As described in our architecture diagram, the Waldo app relies on Microsoft technologies. Our development processes are tightly integrated with Azure DevOps. In this article, we outline the security measures we've put in place.

1 - Delegated Consent app (and not Application Consent)

Waldo is designed with your security in mind — and that includes how it connects to your Microsoft environment.
Instead of using Application Consent, we’ve chosen Delegated Consent.

With Delegated Consent, Waldo only acts on behalf of the logged-in user.
👉 The app can’t do anything on its own.
👉 It only has access to what the user is allowed to do.

What’s the difference between Delegated Consent and Application Consent in Waldo? – Help Center

2 - Endpoint Security Measures

• All endpoints use MFA to prevent unauthorized access.
• Users follow strong password policies, with regular updates.
• All devices are protected by BitLocker encryption.
• Microsoft Defender for Endpoint is installed across the board.
• Automatic updates keep systems and apps patched and protected.

4 - Azure Security Measures

• Microsoft Defender for Cloud secures our Azure workloads.
• Azure Web Application Firewall (WAF) guards against common web attacks.
• Azure Application Insights helps monitor performance and resolve issues.
• Azure Sentinel is our SIEM solution, centralizing security incident detection and response.

5 - Continuous Monitoring and Incident Response

• We collect and analyze logs via Azure's logging capabilities.
• A clear incident response plan ensures we're ready to act fast.

5 - User Awareness and Training

• We conduct regular security training for our teams.
• Employees are encouraged to report security concerns proactively.

7 - Secure Code Practice

• Code scanning tools are integrated into Azure DevOps pipelines.
• All code changes are digitally signed.
• Sensitive data is stored securely in Azure Key Vault.
• Access to Azure DevOps pipelines is restricted and secured.

8 - Development Stages

Our development process includes three distinct stages:

• Developer: Secure coding, regular code reviews, no use of production data.
• Validation: Controlled access, thorough testing of new features.
• Production: Rigorous change control, only tested updates get deployed.

9 - Feature Flags and Hotfixes

• Feature flags let us toggle features in real-time, even in production.
• They help us reduce exposure during rollouts and support A/B testing.
• We can deploy emergency hotfixes without full redeployment.

10 - Backup and Restore Process

• Daily incremental backups capture only new or changed data.
• Weekly full backups provide a complete snapshot.
• Monthly restore tests confirm backups are accurate and reliable.
• Any issues discovered during testing are addressed immediately

11 - Microsoft 365 certification

The WALDO app is in the process of being certified as “MICROSOFT 365 CERTIFICATION”. The certification is the highest application certification in the Microsoft Marketplace. It is based on a thorough security audit of the WALDO app and its supporting infrastructure. The WALDO app will be vetted against a series of security controls derived from leading industry standard frameworks such as SOC 2, PCI DSS, and ISO 27001.