Trust center
Read-only Microsoft 365 insights
LicenSweep is designed to identify license waste without modifying your Microsoft tenant.
Microsoft access
The application uses the read-only Microsoft Graph application permissions Reports.Read.All, LicenseAssignment.Read.All, and User.Read.All. It cannot remove users, assign licenses, read email content, or change tenant settings.
Authentication and roles
Dashboard users sign in through Microsoft. Owner, Administrator, and Viewer permissions are enforced by the server for every protected action.
Data handling
Traffic is encrypted with HTTPS. Application secrets are stored in AWS Secrets Manager, and tenant records are stored in Amazon DynamoDB. Full Microsoft activity reports and user-level findings are not stored persistently.
Control and revocation
An Owner can disconnect Microsoft report access in LicenSweep. A Microsoft administrator can also revoke the LicenSweep enterprise application in the Microsoft 365 admin center.
Report a concern
Email support@licensweep.com.