Due Diligence on 3rd Party App Intune

  • 21 July 2022
  • 2 replies

Userlevel 3
Badge +6

Hi All

I recently installed the 3rd Party Tech Affinity App Intune to sync our mobile devices with Freshservice for Inventory purposes. This works well but its occurred to me whilst liaising with Tech Affinity for some minor assistance that Tech Affinity can see my Intune App settings from their servers. 

This got me thinking, what other information they can see such as our mobile device information etc and the fact I didn't really carry out any third party DD on them.

Freshservice has a KB on the app here - Link

as well as being awarded FreshWorks “Best Design Partner” and “Authorised Solution Partner”- Link

Am I over thinking this?

2 replies

Userlevel 2
Badge +7

No, I don’t believe you are overthinking it. At our company we share that concern, and we are sure to need to do a DD of those third-party apps at some point as well. The access they have to our environment does not seem granular enough (just as the API keys, permissions are too broad). 

Userlevel 7
Badge +11

You have the same with the SCIM and Octa app, If you live in the US I guess it’s “minor” issue but if you are in the EU all traffic goes from 365/OCTA server to a US server then to EU Fresh servers.