You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
⚙️ remove ms.service from global frontmatter (SharePoint#8238)
- missed this entry in a previous commit 393ff42
- update docs to add missing `ms.service` or `ms.prod`, fixing
acrolinx warnings
- use global settings in docfx.json, set values on specific files otherwise
Copy file name to clipboardExpand all lines: docs/apis/migration-api-azure-container-and-queue.md
+18-19Lines changed: 18 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,13 @@
1
1
---
2
2
title: SPO provided Migration Azure container and queue
3
+
description: "One of the Main requirement for using our Migration API is the usage of an Azure container as a temporary storage. We now provide a default container that can be used for using the migration API."
4
+
ms.date: 06/28/2022
3
5
ms.author: jhendr
4
6
author: JoanneHendrickson
5
7
manager: pamgreen
6
-
ms.date: 04/23/2020
7
-
description: "One of the Main requirement for using our Migration API is the usage of an Azure container as a temporary storage. We now provide a default container that can be used for using the migration API."
8
+
ms.subservice: migration-tool
8
9
ms.localizationpriority: medium
9
10
---
10
-
11
11
# SPO provided Migration Azure container and queue
12
12
13
13
Microsoft’s Migration API requires the use of an Azure container for temporary storage. To simplify the process, you are now provided with a default container while using the migration API. If you choose, you can still provide your own Azure container.
@@ -18,13 +18,13 @@ For the Migration API to accept a Migration Job coming from a SPO provided Azure
18
18
19
19
## Advantages
20
20
21
-
|Advantage|Description|
22
-
|:-----|:-----|
23
-
|Cost of Azure container goes to SPO|Since we are providing the containers, those containers are now part of the basic SharePoint online Offering. Every tenant who signs up for SharePoint Online will get this for free).|
24
-
|Containers and queues are unique per request and not reused|Once a container is given to a customer this container will not be reused or shared.|
25
-
|Containers and queue are automatically deleted|As per the standard SharePoint Online Compliance, we will destroy the container within 30 to 90 days automatically.|
26
-
|Containers and queues are in the customer’s datacenter ___location|We make sure to provision containers that are in the same physical ___location than their SharePoint online tenant.|
27
-
|They are obtainable programmatically|There is no need to interact with Azure unless the user chooses.
|Cost of Azure container goes to SPO|Since we are providing the containers, those containers are now part of the basic SharePoint online Offering. Every tenant who signs up for SharePoint Online will get this for free).|
24
+
|Containers and queues are unique per request and not reused|Once a container is given to a customer this container will not be reused or shared.|
25
+
|Containers and queue are automatically deleted|As per the standard SharePoint Online Compliance, we will destroy the container within 30 to 90 days automatically.|
26
+
|Containers and queues are in the customer’s datacenter ___location|We make sure to provision containers that are in the same physical ___location than their SharePoint online tenant.|
27
+
|They are obtainable programmatically|There is no need to interact with Azure unless the user chooses.|
28
28
29
29
## How to use it
30
30
@@ -34,16 +34,16 @@ For the Migration API to accept a Migration Job coming from a SPO provided Azure
The call will return an object that contains two strings containing two SAS tokens for accessing the two required containers and a byte array for the AES256CBC encryption.
37
+
The call will return an object that contains two strings containing two SAS tokens for accessing the two required containers and a byte array for the AES256CBC encryption.
38
38
39
39
This key will need to be used when encrypting the data. We forget the key once we give it out, therefore you must keep it to pass it again for the Submit Migration Job call.
40
40
41
41
```csharp
42
-
UriDataContainerUri
42
+
UriDataContainerUri
43
43
44
44
UriMetadataContainerUri
45
45
46
-
byte[] EncryptionKey
46
+
byte[] EncryptionKey
47
47
```
48
48
49
49
### Getting Queue
@@ -66,10 +66,9 @@ Once those calls have been made, the rest of the flow remains the same for using
66
66
67
67
### Required endpoints for goverment cloud
68
68
69
-
If your tenant is hosted in a government cloud (GCC), you must have the proper endpoints set when calling the API.
70
-
*Example:* usgovcloudapi.net
69
+
If your tenant is hosted in a government cloud (GCC), you must have the proper endpoints set when calling the API. For example: `usgovcloudapi.net`.
