Secrets in Azure Key Vault and managed identity — no standing credentials in the application. Permissions captured on the way in, enforced on the way out.
OAuth 2.0 · least-privilege · TLS in transit.
PII redacted · ACLs attached · AES-256 at rest (BYOK).
Hash-chained ledger records every ingest, read, export & disposition.
SSO identity · permission-aware retrieval · DLP at egress.
What no one else does: ACLs travel with every document and are enforced at query time — sensitive content is redacted on the way in and blocked at egress. Your knowledge is never flattened, co-mingled, or exposed beyond its source permissions.
OAuth 2.0 connections, least-privilege scopes, SSO, and permission-aware retrieval against your live directory.
Source permissions travel with each document and are enforced at query time — never flattened.
TLS in transit, AES-256 at rest, BYOK in your own Key Vault, and managed identity with no standing credentials.
Sensitive data detected and blocked, justified, or redacted at the moment it tries to leave.
Every ingest, read, export, and disposition is hash-chained and independently verifiable.
Azure-native, deployable to your own cloud or on-prem, with an air-gapped option and data residency pinning.
A single search runs keyword and semantic retrieval together across SharePoint, OneDrive, Box and the rest — the same answer no matter where the file lives. Results are scoped to each user's permissions, and sensitive fields like SSNs and phone numbers are redacted before they're ever shown.

We'll walk your architecture, identity, and residency requirements and show exactly how Fileport enforces them.
Book a demo