Hi anonymous user • Thank you for reaching out.
Azure AD B2C utilizes Azure AD as the underlying technology to store identity information.
- Data at rest: Microsoft uses BitLocker to encrypt all Azure AD identity data at rest.
- Data transmission on the wire, all Azure AD APIs are web-based using SSL through HTTPS to encrypt the data. All Azure AD servers are configured to use TLS 1.2. Inbound connections over TLS 1.1 and 1.0 are allowed to support external clients. Any connection over all the legacy versions of SSL including SSL 3.0 and 2.0 is explicitly denied. Access to information is restricted through token-based authorization and each tenant’s data is only accessible to accounts permitted in that tenant. In addition, our internal APIs have the added requirement to use SSL client/server authentication on trusted certificates and issuance chains.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.