An emerging trend in digital transformation efforts has been the rise of low-code development platforms. Of course, these low-code platforms must be grounded in best-of-breed governance capabilities which include security and compliance features. Without strong governance, the full benefits of low-code development cannot be realized. It’s only natural that any low-code platform chosen by an organization must have strong security and compliance capabilities. Microsoft has developed the Power Platform which includes Power Apps, Power Automate, Power Virtual Agents, and Power BI to serve our customer’s needs for a robust low-code development platform that includes app development, automation, chatbots, and rich, detailed data analysis and visualization. We previously reported on the fundamental rights security and compliance capabilities offered with Microsoft Flow which was renamed Power Automate. In this blog, we’re going to discuss the integrated security and compliance abilities across the Power Platform and offer an update on the new capabilities we’ve launched.
Foundations of governance
As the number of developers develops, governance becomes a key criterion to ensure digital transformation. As such, IT must create stronger guardrails to ensure the growing numbers of developers and the assets they create all remain compliant and secure. The Power Platform’s governance approach is multi-step with a focus on security, monitoring, administrative management, and application lifecycle handling( figure 1 ). Check out our detailed governance and administration capabilities. The Power Platform also offers a Center of Excellence Starter Kit which organizations can use to evolve and educate employees on governance best practises. The Power Platform comes equipped with features that help reduce the complexity of governing your environment and empowers admins to unlock the greatest benefits from their Power Platform services. We’re reporting some of our newest capabilities to protect your organization’s data with tenant rules and blocking email exfiltration. We’re likewise announcing new analytics reports available for the robotic process automation( RPA) capability recently launched with Power Automate.
Figure 1: The Power Platform multi-step governance strategy.
Cross-tenant incoming and outgoing restraints use Azure Active Directory
The Power Platform offers access to over 400 connectors to today’s most popular enterprise applications. Connectors are proxies or wrappers around an API that allows the underlying service to’ talk’ to Power Automate, Power Apps, and Azure Logic Apps. Control and access to these connectors and the data residing in the applications is a crucial aspect of a proactive governance and security approach. To this purpose, we have recently improved the cross-tenant inbound and outbound limiteds for Power Platform connectors. The Power Platform leverages Azure Active Directory( Azure AD) for controlling user authentication and access to data for important connectors such as Microsoft first-party services. While tenant restrictions can be created with Azure AD all up, enabling organizations to control access to software as a service( SaaS) cloud applications and services based on the Azure AD tenant used for single sign-on, they cannot target specific Microsoft services such as Power Platform exclusively. Organisations can opt to isolate the tenant for Azure AD-based connectors exclusively for Power Platform, use Power Platform’s tenant isolation capability. Power Platform tenant isolation works for connectors using Azure AD-based authentication such as Office 365 Outlook or SharePoint. Power Platform’s renter separation can be one lane or two style depending on the specific use case. Tenant admins can also choose to allow one or more specific tenants in inbound or outbound direction for connection establishment while prohibiting all other tenants. Learn more about tenant rules and tenant separation. For now, this capability is available through support and will soon be available for admin self-service utilize Power Platform admin center.
In addition to providing leveraging Power Platform renter isolation’s ability to prevent data exfiltration and infiltration for Azure AD-based connectors, admins can safeguard against connectors using external identity providers such as Microsoft account, Google, and much more–creating a data loss prevention policy that categorizes the connector under the Blocked group.
Email exfiltration controls
Digital transformation has opened a variety of new communications channels. However, email remains the foundational method of digital communication and Microsoft Outlook continues as one of the dominant email services for endeavors. Avoiding the exfiltration of sensitive data via email is crucial to maintaining enterprise data security. To this purpose, we have added the ability for Power Platform admins to prevent emails mailed through Power Platform to be distributed to external domains. This is done by setting Exchange mail rules based on specific SMTP headers that are inserted in emails mailed through Power Automate and Power Apps utilize the Microsoft 365 Exchange and Outlook connector. The SMTP headers can be used to create appropriate exfiltration( unauthorized transfer of data from one device to another) regulations in Microsoft Exchange for outbound emails. For more details on these headers auto-inserted through Microsoft 365 Outlook connector, appreciate SMTP headers. With the new controls, admins can easily block the exfiltration of forwarded emails and exempt specific flowings( automated workflow created with Power Automate) or apps from exfiltration blocking. To block the exfiltration of forwarded emails, admins can set up Exchange mail flow regulations to monitor or block emails is sending out Power Automate and or Power Apps using the Microsoft 365 Outlook connector. Figure 2 is an example SMTP header for an email sent utilize Power Automate with the reserved word ‘Power Automate’ in the application header type.
Figure 2: Power Platform SMTP email header with reserved word ‘Power Automate.’
The SMTP header also includes the operation ID includes the type of email, which in figure 2 is a forwarded email. Exchange admins can use these headers to set up exfiltration blocking regulations in the Exchange admin center. As you can see in figure 2, the SMTP header also includes a workflow identifier as the new’ User-Agent’ header which is equal to the app or flow ID. Admins can exempt some flows( or apps) from the exfiltration due to the business scenario or use the workflow ID as part of the user-agent header to do the same. Learn more about how Power Platform aids admins prevent email exfiltration with these sophisticated new controls.
Powerful analytics for monitoring robotic process automation process
One of the most exciting new capabilities offered with the Power Platform is Desktop Flows( previously known as UI flows) which provide robotic process automation( RPA) available through Power Automate. Along with this powerful new feature, we have launched new analytics dashboards to ensure admins have full visibility with new RPA processes. Admins can view the overall status of automation that runs in the organization and monitor the analytics for automation that’s built with RPA automation from the Power Platform admin center. These analytics reports are accessible to users granted environment admin privilege. Admins can access the Power Platform admin center by clicking the Admin Center from the Power Automate portal defines menu. From the admin center, admins can access either Cloud flows( non-RPA automation) or Desktop flows. The Desktop flows page offerings three types of reports 😛 TAGEND
Runs: Gives you a general overview of daily, weekly, and monthly desktop flowings operated statics. Usage: Usage of the different RPA processes. Created: Analytics for recently created RPA procedures.
Figure 3 shows an example of the new Runs report available in the admin center for Desktop flows. You can get more details on these powerful new analytics abilities from our Microsoft docs page and our announcement blog. Check them both out.
Figure 3: New analytics’ Run’ report for Desktop flows in Power Platform admin center.
Join our community and get started today
Join the growing Power Platform community so you can get the latest updates, join discussions, and get notions on how the Power Platform can help your organization. You can also learn how the products run from these learning modules available at Microsoft Learn. Be sure to check out some of our great assets which will get you more knowledgeable about the powerful tools available to ensure your organization benefits from low-code development with the Power Platform while adhering to some of the industry’s best conformity and security standards.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post Recent enhancements for Microsoft Power Platform governance seemed first on Microsoft Security .
Read more: microsoft.com