Thursday, 08 June 2023 14:39

Security in Microsoft Power Platform

Need to know which protocols are used in Power Platform?  How is data secured at rest?  How is data residency managed? How are the platform’s web front ends configured and scaled?  How is the back end clustered?   

These are the questions we have all been asked recently.  

What’s new in these Power Platform security docs?

During the gathering, the group discussed a collection of security documents that had been put together. Microsoft explained that customers had been inquiring about the security measures and data privacy protocols of the power platform. Previously, individual teams within the platform addressed these questions to varying extents, resulting in some gaps in their responses.  

However, as the power platform grew and integrated different components such as Power Apps, Dataverse, Power Automate, and portals, the nature of the inquiries changed. Customers wanted to know about the overall security of the entire power platform, rather than individual components. Realising the need for a holistic answer, the team embarked on creating these articles to provide a comprehensive understanding of the power platform's security. 

Azure security relation with Power Platform security

The Power Platform is built on Azure, serving as its foundation. Microsoft highlighted that the Power Platform seamlessly incorporates various Azure technologies, enabling a user-friendly low-code/no-code development experience. This integration encompasses relational storage, blob storage, logic apps, and other technologies, all unified within Power Apps.  

While the terminology used may differ, Azure underlies the entire Power Platform, providing comprehensive security, protection, and scalability. It's worth noting that this gathering of content goes beyond simply compiling existing documentation; some of the content presented had not been previously published on the web. 

More information about Power Platform security

Microsoft explained that while they had comprehensive documentation for certain aspects of the Power Platform, there were gaps that needed to be addressed. While detailed documentation existed for Dataverse and Power BI, there was a lack of similar documentation for Power Apps and Power Automate. Specific areas of concern included authentication processes for Dataverse and the underlying security measures related to data at rest.  

Users wanted a clear understanding of the foundational components and the security measures in place. These gaps were often filled through individual interactions, such as security audits, but there was a need for a comprehensive and unified story. Additionally, there were specific inquiries about protocols used in the platform, and a frequently asked questions (FAQ) section was created to address these protocol-related questions.  

The FAQ aimed to provide clarity on the specific protocols used and their functionalities. Phil Topness mentioned the importance of these documented answers and expressed his intention to include a direct link to the FAQ in the description for easy access. 

What do we learn so far about Power Platform security?

Having been involved with the Power Platform for a considerable amount of time, covering Power BI to Dataverse and more, the question was posed about what new insights were gained after delving into the documentation. Microsoft admitted that his focus had primarily been on the platform's runtime, data model, authentication, and connectivity aspects. However, they realised that they didn't possess a complete understanding of how the platform scaled out, ensured proper functioning of protocols, or how the traffic manager operated.  

Engaging in the process of researching and consolidating information from various sources for the documentation allowed users to learn extensively about the platform's scalability, data protection measures across different regions, and related aspects. Power Platform team acknowledged that the documentation contained valuable information for individuals at all levels of familiarity with the platform, offering meaningful insights and discoveries to be found by anyone exploring the material. 

Stay tuned for further updates around Power Platform and alike products.  

You can refer to the latest documentation of Microsoft Power Platform here: