cancel
Showing results for 
Search instead for 
Did you mean: 

Wishing you to forbid the user whose license has been disabled by an admin to use the Flow.

I am currently able to make the user to use the Flow without any admin's permission in case the Self sign up is acceptable even when Offide365 tile is hidden with deleted license.  When I wish to restrict the user's utilization of Flow as an internal security measure, I am unable to make a limit only on each of the tenant.  That is very inconvenient for me.  As a consequence, I hope you forbid the users with the disabled license to use the Flow because of security concerns.

Status: Declined

There is a difference between licensing product features in an application (like Microsoft Flow) and permissions to access an application in the first place.

 

Licenses can be used to grant or remove features. For example, if I want to enable the custom connector feature I can assign the Flow Plan 1. If you enable/disable the Flow for Office 365 plan, that enables the features that come with that plan, such as Team flows.

 

However, licenses shouldn't be used as a mechanism to grant/remove access to the whole applications (to block/allow login in the first place). For that, Azure AD is the recommended approach. You can use Azure AD conditional access to ensure that users in your organization login in the right place, or even blocked entirely. You should be using conditional access if security is your concern, not licenses.

Comments
Level: Powered On

absolute agree to this and support it! It's 100% require!

Level: Powered On

I think that it is more better if we can set permissions such as use, creation, editing, and deletion of Flow for each user like SharePoint.
Thank you for your consideration.

 

Flow Staff
Status changed to: Declined

There is a difference between licensing product features in an application (like Microsoft Flow) and permissions to access an application in the first place.

 

Licenses can be used to grant or remove features. For example, if I want to enable the custom connector feature I can assign the Flow Plan 1. If you enable/disable the Flow for Office 365 plan, that enables the features that come with that plan, such as Team flows.

 

However, licenses shouldn't be used as a mechanism to grant/remove access to the whole applications (to block/allow login in the first place). For that, Azure AD is the recommended approach. You can use Azure AD conditional access to ensure that users in your organization login in the right place, or even blocked entirely. You should be using conditional access if security is your concern, not licenses.