What ESB Stores

Exchange Sync Bridge stores only the customer and licensing information necessary to operate the service, such as:

  • Customer name and contact information.
  • Subscription and billing status.
  • Licensed user information needed for billing and service management.
  • Tenant and installation information needed to route authorized sync requests.

What ESB Does Not Store

Exchange Sync Bridge does not store:

  • Mailbox contents.
  • Calendar data.
  • Contact data.
  • Task data.
  • Per-user Microsoft passwords.
  • Per-user Graph credentials.
  • A copy of synchronized Exchange data.

No User Passwords

End users do not sign into Exchange Sync Bridge. There is no ESB dashboard login, no ESB user password, and no ASP.NET Identity-style account for users to manage.

The Microsoft 365 administrator approves the enterprise application once during onboarding. After that, the relay communicates using an install API key and Microsoft Graph application permissions.

Microsoft Permission Model

Exchange Sync Bridge uses app-only access through Microsoft Graph application permissions. This means the approved application acts against the customer tenant using Microsoft's OAuth2 client-credentials flow.

Because this is app-only access, mailbox selection is handled by the sync request itself. The client software indicates the target mailbox, and ESB uses that mailbox address when making the Graph request.

Why We Do Not Call This Zero-Knowledge

Exchange Sync Bridge does not store Exchange data, but it does process sync data in transit so that it can translate requests and responses. For that reason, "zero-knowledge" is not the right technical description.

The more accurate security statement is that ESB does not retain mailbox, calendar, contact, or task data and does not collect user passwords.