PowerApps 3rd Party Security Tools

Like (0) Share

Report

Posted on 14 Jul 2021 16:38:52 by DY1

Hi everyone...

I was wondering if the PowerApps ecosystem allows for the configuration of external 3rd party security tools (for things like IP filtering and DDoS attacks). Since PowerApps is a platform, I'm not sure if this is possible, or if we are limited to security protection provided by Azure AD (e.g Conditional access).

Thanks!

I have the same question (0)

All responses (5)

Answers (0)

joe_hannes_col 1,843 Super User 2024 Season 1 on 14 Jul 2021 at 18:54:18

Like (0)

Report

Re: PowerApps 3rd Party Security Tools

Hello @DY1,
I'm not quite sure at what level you would like to prevent these attacks, but I don't think this is possible. For example, if you would be trying to block malicious login attempts from outside your own network to the Power Platform, you would have to find a way to restrict network traffic between the attacker and the Microsoft platform.
There are a number of Azure service you can use to harden your security, this would be my first step.

Was this reply helpful? Yes No
eric-cheng 5,171 on 17 Jul 2021 at 04:04:34

Like (0)

Report

Re: PowerApps 3rd Party Security Tools

Hi @DY1 ,

There will be a level of security baked in from Microsoft at the infrastructure level.

In regards to things like DDOS attacks, there is rate limiting that applies to many of the connectors. If you are using HTTP triggers, look into leveraging an APIM. It then comes down to observability and how you will monitor and get alerted. Because the solution files are proprietary, there doesnt appear to be any SAST tools which can be used.

Other than that, alot of it comes back down to education and common sense. A strong password policy, use key vaults when possible, secure your inputs/outputs when required and maybe incorporate a framework for deploying across lower and higher environments where reviews happen.

--------------------------------------------------------------------------
If I have answered your question, please mark my post as a solution
If you have found my response helpful, please give it a thumbs up

Was this reply helpful? Yes No
ChrisPiasecki 6,414 Most Valuable Professional on 17 Jul 2021 at 14:48:13

Like (1)

Report
Re: PowerApps 3rd Party Security Tools

Hi @DY1,

Power Platform and D365 are a SaaS solution and provide many layers of security under the hood, and as such is able to meet several industry regulations. Because it runs on Azure, it out of box uses several of the security features available to Azure customers, such as:

DDoS protection

Azure AD conditional access

SQL Transparent Data Encryption for Data at rest, with the option to manage the encryption key as a customer.

TLS to encrypt all data in flight between the services internally and between end user and services.

Data center security

You can optionally use Azure ExpressRoute with Power Platform to setup a private connection between your on prem infrastructure and Power Platform.

When it comes to Security Incident & Event Monitoring (SIEM), the platform has very in depth auditing/activity logging capability that works together with the M365 Security & Compliance Center. You can integrate your own SIEM tool and many are supported out of box.

The Security Section (12) of the Dynamics 365 Implemention Guide describes the available security measures at all layers very well.

https://aka.ms/D365ImplementationGuide

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

Was this reply helpful? Yes No
DY1 3 on 19 Jul 2021 at 15:08:16

Like (0)

Report

Re: PowerApps 3rd Party Security Tools

Thank you Chris for these resources. The D365 Implementation Guide is particularly helpful.

However, I am still left with my original question...does the PowerApps ecosystem allow for the configuration of external 3rd party security tools?

The reason I ask is I am trying to determine a range of security options to present to my team. If it is not possible to use 3rd party security tools (say from Checkpoint for example), then I won't need to investigate any 3rd party tools and I can focus on strictly what Microsoft provides for security. If 3rd party security tools can be used with the PowerApps ecosystem, then I should try to determine which vendors provide those tools and present their offerings as options.

Thanks!

Was this reply helpful? Yes No
ChrisPiasecki 6,414 Most Valuable Professional on 19 Jul 2021 at 15:26:25

Like (0)

Report

Re: PowerApps 3rd Party Security Tools

Hi @DY1,

It depends for what use case. If it's for something app specific, you can use connectors/custom connectors to integrate security tools into your process (e.g. Virus Scanning files uploaded to Dataverse).

If it's broader platform security like infrastructure etc, then I would suggest starting with what Microsoft provides with the platform, and then assess any gaps and determine where you can fill those gaps with 3rd party tools.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

Was this reply helpful? Yes No

Join the conversation

Community site session details

PowerApps 3rd Party Security Tools

Helpful resources

News and Announcements

Quick Links

Responsible AI policies

Chiara Carbone – Community Spotlight

Congratulations to the October Top 10 Community Leaders!

Leaderboard > Power Apps

Featured topics

Product updates

Community site session details

PowerApps 3rd Party Security Tools

Helpful resources

News and Announcements

Quick Links

Responsible AI policies

Chiara Carbone – Community Spotlight

Congratulations to the October Top 10 Community Leaders!

Subscribe to this forum!

Select categories

Leaderboard > Power Apps

Featured topics

Product updates