Your privacy is important to us

Interstellar is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner.

Data collection

We collect data from our customer' Microsoft 365 tenants when they grant our platform access by authorizing our Entra ID Enterprise Application in the tenant. An app registration is created in their Entra ID tenant, which contains information about the application, such as the application ID and permissions. You can learn more about how this is technically accomplished in the Microsoft documentation.

Data points that we collect
Microsoft Graph API

  • Read all access reviews

    AccessReview.Read.All

    Allows the app to read access reviews, reviewers, decisions and settings in the organization, without a signed-in user.

  • Read all app catalogs

    AppCatalog.Read.All

    Allows the app to read apps in the app catalogs without a signed-in user.

  • Read all applications

    Application.Read.All

    Allows the app to read all applications and service principals without a signed-in user.

  • Read all audit log data

    AuditLog.Read.All

    Allows the app to read and query your audit log activities, without a signed-in user.

  • Read Cloud PCs

    CloudPC.Read.All

    Allows the app to read the properties of Cloud PCs, without a signed-in user.

  • Read Delegated Admin relationships with customers

    DelegatedAdminRelationship.Read.All

    Allows the app to read details of delegated admin relationships with customers like access details (that includes roles) and the duration as well as specific role assignments to security groups without a signed-in user.

  • Read all devices

    Device.Read.All

    Allows the app to read your organization's devices' configuration information without a signed-in user.

  • Read Microsoft Intune apps

    DeviceManagementApps.Read.All

    Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user.

  • Read Microsoft Intune device configuration and policies

    DeviceManagementConfiguration.Read.All

    Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.

  • Read Microsoft Intune devices

    DeviceManagementManagedDevices.Read.All

    Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.

  • Read Microsoft Intune RBAC settings

    DeviceManagementRBAC.Read.All

    Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.

  • Read Microsoft Intune configuration

    DeviceManagementServiceConfig.Read.All

    Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.

  • Read directory data

    Directory.Read.All

    Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

  • Read all Azure AD recommendations

    DirectoryRecommendations.Read.All

    Allows the app to read all Azure AD recommendations, without a signed-in user.

  • Read domains

    Domain.Read.All

    Allows the app to read all domain properties without a signed-in user.

  • Read all groups

    Group.Read.All

    Allows the app to read group properties and memberships, and read conversations for all groups, without a signed-in user.

  • Read all group memberships

    GroupMember.Read.All

    Allows the app to read memberships and basic group properties for all groups without a signed-in user.

  • Read identity providers

    IdentityProvider.Read.All

    Allows the app to read your organization's identity (authentication) providers' properties without a signed in user.

  • Read all identity risk event information

    IdentityRiskEvent.Read.All

    Allows the app to read the identity risk event information for your organization without a signed in user.

  • Read all identity risky service principal information

    IdentityRiskyServicePrincipal.Read.All

    Allows the app to read all risky service principal information for your organization, without a signed-in user.

  • Read all identity risky user information

    IdentityRiskyUser.Read.All

    Allows the app to read the identity risky user information for your organization without a signed in user.

  • Read organization information

    Organization.Read.All

    Allows the app to read the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information.

  • Read all users' relevant people lists

    People.Read.All

    Allows the app to read any user's scored list of relevant people, without a signed-in user. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype).

  • Read your organization's policies

    Policy.Read.All

    Allows the app to read all your organization's policies without a signed in user.

  • Read privileged access to Azure AD roles

    PrivilegedAccess.Read.AzureAD

    Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user.

  • Read privileged access to Azure AD groups

    PrivilegedAccess.Read.AzureADGroup

    Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.

  • Read privileged access to Azure resources

    PrivilegedAccess.Read.AzureResources

    Allows the app to read time-based assignment and just-in-time elevation of user privileges to audit Azure resources in your organization, without a signed-in user.

  • Read Records Management configuration, labels and policies

    RecordsManagement.Read.All

    Allows the application to read any data from Records Management, such as configuration, labels, and policies without the signed in user.

