Planner MPP Bulk Import

Import your MPP files into Microsoft Planner

MPP Import Security

TL;DR - the important data is processed locally in the user’s browser. Project data is only sent to the customer-owned Microsoft tenant.

Overview

The MPP Bulk Import is designed with security in mind. The application processes MPP files entirely in the user's browser, ensuring that sensitive data is transferred directly to Microsoft customer-owned tenant. This way, only the part of the application that is running locally by the user has access to the MPP data and the Planner/Dataverse data.

The high-level architecture overview is shown in the figure below.

MPP Import Security Overview
Architecture Overview

User Authentication and Authorization

The MPP Bulk Import service uses Microsoft Entra ID for user authentication and authorization. It utilizes the Authorization Code flow. To enable local processing, the Hybrid SPA approach is used.

The following scopes are requested:

  • openid - to obtain user's identity
  • profile - to obtain user's profile information
  • email - to obtain user's email address
  • https://graph.microsoft.com/User.Read - to read user's profile from Microsoft Graph
  • https://admin.services.crm.dynamics.com/user_impersonation - to read and write Planner and Dataverse data to perform the import

More details on OpenID Scopes: OpenID Connect scopes

Data Processing

Backend Data Processing

The backend of the MPP Bulk Import service only obtains access to basic user information that is sufficient to authorize user. This information includes:

  • User's login name / email address
  • User's name
  • Company name
  • User and company guids

Since all the required information is available from the beginning of user interaction, no additional information needs to be accessed afterwards, therefore no user tokens are stored on the backend.

Additionally, some basic telemetry and exception information might be collected, however, by design, this information does not include any MPP information.

The application is hosted by Cloudflare and utilizes its global infrastructure.

Client-Side Data Processing

The MPP Bulk Import service processes MPP files import entirely within the user's browser. Once authenticated, it allows the user to select the Dataverse environment where the data will be imported. Once the instance is selected, the user can upload MPP files.