Governance and Security with Power Platform

Microexcel > Microsoft Blogs > Governance and Security with Power Platform

The Microsoft Power Platform is a comprehensive suite designed to enable automation, analytics, and custom App development for a wide range of business requirements. It supports a low code/no-code development model, which can be used even by novice users or citizen developers to build their own Apps without the need of extensive technical knowledge.

With its inherent portability, mobility and extensibility, there comes a need for increased Governance and Security implementations to ensure the safety and confidentiality of business data.

Data Connectivity and the need for Comprehensive Governance and Security

Power Platform offers a wide range of data connectors to easily connect to different data sources and API’s, with about 450 available connections from Microsoft and third-party vendors. This powerful feature of the suite makes way for easy App development with a drag-and-drop design model.

With such easy connectivity, data security becomes a major challenge, especially when connecting to third-party applications and access to sensitive data. We will look at the way Power Platform flexibly addresses these challenges with built-in security standards and Governance best practices to balance data security with business requirements.

Securing access by using Power Platform Environments

Environments within the Power Platform are included by default and can also be custom-built for specific requirements. They are containers for Apps and Flows that are developed and used and can be configured with the right usage, connectivity, and access policies to ensure complete security of data.

Setting restrictions on creating environments from the Power Platform Admin center to a select set of administrators helps in having complete control over custom environments, and their usage.

Environments also need to be in the region of their usage, as this will enable them to comply with local data usage and storage regulations. As analytics are differentiated across environments, choosing the right region helps get accurate insights.

Data Loss Prevention Policies

Data Loss Prevention (DLP) policies are used to safeguard data connectivity through connectors and prevent unauthorized access to sensitive information. Data Loss Prevention Policies divide the data into three groups-Business, Non-Business, and Blocked, so that connectors with the same data profile are placed in the same group and restrict access of data between groups.

DLP policies are of two types-environment and tenant. An environment DLP policy applies only to the specified environment, whereas a tenant-based policy will apply to all environments within that tenant. Within an environment, there can be multiple DLP policies, and the most restricting one will be implemented.

DLP policies are configured based on the company’s cyber security policies and are often created to distinguish between business and customer-related services. The best practice for creating them will be to differentiate the business systems and create policies that align with each system. This will help implement DLP policies that are in tune with business goals and requirements.

Microsoft Power Platform Center of Excellence Starter Kit

The Microsoft Power Platform Center of Excellence Starter Kit offers a wide range of solutions that enable a comprehensive Governance for Power Platform. The kit is offered as a free download from GitHub, and includes Apps, a custom connector, flows, and a Power BI dashboard. It requires a Power Apps pay per usage license for using Microsoft Dataverse along with the Power BI desktop application.

The kit is mainly used for Governance aspects in cyber security and change management and provides a set of tools and features outlined below.

DLP Editor V2: The DLP Editor V2 helps in protecting confidential data from being shared and provides information security for the tenant. It controls the usage of connectors by determining their individual usage and using them along with other connectors.

The DLP editor enables admins to have visibility of the impacted Apps from DLP policies and shows the resources that will be disabled due to a change in the policy. It offers insights into the impact of current policies on existing Apps and Flows to manage policies for creation and change.

Dataverse and Power BI: Unlike the admin analytics, which provides insights into the usage of Power App and Power Automate within a single environment, Dataverse, along with a model-driven Power App gives complete visibility of all the environments. It also shows the flows from Office 365 Security and Compliance logs by syncing data, along with insights from the Power Platform management connectors.

All the above insights are visualized on the Power BI dashboard with the reports outlined below.

  • App Overview
  • Current Environments
  • App Usage and Details
  • Flows, Custom Connectors, App and Flow creators, and Connectors

App Audit: The App Audit shows Apps with a huge usage of resources, and the business justification for their creation- to prevent data outages. It facilitates App creators to attest that their App meets business usage requirements and helps identify non-compliant Apps.

App Catalog Application: The App Catalog Application contains details of all the current Apps across various categories, which have been approved in the App Audit process. It helps creators to browse through the App collection to determine if an App with the same feature already exists.

Set Owner App: The Set Owner App controls the usage of Apps by adding users, and setting edit or access only privileges.

The above security features in Power Platform help provide a comprehensive Governance for the suite. In addition to the above features, outlined below are Governance best practices that help in easy administration and optimal usage of Power Platform.

  • Establishing usage guidelines for environments, setting up a default environment for personal productivity, and using non-default environments for critical Apps.
  • Monitoring tenant activity
  • Using activity logs and analytics to get visibility into usage and enforce security measures
  • Using the Power Platform Center of Excellence, kit-which provides a collection of best practices for administration and Governance.
  • Create an automated audit process by using Power Automate

The above security features and governance capabilities of Power Platform help in creating and managing a comprehensive governance policy that safeguards sensitive data and secures the Power Platform environment. It’s necessary to align business goals with governance strategies to ensure that users are not impacted by enforcing rigid rules and, at the same time, identifying aspects that will compromise the security of the suite.