Updated: May 31, 2023 (September 17, 2022)
Analyst ReportControlling Access to Power Platform Services
- Access to Power Platform services includes multiple levels of authorization to enforce security.
- Security for apps and flows can generally enforce proper licensing as well as block access to sensitive data.
- Customers can still run afoul of license multiplexing rules if they use robotic automation to sidestep authentication.
Power Platform components, including Power Apps, Power Automate, and Dataverse, use a multistep process to ensure that only users authorized to access a service can do so. Each user must be authenticated, checked for proper licensing, and finally be allowed to access a specific app or flow. Although this process minimizes the chance of unauthorized or unlicensed access to the services, there are several potential failure points in the process.
Basic Security Mechanisms
Power Platform security uses a Least Privileged Access model, which allows for granular access control. Users accessing apps and flows must pass through several levels of security gating, in order of increasing restrictiveness:
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now