All Content
Comprehensive Security Review for Microsoft Power Apps: Insights & Tips
Image Source:
Power Apps
Sep 19, 2023 10:00 AM

Comprehensive Security Review for Microsoft Power Apps: Insights & Tips

by HubSite 365 about David Wyatt

Senior Staff Engineer - Intelligent Automation Developer

External Blog Post
Citizen Developer

Power Apps

Maximize your Microsoft Power Apps security with expert reviews and insights. Secure your data, connectors, account, sessions, and more today!

Microsoft Power Apps - Security Review Summery

David Wyatt, in his recent blog post, provides a comprehensive insight into the security concerns related to Microsoft Power Apps. He emphasizes that Power Apps is not a cloud version of Excel/Access rather, given its extensive and flexible corporate usage, it demands a higher level of security. The use of connectors poses considerable risks as it can potentially access higher-level credentials. Hence, establishing security reviews is pivotal to ensure business protection.

  • Data security forms the core of the entire process.
  • Connectors, with their robust power, can also pose dangers if misused.
  • Access control is crucial to avoid unauthorized access to sensitive data.
  • Accounts need precisely defined accesses to maintain data integrity.
  • Sessions must have a stipulated timeout for protection.
  • Thorough logging of interactions plays a key role in ensuring data leaks.
  • Appropriate documentation is an integral part of a security review.

Further Insights on Power Apps Security

In terms of Power Apps security, we need to deliberate on several dimensions. Most importantly, the nature and sensitivity of the data involved should be assessed adequately. This includes the highest data classification in the app and the justification for the data that is being used. Data storage, user permissions, and access maintenance deserve appropriate attention too.

Connectors, despite their potential hazards, offer unique capabilities to Power Apps. Therefore, the decision on the number of connectors to be included, the permissions required, and the method of authentication should be made judiciously. Authentication ideally should be done using O'Auth, but alternatives can also be used where O'Auth isn't supported.

Access to an app should be wisely administered. Apart from sole authentication, other factors such as Multi-factor Authentication (MFA), geo-fencing, or network-only access can be set up for additional security layers. Microsoft offers a preview of conditional access policy in this regard.

Account users must have controlled access to the app and its related flows. A moot point to consider is the avoidance of 'Share with everyone' feature for better management of access. This is done most efficiently by employing Security Groups.

Last but not least, the significance of logging and documentation in security reviews can't be overstated. They serve as effective mechanisms for future references and enforcement of security practices.

Read the full article Power Apps - Security Review

Learn about Power Apps - Security Review

The blog post focuses primarily on the security aspects of Microsoft's Power Apps, stressing the importance of security reviews given the expansive access that these apps provide to user credentials. It likens Power Apps to a cloud version of Excel/Access, highlighting that, as users can easily create and share Power Apps, it poses certain security risks. Hence, conducting security reviews can play a pivotal role in safeguarding an organization's data.

The blog further discusses the importance of architecture reviews, design reviews, and code reviews regarding Power Apps. These are integral processes that help protect the business and the developer by ensuring that security requirements are met. It suggests that employing patterns, i.e., following pre-approved designs, will enable solutions to comply with security requirements without impacting the speed of delivery that is one of the key strengths of the Power Platform.

The author lists key areas to focus on during a security review, including:

  • Data
  • Connectors
  • Access
  • Accounts
  • Sessions
  • Logs
  • Documentation

The post then proceeds an in-depth exploration of Data, listing the content, justifications, resting conditions, and permission levels as critical points to review. This ensures that the data housed on Power Apps is secure, does not violate user rights, and is worth the associated risk.

In conclusion, the post encourages a systematic approach to Power Apps security, recommending that organizations learn from real live solutions, refine established patterns, and apply them to future development efforts. This will help not only in maintaining the speed of delivery that Power Apps provides but also in ensuring that crucial security measures are in place.


More links on about Power Apps - Security Review

Security and Compliance in PowerApps and Flow
In the third part, I will take a closer look at security management in PowerApps and Flow. You will learn about things that you do not read in the ...
Microsoft Power Apps Reviews, Ratings & Features 2023
Review Source:. Microsoft Power Apps is a powerful low-code development platform. Reviewer Function: IT Security and Risk Management; Company Size: 1B - 3B ...
Microsoft Power Apps breach exposes third party security ...
Sep 13, 2021 — Take the ten-question reality check: How confident are you in your ability to protect customer data?
Microsoft Power Apps Review
PowerApps Falls Short on Security Controls. If you want to use any level of authentication in PowerApps, you' ...
Microsoft Power Apps Reviews & Product Details
Filter 150 reviews by the users' company size, role or industry to find out how Microsoft Power Apps works for a business like yours.


Microsoft expert advice, Microsoft professional guidance, Microsoft specialist tips, Expert Microsoft help, Microsoft authority guidance