Power Apps Security Considerations

-

    The importance of security cannot be understated especially when working with apps that contain business critical and confidential information. Ensuring the security of your data while being able to utilize it in a robust application can provide near limitless value to your organization. The threat of being hacked is present at all times and will continue to grow as time goes on. Microsoft and the Power Platform provide many security mechanisms by default, but in order to take full advantage and handle any missing pieces these areas must be considered:

·    Environments: By default, all users will be added to the Environment Maker role of the default environment in Power Apps. This can allow users to obtain information and permissions that were inadvertent.  Consider creating separate environments and assigning roles only as necessary to ensure no additional permissions are assigned to people that should not have that access. Using the Zero Trust principles you can make better decisions in how to assign roles, privileges, and remediation techniques without sacrificing functionality.

·    Using Explicit Shared Connections: This connection type requires that end users authenticate to the back-end server with their credentials. Compared to implicit shared connections which allow all shared users to access the source with the hardcoded credentials of the developer. This is a very poor and insecure method of allowing access to what could be sensitive information and should be avoided at all costs.

·    Data Loss Protection (DLP) Policies: These policies include rules that prevent connectors from communicating with each other. Policies can be assigned at different scopes and are inherited by lower levels; Note that setting policies at different scopes requires different levels of permissions. Connectors can be grouped in three groups: Business, Non-Business, and Blocked. Any data in business or non-business groups cannot be shared across groups, blocked connectors cannot be used at all. DLP policies can be layered to provide more granular control and it is important to note that the most restrictive layer will always take precedence

·    Security Connectors: In the predefined list of connectors supported by Power Apps there are several that connect to security tools for monitoring malicious activity. Consider looking through the connectors and choosing one that best meets the needs of your application. Microsoft Defender is offered as a premium connector that provides several actions that can be taken to monitor and act on suspicious activity. Custom connectors can also be built to integrate third party security solutions that may already be in use in your organization.

    While these considerations merely scratch the surface of measures that must be taken to ensure security in your app, they are essential. Security plans should be well thought out and applied in the most restrictive manner without interfering with functionality. As always, we here at Networking Planet are here to help with any security assessments or implementations that you may be interested in. For any inquiries, please submit a support request here.

Comments

Post a Comment

Please keep the comments constructive and clean!

Popular posts from this blog

Plesk Issues - 404 Errors with Pages not loading

-
 Wanted to share some experiences over the past few weeks where some websites were moved from a server infrastructure on Windows to Linux leveraging Plesk.  The amount of incorrect blogs and suggestions out there made it very unusual and not helpful at all.  The issues occurred where many sub pages and graphics weren't loading correctly on some of the sites but not all of them.  As we dug extremely deep into the firewall, NGINX, and all the deeper settings we took a step back to review the configuration.  Took me back to the VBA days when I developed using notepad and good ol case sensitivity would cause my code to fail.  Light bulb went off and there it was....just some case sensitive references all over the website configuration.  I found this troubling as it's been this way for years but if you run across some odd behavior and you leverage plesk on Linux....take a look and see if this may be a problem before you go and attempt to restamp permissions or rebuild the box :)   E
Read more

Cloud Migration Benefits

-
       As several legacy systems, including SQL and Windows Server 2012, reach their end of support it is essential to consider how a cloud modernization project could benefit your organization. Cloud migrations may seem like a daunting task, but they can provide immense value and with the help of a trusted partner can be implemented very efficiently. When migrating your workloads to the cloud there are several options that allow you to tailor your solution to achieve maximal value. Some of the greatest benefits you can expect when leveraging cloud resources include:      Hybrid Cloud Models: When first modernizing your workloads it may not be prudent to move all of your assets at once. Luckily, Azure provides several methods of leveraging cloud benefits without going all or nothing. With services such as Azure Arc and Azure Stack you can extend the capabilities of existing resources to take advantage of cloud benefits like scalability, security, and incorporation of intelligence th
Read more

Power Automate Recent Updates

-
     Power Automate is an innovative service that allows low-code implementation of automated processes for a variety of tasks. These processes can connect to nearly any data source through prebuilt connectors or publicly available APIs. Power Automate also provides a large set of prebuilt templates that can be implemented out-of-the-box for common automation tasks. In this post I will highlight some of the latest updates that make Power Automate so valuable.      Unstructured Document Processing: Using Power Automate and AI Builder documents of nearly any kind can be parsed and processed without human intervention after set up. By simply providing the model with a few samples and training it on what data to record you can have a fully operational processor in no time. The model supports documents in over 150 languages and can even process handwritten text. While only in preview, Feedback Loop is a tool included that allows documents to be selected to retrain the model with to furth
Read more