71
70
72
-
|**Required Endpoint**|**Why**|
73
-
|:-----|:-----|
74
-
|https://<span>*.blob.core.usgovcloudapi.</span>net|Migration API Azure Government requirement|
75
-
|https://<span>*.queue.core.usgovcloudapi.</span>net|Migration API Azure Government requirement|
Copy file name to clipboardExpand all lines: docs/apis/migration-api-encryption.md
+21-19Lines changed: 21 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,11 @@
1
1
---
2
2
title: OneDrive for Business and SharePoint Online Migration API – Encryption
3
+
description: "How to pass encrypted content at rest to the API securely."
4
+
ms.date: 6/20/2022
3
5
ms.author: jhendr
4
6
author: JoanneHendrickson
5
7
manager: pamgreen
6
-
ms.date: 6/20/2018
7
-
description: "How to pass encrypted content at rest to the API securely."
8
+
ms.subservice: migration-tool
8
9
ms.localizationpriority: medium
9
10
---
10
11
@@ -20,18 +21,19 @@ Content
20
21
21
22
- Files
22
23
- Manifest
23
-
- Metadata
24
-
- Permissions
25
-
- List items
26
-
- Taxonomy
27
-
- Logs (created by SharePoint Online to report back on the migration results)
24
+
- Metadata
25
+
- Permissions
26
+
- List items
27
+
- Taxonomy
28
+
- Logs (created by SharePoint Online to report back on the migration results)
28
29
- Queue
29
-
- Real time reportig on the progress
30
+
- Real time reportig on the progress
30
31
31
32
## What is the encryption feature?
32
33
33
-
When using the encryption parameter, everything listed above will be encrypted at rest and the key will need to be preserved in order to read the logs and the real time progress.
34
-
The main benefits is making the content useless for a malicious user who would manage to breach into the Azure container.
34
+
When using the encryption parameter, everything listed above will be encrypted at rest and the key will need to be preserved in order to read the logs and the real time progress.
35
+
36
+
The main benefits is making the content useless for a malicious user who would manage to breach into the Azure container.
35
37
36
38
This comes with a small cost of performance. This feature is optional when using the API and it is recommended to only use it for the most confidential information since it does reduce the speed of the migration by a small portion. Microsoft destroys the key once the migration job is finished and there is no way to recover the key if lost, not even from support.
37
39
@@ -58,10 +60,10 @@ Example:
58
60
59
61
## Extra requirement
60
62
61
-
For the encryption, each file must be encrypted and have an IV assigned to it. The encryption method should follow the AES CBC 256 Standard. A unique, cryptographically-random IV must be generated for every file including the manifests in the package and should be stored as a property on each files. Use the AesCryptoServiceProvider.GenerateIV method to generate a unique random IV for each file.
63
+
For the encryption, each file must be encrypted and have an IV assigned to it. The encryption method should follow the AES CBC 256 Standard. A unique, cryptographically-random IV must be generated for every file including the manifests in the package and should be stored as a property on each files. Use the AesCryptoServiceProvider.GenerateIV method to generate a unique random IV for each file.
62
64
63
-
- Name = [IV]
64
-
- Value =[Base64encoded byte array of the IV]
65
+
-**Name**: [IV]
66
+
-**Value**:[Base64encoded byte array of the IV]
65
67
66
68
## Reading the queue when encrypted
67
69
@@ -72,13 +74,13 @@ It is important to remember the Job ID. Without the specific key used for the jo
72
74
Here is the JSON content in the queue message
73
75
74
76
```json
75
-
{"Label","Encrypted"},
76
-
{"JobId","[JobId value]"},
77
-
{"IV","[IV value in base64format]"},
78
-
{"Content","[encrypted message in base64string]"}
77
+
{"Label":"Encrypted"},
78
+
{"JobId":"[JobId value]"},
79
+
{"IV":"[IV value in base64format]"},
80
+
{"Content":"[encrypted message in base64string]"}
79
81
```
80
82
81
83
Once the messages are decrypted, they will be the same as the API without encryption.
82
84
83
-
>[!NOTE]
84
-
>The **Migration** is not available for users of Office 365 operated by 21Vianet in China. It is also not available for users of Office 365 with the German cloud using the data trustee, *German Telekom*. However, it is supported for users in Germany whose data ___location is not in the German data center.
85
+
>[!NOTE]
86
+
>The **Migration** is not available for users of Office 365 operated by 21Vianet in China. It is also not available for users of Office 365 with the German cloud using the data trustee, *German Telekom*. However, it is supported for users in Germany whose data ___location is not in the German data center.
0 commit comments