Power Apps Security Considerations

-

    The importance of security cannot be understated especially when working with apps that contain business critical and confidential information. Ensuring the security of your data while being able to utilize it in a robust application can provide near limitless value to your organization. The threat of being hacked is present at all times and will continue to grow as time goes on. Microsoft and the Power Platform provide many security mechanisms by default, but in order to take full advantage and handle any missing pieces these areas must be considered:

·    Environments: By default, all users will be added to the Environment Maker role of the default environment in Power Apps. This can allow users to obtain information and permissions that were inadvertent.  Consider creating separate environments and assigning roles only as necessary to ensure no additional permissions are assigned to people that should not have that access. Using the Zero Trust principles you can make better decisions in how to assign roles, privileges, and remediation techniques without sacrificing functionality.

·    Using Explicit Shared Connections: This connection type requires that end users authenticate to the back-end server with their credentials. Compared to implicit shared connections which allow all shared users to access the source with the hardcoded credentials of the developer. This is a very poor and insecure method of allowing access to what could be sensitive information and should be avoided at all costs.

·    Data Loss Protection (DLP) Policies: These policies include rules that prevent connectors from communicating with each other. Policies can be assigned at different scopes and are inherited by lower levels; Note that setting policies at different scopes requires different levels of permissions. Connectors can be grouped in three groups: Business, Non-Business, and Blocked. Any data in business or non-business groups cannot be shared across groups, blocked connectors cannot be used at all. DLP policies can be layered to provide more granular control and it is important to note that the most restrictive layer will always take precedence

·    Security Connectors: In the predefined list of connectors supported by Power Apps there are several that connect to security tools for monitoring malicious activity. Consider looking through the connectors and choosing one that best meets the needs of your application. Microsoft Defender is offered as a premium connector that provides several actions that can be taken to monitor and act on suspicious activity. Custom connectors can also be built to integrate third party security solutions that may already be in use in your organization.

    While these considerations merely scratch the surface of measures that must be taken to ensure security in your app, they are essential. Security plans should be well thought out and applied in the most restrictive manner without interfering with functionality. As always, we here at Networking Planet are here to help with any security assessments or implementations that you may be interested in. For any inquiries, please submit a support request here.

Comments

Post a Comment

Please keep the comments constructive and clean!

Popular posts from this blog

Plesk Issues - 404 Errors with Pages not loading

-
 Wanted to share some experiences over the past few weeks where some websites were moved from a server infrastructure on Windows to Linux leveraging Plesk.  The amount of incorrect blogs and suggestions out there made it very unusual and not helpful at all.  The issues occurred where many sub pages and graphics weren't loading correctly on some of the sites but not all of them.  As we dug extremely deep into the firewall, NGINX, and all the deeper settings we took a step back to review the configuration.  Took me back to the VBA days when I developed using notepad and good ol case sensitivity would cause my code to fail.  Light bulb went off and there it was....just some case sensitive references all over the website configuration.  I found this troubling as it's been this way for years but if you run across some odd behavior and you leverage plesk on Linux....take a look and see if this may be a problem before you go and attempt to restamp permissions...
Read more

Power Automate Recent Updates

-
     Power Automate is an innovative service that allows low-code implementation of automated processes for a variety of tasks. These processes can connect to nearly any data source through prebuilt connectors or publicly available APIs. Power Automate also provides a large set of prebuilt templates that can be implemented out-of-the-box for common automation tasks. In this post I will highlight some of the latest updates that make Power Automate so valuable.      Unstructured Document Processing: Using Power Automate and AI Builder documents of nearly any kind can be parsed and processed without human intervention after set up. By simply providing the model with a few samples and training it on what data to record you can have a fully operational processor in no time. The model supports documents in over 150 languages and can even process handwritten text. While only in preview, Feedback Loop is a tool included that allows documents to be selected to re...
Read more

Azure Hybrid Overview

-
     Hybrid cloud models provide organizations with an opportunity to leverage cloud resources without going all in right from the start. Many companies today have extensive technical infrastructures that are hosted mainly on-premises or in a private cloud. With a hybrid cloud model these existing resources can be extended with public cloud hosted services without a large-scale migration project. These services can provide improved management, security, and intelligence to a wide range of resources. In this post I will cover a few key areas where Azure services can provide immense value in a hybrid model.      Management Services: Azure provides several services that allow organizations to manage all of their resources in a central location. One of the main services offered is Azure Monitor, which can connect to cloud or on-premises environments to provide insights on the performance and identify any potential issues with the connected resources. Another...
Read more