web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / PSA: NEVER TRUST Desig...
Power Pages
Unanswered

PSA: NEVER TRUST Design Studio for your security!

(0) ShareShare
ReportReport
Posted on by CU01020356-0

When using the Design Studio in Power Pages, switching between Azure AD B2C configurations does not remove the original site settings. Legacy identity provider configurations and client IDs persist in Dataverse, even though they are hidden from view within the Design Studio interface.

This introduces a serious security risk. During soft launches or production cutovers, it is entirely possible for non-production identity providers to remain active and registered with a live portal, without any visible trace in the design interface.

From a security and governance perspective, this is untenable. Any tool used to configure authentication, user flows, or form behavior must provide full traceability, visibility into changes, and administrative control. Until Design Studio meets these standards, I will continue directing my developers to bypass it entirely, use direct HTML and Liquid editing, and manage all site settings explicitly through the backend.

Does anyone have visibility into the Design Studio roadmap, especially around change tracking, reversibility, and secure configuration handling? Frankly speaking, this entire tool is a trap for newcomers to PowerPages and frequently creates desynchronization between Dataverse and whatever storage the design studio uses.

Categories:
General topics
I have the same question (0)
  • Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,315 Super User 2025 Season 2 on at
     
    My suggestion would be to log a ticket with Microsoft for them to help with, which you can do via the M365 portal.
     
    I don't think any of us would directly have access to the roadmap, but anything is possible. Definitely understand your frustration, I think providing them direct feedback from a ticket is the best way to express that to them
     
    There is the Ideas area you can post too, but I don't feel it would give you what you want.
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Jerry-IN Profile Picture

Jerry-IN 71

#2
Fubar Profile Picture

Fubar 62 Super User 2025 Season 2

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans