Applies to Product - Power Pages
What’s happening?
Customers are inquiring about the inclusion of external-facing sites in penetration testing and the impact of SSL certificate autorotation on service availability.
Reason:
- Customers are unsure whether their vendor portal built on Power Pages should be included in upcoming penetration testing and what specific components need to be tested.
- Concerns regarding the autorotation of Microsoft's SSL certificate and its potential impact on service downtime during the renewal process.
Resolution:
- For penetration testing inquiries, customers should reach out to the Microsoft Security Response Center (MSRC) team for guidance on whether their external-facing sites should be included in the testing. Documentation regarding security measures and ongoing penetration testing by Microsoft can be found in the Power Platform Security FAQs.
- Regarding SSL certificate autorotation, it is indicated that the autorotation of Microsoft's SSL certificate on Power Pages is not expected to cause downtime for customers, provided that the certificate remains valid. Customers are advised to renew their custom certificates before expiration to maintain authentication. No notifications are sent prior to the autorotation, so customers do not need to worry about service interruptions during this process.
