Skip to content
Security by design

Your tenant. Your rules. Zero tokens in the browser.

Dockli is built to sit inside your Microsoft 365 estate without ever becoming a new place for data to leak. Here’s exactly how it authenticates, stores and moves nothing it shouldn’t.

The short version

Four guarantees, by architecture.

MSAL + WAM broker

Sign-in uses Microsoft’s native Windows broker — no passwords touch Dockli.

Graph proxied server-side

The UI never holds an access token; every call is brokered locally.

DPAPI-encrypted cache

Tokens are encrypted at rest with Windows Data Protection.

Loopback only

The local host binds to localhost — nothing is exposed to the network.

In detail

How every layer is secured.

Authentication — MSAL + Windows WAM

Sign-in runs through the Microsoft Authentication Library and the native Windows WAM broker. Credentials are handled by Windows itself — no passwords ever touch Dockli. Users get the same trusted sign-in experience as every other Microsoft 365 app on their machine.

Token handling — Graph proxied server-side

A local, headless ASP.NET Core backend proxies every Microsoft Graph call. The WebView2 browser UI never holds or sees an access token — it talks only to the local API, which brokers requests on its behalf. There is no token to exfiltrate from the front end.

Encryption at rest — DPAPI

The token cache is encrypted at rest using the Windows Data Protection API (DPAPI), tied to the signed-in user account. Cached credentials are readable only by that user on that machine.

Network posture — loopback only

The local Kestrel host binds exclusively to localhost (loopback). Nothing Dockli runs is exposed to the network or reachable from another device — the API surface is available only to the local UI.

Data residency & permission scoping

Dockli only ever shows — and only ever acts on — files the signed-in user can already access in Microsoft 365. It rides on your existing permissions and never widens them. No data leaves your tenant’s permission boundary.

Admin consent, on your terms

Deployment is gated by tenant-wide admin consent. A Global Administrator approves Dockli’s Graph permissions once, from any browser, via an emailed link — so nothing runs in your tenant until IT explicitly says yes.

Compliance & marketplace

Verified, and transactable through Microsoft.

Dockli is published by Tiny Tugboat with a publisher-verified domain in Microsoft Entra, so the consent screen your admins see clearly identifies who’s asking. And because Dockli is a transactable offer on Azure Marketplace and Microsoft AppSource, procurement and billing run through your existing Microsoft agreement.

  • Publisher-verified domain

    Dockli’s Entra app carries a verified-publisher domain — admins see a trusted, attributable consent prompt.

  • Azure Marketplace / AppSource

    Listed as a transactable offer, so purchasing runs through Microsoft with your existing agreement.

  • Least-privilege Graph scopes

    Dockli requests only the Graph permissions it needs to do its job — nothing broader.

Walk your security team through it.

Book a demo and we’ll cover the architecture end to end, question by question.