Settings

Multi-tenant isolation

Every request carries a tenant context. Storage, compute, and AI calls are all gated by it.

How tenancy is enforced

Each tenant is mapped from its Microsoft Entra ID identity to its own Dataverse environment.
Every request derives its tenant from the caller (Entra token claims, or an approved integration key linked to a tenant).
The tenant identity is bound into a request-local context; every storage call passes through a layer that asserts the context matches the record’s tenant.
Cross-tenant reads are rejected at the storage layer, deny-by-default, independent of the API layer.

Where data sits

Dataverse: one environment per tenant.
SharePoint: your own tenant’s Microsoft 365 tenancy.
API tier: a shared service hosted in Azure UK South, where the per-request tenant context guarantees isolation.

The tenant context is the safety net

Isolation rides on the request-local tenant context, never on URL paths or query parameters. A request for a record belonging to a different tenant is treated as if the record does not exist, so one tenant can never confirm another tenant’s data.

Admins & API keys

Authentication