Hi,
We have Websites, AD B2C and SSO, APIs, Database all hosted in Azure. Our Services are controlled by our IT team. For the Audit purpose We need to answer various question from our vendor. Few questions for which I can't find an answer are as below:
- Are the AD B2C accounts geo replicated. if yes how can I know what is geo replicated region/country?
- How the user name and password are sent to server when we user AD B2C authentication for our websites?
- How the passwords are stored on AD B2C?
- What are the security measure are taken from Microsoft to safe user's data in AD B2C? Do we have some certifications like ISO27001?
- What are the protocols used in SSO implemented using AD B2C?
Answers to above question will help a lot. Thanks in Advance.