Skip to main content

Network Security

Abstract

We understand that our customers need to be confident that they are communicating with nBold in a secure environment. This document outlines the key aspects of our network security.

Communication security​

Traffic encryption​

All the traffic from and to the nBold platform is encrypted (and HTTPS protocol enforced), usingβ€―TLS v1.2, ensuring secure communication between our customers and our platform. To do so, we’re using Azure Front Door as the only entry point to the app (web apps and API).

You can review online our latest Certificate Report

Online SSL Test

You can see a detailed report of our SSL certificate using this free online service that performs a deep analysis of the configuration of our SSL:
Launch Qualys SSL Server Test

DDoS prevention​

While we've prevented rogue traffic from accessing our servers and network, it’s still possible for external services to block anyone else from using our service by creating a distributed, denial-of-service attack.
To prevent this, we're using Azure Traffic Manager as a first level of protection.
Learn more about Azure Traffic Manager

Trusted domains​

Domains allow list is one of the most effective methods of ensuring this and prevents any internet traffic intended for nBold from being hijacked or rerouted to a rogue website.

Our complete portfolio of domains is outlined below to help our customers configure their corporate network security components.

Note

This information is subject to change and we recommend that you check back quarterly for the addition of new domains.

nBold App and API​

  • Domains/Hosts: *.salestim.io
  • Justification/Purpose: nBold main web application for Microsoft Teams

nBold Documentation​

  • Domains/Hosts: *.nbold.co
  • Justification/Purpose: nBold documentation embedded into the Microsoft Teams app

Microsoft Azure Application Insight​

  • Domains/Hosts:
    • az416426.vo.msecnd.net
    • dc.services.visualstudio.com
  • Justification/Purpose: Azure service used by nBold to collect anonymous performance metrics, telemetry and application logs/traces. More infos

Microsoft Azure Blob Storage​

  • Domains/Hosts: stappsaprd.blob.core.windows.net
  • Justification/Purpose: Storage used by nBold to store templates pictures/icons

Microsoft Graph API​

  • Domains/Hosts: graph.microsoft.com
  • Justification/Purpose: API used by nBold to interact with Microsoft 365 services

Intercom​

  • Domains/Hosts:
    • *.intercom.com
    • *.intercom.io
    • *.intercomassets.com
    • *.intercomcdn.com
  • Justification/Purpose: Used by nBold to bring an embedded support system into the app, and connect end-users and administrators with our support team.

IP ranges allow list​

IP ranges allow list is one of the most effective methods of ensuring this and prevents any internet traffic intended for nBold from being hijacked or rerouted to a rogue website.

Our public app and API services are exposed and protected by Microsoft Azure Front Door. Therefore our public IP ranges are publicly documented by Microsoft.

Note

This information is subject to change and we recommend that you check back quarterly for the addition or update of IP ranges.

Manual download​

To retrieve them:

You can also automate the extraction of these IP ranges, using one of these three options.

Automate via REST interface​

curl https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Network/locations/{location}/serviceTags?api-version=2020-07-01

Automate via Powershell​

Get-AzNetworkServiceTag -Location <String>

Automate via az cli​

az network list-service-tags --location [--subscription]