  • Read all usage reports

    Reports.Read.All

    Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory.

  • Read all admin report settings

    ReportSettings.Read.All

    Allows the app to read all admin report settings, such as whether to display concealed information in reports, without a signed-in user.

  • Read role management data for all RBAC providers

    RoleManagement.Read.All

    Allows the app to read role-based access control (RBAC) settings for all RBAC providers without a signed-in user. This includes reading role definitions and role assignments.

  • Read Cloud PC RBAC settings

    RoleManagement.Read.CloudPC

    Allows the app to read the Cloud PC role-based access control (RBAC) settings, without a signed-in user.

  • Read all policies for privileged role assignments of your company's directory

    RoleManagementPolicy.Read.Directory

    Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user.

  • Read your organization's security actions

    SecurityActions.Read.All

    Allows the app to read security actions, without a signed-in user.

  • Read all security alerts

    SecurityAlert.Read.All

    Allows the app to read all security alerts, without a signed-in user.

  • Read metadata and detection details for all emails in your organization

    SecurityAnalyzedMessage.Read.All

    Read email metadata and security detection details, without a signed-in user.

  • Read your organization's security events

    SecurityEvents.Read.All

    Allows the app to read your organization's security events without a signed-in user.

  • Read all security incidents

    SecurityIncident.Read.All

    Allows the app to read all security incidents, without a signed-in user.

  • Read service health

    ServiceHealth.Read.All

    Allows the app to read your tenant's service health information, without a signed-in user. Health information may include service issues or service health overviews.

  • Read service messages

    ServiceMessage.Read.All

    Allows the app to read your tenant's service announcement messages, without a signed-in user. Messages may include information about new or changed features.

  • Read service principal endpoints

    ServicePrincipalEndpoint.Read.All

    Allows the app to read service principal endpoints

  • Read all users' full profiles

    User.Read.All

    Allows the app to read user profiles without a signed in user.

  • Read all users' basic profiles

    User.ReadBasic.All

    Allows the app to read a basic set of profile properties of other users in your organization without a signed-in user. Includes display name, first and last name, email address, open extensions, and photo.

  • Read all users' authentication methods

    UserAuthenticationMethod.Read.All

    Allows the app to read authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Data access

We understand that the data we collect from our customers is extremely sensitive and personal. Therefore, we limit access to the data to authorized personnel only, who need to consult it to provide support or maintenance for the application.

Security

We take data security seriously and implement various measures to protect your data. These measures include but are not limited to the following:

  • Access to data is restricted to authorized personnel only, who need it to consult, provide support or maintain the application.
  • With modern encryption techniques, all data sent between our application and our servers, as well as all data stored in our database, is encrypted.
  • By deploying firewalls, we protect our servers from unauthorized access.
  • We monitor our systems for security threats and immediately investigate any suspicious activities through monitoring and alerting.
  • We follow Microsoft's security best practices for securing app registrations, such as regularly rotating secrets and using role-based access control to restrict access to authorized personnel only.
  • App registrations. The app registration includes a client secret or certificate that is used to authenticate our application when it makes requests on behalf of the customer to Entra ID or other Microsoft services.
The customer has the option at all times to delete the app registration, thereby immediately terminating our application's access to their data.

Data retention

We retain your data until you choose to no longer use our services. If you decide to stop using our services, we will delete your data within a reasonable period. Please contact your account manager to submit this request.

BI reports

We present our customers' data in Power BI reports and other reports that are protected with access controls. The following individuals have access to these reports:

  • Pre-authorized individuals from our customers
  • Authorized INTERSTELLAR personnel

Contact us

If you have any questions about our privacy policy or how we use your data, you can contact us through our service desk.

Changes to our privacy policy

We may change this privacy policy from time to time. Changes to our privacy policy will be posted on this page. We encourage you to check this page regularly for updates.

Last updated on 06-06-2025.

Cookie Consent

We use cookies to improve your experience on our website. By continuing to use our site, you agree to our use of cookies.