Architecture

Overview

LiveTiles Intranet Hub consists of a client layer, which is implemented by two Microsoft SharePoint Framework Apps. The client layer reads data from various external systems, such as Microsoft Graph or SharePoint Search and displays this data in aggregated views in the LiveTiles Intranet Hub page within a SharePoint site. The assets required by the client application is hosted on an Azure CDN whithin the Azure tenant owned by LiveTiles.

LiveTiles Intranet Hub stores the configuration data required by the Hub page in a Microsoft SQL Server Database. This database runs as service in a Microsoft Azure tenant owned by LiveTiles. The data in this database is accessed via an API web application, which is also hosted on Microsoft Azure and owned by LiveTiles.

Architecture Overview LiveTiles Intranet Hub

Client Apps

LiveTiles Intranet Hub is built with Microsoft SharePoint Framework (SPFx), which is the recommended way and technology issued by Microsoft for implementing custom solutions for the Microsoft 365 platform.

Installation

The solution consists of two SPFx app packages LiveTiles Intranet Hub and LiveTiles Intranet Hub Landing Page, which have to be deployed in the customer’s SharePoint Online App Catalog. Once deployed to the App Catalog, the app packages can be installed as Apps on the desired SharePoint sites. For more details about the installation process please have a look here.

LiveTiles Intranet Hub

This app provides all the UI components required for rendering the LiveTiles Intranet Hub page, the header and footer. Accessing data is performed by SPFx MSGraphClient and AadHttpClient with the granted permissions requested by the app (see below). The app package contains the following elements:

  • LiveTiles Intranet Hub Web Part
  • Application Customizers for header and footer placeholders

Required Permissions for APIs

Please find below a list of our required permissions. For more details please also consult this list.

Microsoft Graph API
  • Delegated: People.Read
  • Delegated: Mail.Read
  • Delegated: Calendars.Read
  • Delegated: Calendars.Read.Shared
  • Delegated: Sites.Read.All
  • Delegated: Group.Read.All
  • Delegated: User.Read
  • Delegated: User.Read.All
  • Delegated: Contacts.Read
  • Delegated: ExternalItem.Read.All

Microsoft Graph permissions reference

Office 365 Exchange Online API
  • Delegated: Tasks.Read
Azure AD
  • Windows Azure Active Directory: User.Read
  • LiveTiles Intranet Hub API: user_impersonation
    • For LiveTiles Intranet Hub Full Trust the user_impersonation would use these Microsoft Graph permissions:
      • Group.Read.All
      • User.Read
      • User.Read.All
    • For LiveTiles Intranet Hub Low Trust the user_impersonation would use these Microsoft Graph permissions:
      • Directory.Read.All
      • User.Read
      • User.Read.All
  • LiveTiles Reach API (optional): user_impersonation

LiveTiles Intranet Hub Landing Page

The app adds a web part page to the pages library of the site where the app is installed. The web part page renders a preconfigured hub page. The web part page is set as the home page of the site. The app package contains the following elements:

  • Web Part Page: Hub.aspx
  • Feature: Sets the LiveTiles Intranet Hub Landing Page as welcome page, where the app is added.

Required Permissions for APIs

No permissions are required.

Privacy Considerations

The installed app packages (SPFx Apps) require exactly those permission as defined in the manifest of the app package (see above). The permissions have to be granted by an administrator. Therefore, the scope and the required permission can be exactly controlled by the administrator. This means that the app only gets access to data that has been approved by the administrator. Additionally, it is only possible to access the information of the current logged on user and not just all users at once, since the permission model is based on tokens which are issued for each user individually (Delegated Permissions). Since the LiveTiles Intranet Hub app is requesting Read permission scopes only, manipulation of data, such as altering or deleting data, in any of the Microsoft 365 applications is not possible by this app. The LiveTiles Intranet Hub solution follows clearly the recommendations and guidelines for the development of Microsoft 365 solutions issued by Microsoft. According to these explanations it is transparently visible and obvious that there are no options to perform malicious actions with the data of the user or customer.

SharePoint 2019

LiveTiles Intranet for SharePoint 2019 has two layers. One layer is client side, and consists of a SharePoint Framework apps that you need to deploy to your farm’s app catalog and install anywhere you want to use the LiveTiles Intranet functionality. The second layer is the service application layer and is where your configurations are stored and where the business logic is executed.

Architecture Overview LiveTiles Intranet for SharePoint 2019

OverviewMicrosoft 365