How your data flows
Documents, SharePoint farms, and a credential vault live in your cloud, VPC, or on-prem. On-prem SharePoint Server never touches Microsoft Graph.
Every request is checked against the user's RBAC and each capability's allow-list. Credentials are injected server-side — never through the model or the browser.
Only permitted context reaches the model your organisation enabled. Every call is logged by user, key, and MCP server for later review.
Sign in with Microsoft Entra; SCIM provisioning handles joiners and leavers by group assignment.
Availability and deployment are separate decisions — roll a capability to one team without advertising it to the org.
Provision a secret once and share it; skills pick it up at runtime — secrets flow from the vault to the script, never the model.
Usage, cost, and logs per model, key, MCP server, and endpoint, attributable by user email or full name.
Device-bound credentials with single-use refresh tokens and reuse detection — revoke one device from the web Devices page.
LiveApps and code run in a sandboxed iframe with no direct network access; every call is checked against a capability allow-list.
Where your data lives depends on where Pebble is deployed — your cloud, your VPC, or fully on-prem and air-gapped. We'll confirm the exact residency, sub-processors, and controls for your environment in review, rather than printing a blanket claim here.