web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Power Apps Portal w/ f...
Power Pages
Unanswered

Power Apps Portal w/ firewall

(0) ShareShare
ReportReport
Posted on by TKOR

In Azure, I would setup a DMZ and place firewall, IDS/IPS and WAF in it,

but in Power Apps Portal's case, is there no need  to consider that because of SaaS ?

 

If so, thinking abou Power Apps Portal with Azure AD B2C, 

when you login, since it is the Power Apps Portal that is accessed from the outside,

is it still not necessary to conider network security for B2C that the portal calls internally?

Categories:
Power Apps portals
I have the same question (0)
  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at

    Hi, I don't think you should be concerned about that. DMZ + WAF + etc would probably be something you have to setup in an on-premise environment. Power Apps Portals is hosted on the cloud, so all security is managed by Microsoft.

     

    Azure AD B2C is hosted in a different Azure tenant, and shares some tokens internally to integrate with the Portals, again nothing you need to be concerned about.

     

    See if this articles clarifies a few other things around Azure AD B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/technical-overview#protect-customer-identities

     

  • rohancragg-qnrl Profile Picture
    rohancragg-qnrl 14 on at

    'all security is managed by Microsoft' I worry that this is a big assumption to make. Can anyone from the product team confirm if any protections such as DDoS and WAF are provided with the service so that we can make a judgement as to whether we need to layer anything else on top?

  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at

    There is not a lot of details on the official documentation, you might have to reach out to a Microsoft sales representative. Unless someone from the Product team looks at this.

    See if this helps a bit: https://docs.microsoft.com/en-us/powerapps/maker/portals/admin/connectivity

     

  • rohancragg-qnrl Profile Picture
    rohancragg-qnrl 14 on at

    Thanks for replying, This doesn't address my response as I was referring to security for inbound connections to portals. I found this very general statement about network security of Microsoft cloud services (M365) which we can only hope is applicable to Power Platform too: Network security - Microsoft Service Assurance | Microsoft Docs

  • rohancragg-qnrl Profile Picture
    rohancragg-qnrl 14 on at

    I've found some more detail beyond the docs - the Trust Center had more clues...

     

    Under Compliance Guides (MSComplianceGuideV3 (microsoft.com)) I found this:

    'Whitepaper detailing integration of Dynamics 365 and Power Platform for GxP workloads': Microsoft-D365-Power-Platform-GxP-Guidelines.pdf

     

    If confirms that power platform services comply with the control standards and frameworks:

     

    SSAE 18 SOC 1 Type II
    SSAE 18 SOC 2 Type II

     

    The reports can be obtained here: https://portal.azure.com/#blade/Microsoft_Azure_Security/AuditReportsBlade

     

    "Microsoft’s Datacenters’ Global Networking Services (GNS) monitor network devices to detect and resolve issues and anomalies. Monitoring activities focus on capacity, resiliency and availability. Reporting is then made available to Dynamics 365 and Power Platform senior management to allow for the review of the system’s health. (2.3.7.2 Service management and performance monitoring)"

     

    Security Practices and Policies for Core Online Services

     

    I found the Microsoft Power Platform Trust Center which actually seems to have very little useful information or at very least is difficult to navigate

    I did then find this: Infrastructure and availability PDF
    (Dynamics 365 and Power Platform): https://aka.ms/dynamics_365_international_availability_deck

     

    The following is from the section on Power Apps and so I assume it also applies to Power Apps Portals (the section on which is vey light and only mentions regional availability and language support):

     

    "Your data is securely protected because Power Apps is built on Microsoft Azure. This means that Power Apps benefits from the Azure platform’s powerful security technologies. Encryption of data, at rest and in transit, also preserves confidentiality. In addition, Power Apps uses separate front-end and back-end clusters, the Gateway role, and secure data storage architecture. This helps protect your information and allows your organization’s data to be unified whether in the cloud or on premises"

     

    It uses the following services

    • Azure Traffic Manager
    • Azure Content Delivery Network (CDN)
    • Azure API Management (APIM)

    "Users directly interact only with the Gateway role and Azure API Management which are accessible through the internet. These roles perform authentication, authorization, distributed denial-of-service (DDoS) protection, bandwidth throttling, load balancing, routing, and other security, performance, and availability
    functions."

     

    "The Azure multi-pronged threat management approach protects Power Apps by using intrusion detection, DDoS attack prevention, penetration testing, data analytics, and machine learning."

     

    I also found this, but it's not very useful: Power platform Security & Governance: Deploying a Defense in Depth Strategy

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Fubar Profile Picture

Fubar 74 Super User 2025 Season 2

#2
Jerry-IN Profile Picture

Jerry-IN 55

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans