1. Knowledge base
  2. Organisation Management

Tenancy Management

Tenancies in Dekko

Tenancies are a centralised location for an organisation’s administrator to perform activities that relate to user management and policy enforcement. Tenancies govern HUBs that are assigned to them, and an organisation can have one or many tenancies depending on their plan with Dekko.


Dekko can help organisations manage their tenancies or they can be completely independent.

Tenancy pages

2FA management

This page lists all users in the tenancy and lets tenancy admins disable 2FA should a user misplace their phone, or get a new phone and not be in possession of the old one.

To temporarily disable 2FA for a user, open the tenancy manager are navigate to the ‘Two-Factor Authentication’ tab:

Untick the selector against any user that needs 2FA temporarily disabled. The next time they log in they will be prompted to set up 2FA using a new token.

Authentication and policies

This page contains settings for authentication and usage policies for users in the tenancy. Settings in the page are:

  • Minimum password length

  • Enforce 2FA (email login users)

  • Enforce SMS verification on invite acceptance

  • Automatically set tenancy admins as trusted users for users in the tenancy

  • Disable the Public HUB for users in the tenancy

  • Enforce attribute designation for messages and files

  • Enforce session times

  • Enforce file retention times

  • View Office 365 documents

To enable or adjust any of the above settings, make an appropriate change or combination of changes and then press ‘Save’.

HUB storage

This page reports the Dekko platform (excluding meetings) stored data totals for all HUBs in the tenancy and perform Hub deletion (main article).

HUB branding

This page contains settings for enabling or disabling features for all HUBs in the tenancy.


This page tracks pending invites HUBs in the tenancy.

Tenancy administrators

This page reports all administrators for the tenancy.

Traffic analyser

This page reports data uploaded to, and downloaded from, all HUBs in the tenancy.

Charts on this page can display for a specified date range and by default shows the current month. Charts can also be split per HUB, per user, and the time period can be set by hour, day, month and year.

Billing analyser

This page reports the transaction (billing) totals for the tenancy.

This report can display a specified range and by default shows the current month. The report can be filtered down to per HUB (domain) and per document. If you have Splunk enabled, these reports can be directly correlated with tenancy data traffic.

SIEM integration

See SIEM integration page.


This page reports all users in the tenancy and which HUBs they are a member of.

Users can also be removed from HUBs here.

Shared files

This page reports all current files shared in HUB in the tenancy and shows the owner, recipient(s), date shared and upload permissions for each share.

Viewing Office 365 documents

Microsoft Office document viewing in Dekko is provided by utilising a facility in the Dekko PROTECTED Cloud which renders the file and presents it to users within the web application.

During this rendering process temporary access to the document is granted to the processing appliance, which is deleted immediately after rendering is complete.

Disabling access to this feature is provided in order to maintain Dekko’s zero-knowledge capability should this be required for use of the service.

Dekko displays PDFs by retrieving them from encrypted cloud storage and rendering them in the Dekko app - the document is never exposed anywhere other than to the user (file owner or recipient). Office file viewing is a little different though, as web applications (like Dekko) are not able to render these files types due to their deep format complexities built by Microsoft.

As mentioned view support has now been extended to Office documents, but there is a caveat that we check with customers before enabling the feature: In order to render Office files we use code in our Dekko cloud which renders the Office file as a PDF, and then sends it to the user for viewing. This code runs in a IRAP PROTECTED-assessed virtual machine on Azure and gains temporary access to the file for rendering, sends it to the user and then deletes it immediately after, so that the code can no longer access it.

The appliance that performs this process has of course been constructed with the best possible security componentry and practices possible, but is a slight departure from our zero-knowledge configuration where the Dekko cloud can ordinarily never access user data. This proposed access is only temporary, and applies to Office docs only when turned on.