Azure订阅ID，AAD租户ID和AAD应用程序客户端ID是否被视为秘密/PII? [英] Are Azure Subscription ID, AAD Tenant ID, and AAD App Client ID considered secret/PII?

问题描述

出于诊断和使用目的，我想在遥测中记录以下内容:

I would like to log the following in my telemetry for diagnostic and usage purposes:

• Azure订阅ID
• AAD租户ID
• AAD应用程序客户端ID

我应该将它们视为机密/PII并对其进行哈希/加密吗?

Should I treat them as secrets/PII and hash/encrypt them?

(不用说，我不会以任何形式或形式保留客户秘密)

(it goes without saying I will not be retaining the client secret in any way shape or form)

推荐答案

最终，您应该根据官方和合规性/隐私/安全性审查，从合规性/隐私/安全性角度确定要记录的内容以及如何记录日志和公司内部或第三方的认证.

撇开免责声明:

• 租户ID和App Client ID通常不被视为PII或机密.
  • 不是PII，因为它们本身不会告诉您用户是谁.
  • 不是秘密，因为它们很容易获得.尝试登录到您的应用程序的任何人都将受到这些攻击，因为它们包含在授权请求中.
  • Tenant ID and App Client ID aren't generally considered PII nor secrets.
    • Not PII because, by themselves, they won't tell you who the user is.
    • Not secrets because they are very easy to obtain. Anyone attempting to log in to your application will be exposed to these as they are included in the authorization request.
    • 不是PII，因为它本身不会告诉您用户是谁.
    • 可能是个秘密，因为它并不容易公开给所有人.可以认为这不是秘密，因为没有授权用户或应用程序的令牌也无法进行任何事情.

    请注意，一些公司和隐私评论通常将这3个数据点视为组织可识别信息(OII)，有时会制定处理这些数据的政策(尽管不如PII严格).

    Do note that some companies and privacy reviews often consider these 3 data points as Organization Identifiable Information (OII) and sometimes have policies for handling those (less stringent that PII though).

    这篇关于Azure订阅ID，AAD租户ID和AAD应用程序客户端ID是否被视为秘密/PII?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！