SyncSE is built as a product host on top of reusable GraphEssentialsX capabilities. That keeps the sync engine portable while allowing us to ship different hosting models over time.
On-Premises Today
The current delivery model is an on-premises Windows Service:
GraphEssentialsX.Sync.Serviceruns on a customer-managed Windows ServerGraphEssentialsX.Licensingevaluates the local signed license- Secrets are stored locally with DPAPI protection
- All contact processing happens inside the customer environment
- The service talks directly to Microsoft 365 and Exchange Online for source and target resolution
In this mode, optional call-home can be used for update checks or telemetry, but core synchronization should not depend on continuous internet access to a vendor control plane.
Reusable Core
The reusable engine stays in GraphEssentialsX:
- directory and contact sync capabilities
- typed selection and execution contracts
- Graph-backed group expansion
- Exchange-backed dynamic distribution group expansion
- shared auth audience handling
That means future products can reuse the same resolution, filtering, and execution logic without reimplementing the sync pipeline.
Future Azure Marketplace Shape
The future Marketplace model keeps the same core but changes the host:
- Azure-hosted sync worker instead of the local Windows Service
- Marketplace registration, billing, updates, and monitoring handled by Azure services
- tenant-level configuration and secret storage moved to cloud-managed components
- the same
GraphEssentialsXsync capabilities continue to drive source resolution and execution
Design Principle
Only the host changes between on-premises and Marketplace.
GraphEssentialsXremains the reusable capability layerGraphEssentialsX.Licensingremains reusable across Windows services and future hosts- product-specific packaging, service control, and operator workflows stay outside the core engine