Answered

Guidance on Securing Power Automate Flows for Department-Specific Access in a Global Bot Deployment

(1) Share

Report

Posted on by SB-06111301-0

We are planning to use Microsoft Entra ID for access management to our AI agents and the underlying database. The agents will also work with Power Automate flows.

Our goal is:

All employees should be able to use the AI agent.
Only specific departments should be able to access and trigger certain flows.
We are looking for guidance on the best structure for this scenario:

Should permissions be managed in the agent, in Power Automate, or both?
Would it make sense to create separate agents per department with flows embedded, or keep a single agent?

This is for a large enterprise rollout across 50+ countries, so scalability and maintainability are key.

Any recommendations or best practices would be greatly appreciated.

Categories:

Bot administration

I have the same question (0)

All responses (2)

Answers (1)

Verified answer

Giraldoj 872 Moderator on at

Like (1)

Report
Copy link

Link copied!

Hi there,
For a deployment that large, I’d avoid putting everything into a single agent. It becomes difficult to maintain, and every new request ends up affecting the entire bot. It scales better if you separate things into smaller agents (or at least scoped topics) and let an orchestrator route when needed.
On the access side, keep using Entra ID groups to decide who can access which features. Everyone can talk to the main agent, but certain actions or flows should only show up if the user is in the right department group.

If you’re using Dataverse, this gets even easier: you can rely on Dataverse security roles to control exactly what each user or team can see or update. In many cases, the agent and the flows don’t need to “decide” access — they’ll just fail gracefully if the user doesn’t have permission at the data level. It’s a clean way to avoid duplicating access logic.

Still, I recommend also adding a quick permission check inside the Power Automate flows (just to avoid returning data accidentally). So yes — you end up securing both the agent and the flows, but Dataverse roles take a lot of the heavy lifting off your hands.
As for architecture: multiple smaller agents or topic groups generally work better than one big bot. If some users need access to multiple areas, add an orchestrator agent on top. It keeps the structure clean and much easier to maintain as things grow.

Hope that helps.

Was this reply helpful? Yes No
SB-06111301-0 7 on at

Like (0)

Report
Copy link

Link copied!

Hello Giraldoj,

Thank you for your reply.

Just to confirm — do you agree with the proposed agent architecture and the permission model being managed through Microsoft Entra ID?

The idea is that all employees should be able to access the bot for general questions and answers, but only employees from specific departments should be able to use certain workflows, such as price list retrieval, shipment calculations, and other department-specific automations.

Does this approach align with best practices in your opinion?

Was this reply helpful? Yes No