Introducing managed security for Microsoft Dynamics 365 and Power Platform: advanced protection for an AI-driven world
In the modern digital era, the opportunity for innovation by leveraging organizational data in AI-driven scenarios is at an unprecedented high. Yet, both the effort required to maintain enterprise-grade security and the sophistication of cyber threats have grown. In 2023, there were over two thousand cyberattacks across the United States, which affected 340,000,000 victims. As a result, IT admins must juggle the immense potential for technological advancement with AI and the urgency to maintain security of data, applications, and users.
The Microsoft Power Platform empowers you to address both priorities with ease. With the release of managed security for Microsoft Power Platform, it is simple to balance both AI-adoption and top-tier data protection. This new suite provides industry-leading capabilities for protecting all your organization’s assets, ranging from mission critical workloads to citizen-developed resources to cutting-edge AI-powered agents. Managed security delivers security controls to ensure safe and scalable adoption business applications, Copilots, and agents:
- Security Posture Management: Intelligent guidance for scalable and efficient enterprise-grade security.
- Threat Protection: AI-powered detection and monitoring to address and prevent security risks.
- Data Protection and Privacy: Robust controls to ensure confidentiality and encryption, ensuring security of sensitive information.
- Identity and Access Management: Seamless and adaptive tools to ensure only authorized resource and data access.
- Compliance: Assured visibility and adherence to industry and regional regulatory requirements.
With managed security, Microsoft Power Platform empowers businesses with advanced protection to harness their AI-potential with confidence and ease.
Security Posture Excellence
The Power Platform admin center has been redesigned to deliver a seamless , world-class security management experience to administer your organization at scale with greater visibility, pointed guidance, and simplified controls. The new generally available security page experience in the Power Platform admin center, makes it easy to discover and navigate the range of capabilities which managed security provides. With actionable insights and opinionated guidance, this single pane of glass empowers administrators to effortlessly view and manage security tasks, assess their tenant’s security posture, and implement proactive policies across network security, access control, compliance, and threat detection. With the security score, illustrated on a qualitative scale (Low, Medium, High), you can get a comprehensive understanding of your organization’s security posture. Then, you can act on timely and tailored recommendations to improve your tenant’s security score configuring both proactive and reactive security guardrails, prioritized by level of risk.
Threat protection
As dependency on digital technology and integration with AI to fuel enterprise solutions grows, so does cybercrime. The frequency of data breaches across the globe has increased year over year reaching new all-time highs. But with managed security, you can feel confident that your organization remains secure against these evolving threats, equipped with AI-powered, real-time detection enabled through integration with Microsoft Sentinel. This cloud-native security information event and management platform equips admins to have a comprehensive security and monitoring solution that intelligently detect and respond to suspicious activities such as mass data deletion or app execution from unauthorized geographies.
Data protection and privacy
Managed security provides a robust selection of controls to ensure that your data is protected with confidentiality and integrity. Building on the core capabilities provided in the Power Platform such as end to end encryption, Dataverse security, tenant isolation and data loss prevention policies, managed security equips admins with additional proactive safeguards and capabilities to prevent avenues for data leakage.
To mitigate the risk of data exfiltration through plug-ins and connectors, you can leverage network security to protect both inbound and outbound traffic. . Power Platform now supports Virtual Network (vNet) integration for both connectors and Dataverse plug-ins including Microsoft Copilot Studio integrations, providing private, outbound connectivity from the Power Platform to resources within your vNet. By limiting the resources in your Power Platform environment to only access an Azure Virtual Network, you can ensure that your Power Platform resources are protected without overexposure to the internet or unauthorized access, enhancing security when extending your business processes. We are continuing to invest in expanding the vNet supported scenarios and are excited to announce the public preview support to the Snowflake connector. Enterprises will be able to use this connector to securely access their Snowflake data without the need to exposing the data over internet.
For scenarios that leverage PII such as credit card numbers or social security numbers, you can create data masking rules to ensure that your organization’s and customer’s sensitive data is protected. With data masking, also referred to as de-identification or obfuscation, sensitive data is replaced with masked strings, ensuring that the original values remain hidden. Only authorized users can access unmasked data, only one record at a time, ensuring that data is treated with utmost sensitivity. Safeguard your data by leveraging an existing, pre-defined rule, or creating your own as a solution.
