Insights reads Microsoft 365 tenant data through Microsoft Graph on behalf of the signed-in user.

• • Authentication and tenant context come from Microsoft Entra ID and Auth.js.
• • Dashboard data such as users, service health, licenses, and organization details is fetched from Microsoft Graph.
• • Access is limited by the delegated permissions granted to the signed-in user or tenant administrator.

• • Auth.js session state is stored in HTTP-only cookies.
• • Tenant-scoped cache entries may temporarily store derived service responses to reduce repeated Microsoft Graph calls.
• • The TOTP tool stores its own local data in the browser and is separate from the tenant dashboard.

• • It does not ask for or store your Microsoft password.
• • It does not expose Microsoft Graph access tokens to the browser for dashboard features.
• • It does not merge or aggregate data across tenants in a single query.