diagram illustrates the Guests' architecture as of October 2023.


Guests admin center and Teams app
Both, the admin center and the Teams app, are Azure Web Apps responsible for hosting administrative and end-user-facing applications. Authentication is ensured through dedicated Entra ID Application registrations in Microsoft’s Identity Platform, guaranteeing compliance with Microsoft security standards.

Guests agent
The Guests agent comprises Azure Functions responsible for monitoring and interacting with guest resources within the customer tenant.

App telemetry
Application insights are utilized to record operations conducted by Guests, maintaining 90 days of logs containing guest and policy-related information.

Customer configurations
Customer-specific Guests configurations such as invitation flows, renewal policies, templates, and settings, are securely stored in Cosmos DB. Access is restricted solely to the Guests App, protected by encrypted keys. All customer configurations stored in the system can be deleted irreversibly by the customer.

Microsoft Graph
Microsoft Graph is employed by all Guests components to engage with your organization's Microsoft 365 tenant. It serves as the conduit to access data and intelligence within Microsoft 365.

Microsoft Entra ID
The Microsoft Identity Platform, in conjunction with Microsoft Entra ID, safeguards access to all Guests components. Guests maintains dedicated Microsoft Entra ID App registrations that can be fortified using Conditional Access.

Microsoft 365 tenant
Your Microsoft 365 tenant encompasses a suite of services allocated to your organization. It manages your data and offers a range of productivity, endpoint, security, and compliance tools and services.

Platform & technology stack

All Guests components operate within the Swiss Microsoft Azure datacenters, guaranteeing lightning-fast performance, worldwide scalability, unwavering reliability, top-tier security, and compliance.

At the heart of Guests's astounding performance is Next.js*, an open-source JavaScript framework tailored for crafting fast-loading web applications through server-side rendering and static site generation.

Most components are based on the Fluent UI React components, a set of UI components and utilities resulting from an effort to converge the set of React based component.

In addition, we are using Tailwind CSS, which is a utility-first CSS framework for rapidly building custom user interfaces. It is a highly customizable, low-level CSS framework that gives us all of the building blocks we need to build bespoke designs without any annoying opinionated styles you have to fight to override.

In the backend, we harness the capabilities of Azure Functions, a serverless compute service provided by Microsoft as part of its Azure cloud platform, while tapping into the formidable potential of the Microsoft Graph API.

Customer configurations are stored in Azure Cosmos DB, a highly scalable, globally distributed database service by Microsoft. It supports multiple data models, provides low-latency access, and ensures high availability, making it suitable for a wide range of applications with diverse data requirements.

What customer data we store

To ensure compliance with the Swiss Data Protection Law (revDSG), Guests is designed in a way that we do not retain any personal or customer information within our system at any time. We do not use any information for marketing purposes or to contact the customer.

The following data is stored:

  • user's object IDs
  • Tenant ID
  • Terms acceptance data
  • Admin user display name
  • Policy and template configurations

When using Guests, we temporarily collect users' object IDs (Microsoft Entra ID User IDs) in our application telemetry, specifically in Microsoft Azure Application Insights, solely for support purposes. This data is automatically purged after a 90-day period. It's crucial to emphasize that, as AskMeWhy, we are unable to use these object IDs to identify individuals or connect them with any other personal details such as names, emails, or phone numbers.

Additionally, we maintain the Tenant ID (GUID). However, it's essential to note that we cannot determine the company associated with this GUID. We only store this value to identify whether a customer has completed a 30-day trial and to prevent multiple trial instances.

Furthermore, we retain the date and display name (not email address) of the admin user who accepted our "Privacy Policy" and "Terms & Conditions" upon their initial use. This information serves as evidence of their acceptance of our terms.

Lastly, all policy and template configurations are stored, encompassing details such as titles, descriptions, GUIDs, and technical information. If a customer decides to discontinue using Guests, they have the option to delete all customer configurations.

How we store customer data

All customer-specific configurations are securely stored in Cosmos DB. The application ensures that customers can only access their own configurations, maintaining strict access control.

Furthermore, information such as the assigned template, host or renewal policy are stored directly within the customers Entra ID, safeguarding it from access by AskMeWhy or any other parties.

For further details, please refer to our Privacy Policy (opens in a new tab).