In addition, customer managed keys (CMK) ensure that data is not only protected both in transit and at rest, but also give organizations control over their encryption keys for enhancing data security. Advanced connector policies, now available in early preview, enable a scalable approach to managing which connectors are allowed or blocked. With support for environment group level configurations, this new capability addresses the strong demand for managing data policies (DLP) at environment group level, enabling a more streamlined governance strategy. Additionally, any connector, including those previously considered non-blockable, can now be restricted, ensuring comprehensive control over data access and security. Lastly, the integration of Microsoft Purview with Microsoft Dataverse enables powerful security capabilities. With the Microsoft Purview Data Map, you can benefit from automated data discovery and sensitive data classification, gain a deeper understanding of your business applications data estate, safeguard your data, and enhance your risk and compliance posture.
Identity and Access Management
Managing access to sensitive information and resources is top of mind for IT admins and CISOs across industries and ensuring the least privilege access is paramount in maintaining a strong security stance. Power Platform is well-integrated with Entra ID for identity and access management, empowering admins to securely manage users and their interactions with various Power Platform resources. Managed security boasts an additional wealth of seamless capabilities built upon Entra ID offering granular control to ensure that your data and resources are only viewed by authorized users.
As the race to adopt AI is prioritized across industries, admins are looking to address the risk of over-sharing resources. Managed security supports granular sharing limits for canvas apps, and now expanding with generally available solution-aware cloud flows support preventing makers from sharing flows across security groups and with individuals. For Copilot Studio agent scenarios, a series of new controls are now available in preview: admins are equipped with fine-grained controls over editor versus viewer permissions on a per environment or environment group basis and can limit viewers to security groups, individuals, or a finite number of viewers.
Other key features available with managed security include support for filtering user access to resources only from pre-authorized network locations with IP firewall, which helps prevent unauthorized access and enhances network security. You can prevent user sessions being hijacked by malicious actors with IP cookie binding – which ties user sessions to specific IP addresses. Enhanced privileged access management ensures users have elevated permissions only when needed, reducing the risk of misuse and maintaining a strong security posture. Conditional access for canvas apps to enable administrators to set granular conditions under which users can access these types of resources, providing an additional level of flexibility and resource access control. To minimize the risk associated with accessing external resources, Managed Identities support for Dataverse plugins allows for secure and seamless authentication, eliminating the need for hard-coded credentials and simplifying the management of access to resources.
To further enhance security and reduce the risk of incidental over-sharing, a new control is now available on the security page to block or enable access by Entra guests to your Dataverse-backed environments as needed. By default, guest access is restricted for new Dataverse-backed environments, ensuring a secure setup from the start. With this new public preview feature, you can further boost your security score by enabling this setting for existing environments, too.
Compliance
Regional, industry-wide, and organization-specific regulations are top of mind as the race towards AI adoption continues. With managed security, you can feel confident that your organization’s business applications and copilots are meeting all compliance requirements including assured visibility, granular traceability, and comprehensive audits.
With Dataverse audit capabilities in the Power Platform admin center, you can dive deeper with comprehensive logging capabilities, including admin, maker, and user activity logs, all critical for identifying potential security threats. By monitoring unusual activity, such as a sudden surge in login attempts or changes to security settings, you can easily detect and respond to attacks before they escalate.
Microsoft Purview supports detailed auditing across Power Platform, including Copilot Studio events, to meet compliance requirements. It allows customized audit logs and provides detailed reports for AI-driven scenarios, enhancing security and compliance.
Moreover, to meet your enterprise’s compliance requirements with greater granularity, Dataverse offers robust data logging capabilities within managed security. This feature is essential for investigating security incidents and is designed to meet the external and internal auditing, compliance, security, and governance policies that are common to many enterprises. You can easily customize your Dataverse audit for a variety of entities and fields to ensure that you have comprehensive visibility into your data interactions, helping to maintain a secure and compliant environment.
Strengthen AI Adoption with a Security-First Mindset
In the age of AI, IT admins are challenged to navigate a complex security landscape while architecting the next wave of innovation in their enterprises. With the security-first capabilities provided in Power Platform managed security, the possibilities for your business are endless.
Using these capabilities, enabled customers such Toyota to “establish a secure and agile integration foundation for Power Platform and Azure using Azure VNet, eliminating the need for an on-premises data gateway. This enabled Toyota to develop generative AI apps on an Enterprise-Ready architecture, balancing security and agility through collaboration between citizen developers and IT.” – Takanori Mito, IT Promotion Div. Toyota Motor Corp.
The Power Platform admin center provides visibility, pointed guidance, and scalable control for managing your organization’s business applications. Equipped with actionable recommendations, admins can protect their organization’s resources from any external threats and ensure that their sensitive data stays private and protected. With rich identity and user management, scalable and secure adoption is a reality. The time to tap into your enterprise’s transformative AI potential is now; dive in with the cutting edge and responsibly designed management tools of managed security features at your fingertips.
