cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
emurdock
Level: Powered On

How to secure and adminster the default Environment for enterprise scale deployment

I'm am looking for experiences people have in securing, establishing data loss protection polices, and administering the default environment.  With thousands of users creating apps, how can one support a restrictive approach for protecting business data?

In reference to documentation at: https://docs.microsoft.com/en-us/power-platform/admin/database-security.    Using the "Minimum privileges to run app", I am able to restrict the creation of a model based app for specific environments. I would also like to restrict the ability for specific users to create canvas apps in the default environment. 

 

4 REPLIES 4
Super User
Super User

Re: How to secure and adminster the default Environment for enterprise scale deployment

Users who have a valid PowerApps license, but are not assigned a Maker or Administrator role in an environment can still run apps that are shared with them.  But they are unable to see the Environment so they can't create or edit Apps in that environment. So if you want to keep specific users from creating Apps just remove all roles from them in the default or any other environment where you wish to restrict their ability to create PowerApps.  



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Community Support Team
Community Support Team

Re: How to secure and adminster the default Environment for enterprise scale deployment

Hi @emurdock ,

Firstly, you could inactive different kinds of users with different licenses.

Usually, the functions from simple to complex: Office365->P1->P2

I recommend you inative common users with Office365, developers with P1, administrators with P2.

Since only users with P2 could create environments, they could create environments accoding to your company's demand and then give different permission to other users. You could refer the link that you listed to see permission in datails.

Here's a doc about guidance to those administrators responsible for planning, securing, deploying, and supporting applications built on the PowerApps platform for your reference:

https://powerapps.microsoft.com/en-us/blog/powerapps-enterprise-deployment-whitepaper/

 

 

Best regards,

Community Support Team _ Phoebe Liu

 

 

 

Community Support Team _ Phoebe Liu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
emurdock
Level: Powered On

Re: How to secure and adminster the default Environment for enterprise scale deployment

Thanks all.  I found the "Administering a PowerApps Enterprise Deployment" whitepaper helpful across many topics.  Page 10 of the whitepaper articulates my problem well: 

 

The "default" environment has a few unique characteristics from other environments that you create. This environment can’t be disabled or deleted. All tenant users are added automatically to the maker role for the default environment and you can’t remove them from that role.  

 

I have users (external 3rd parties) that require access to specific applications deployed in PowerApps Prod Environments.  These Prod environments are have CDS provisioned and the security model works very well.  

 

I want to prevent these users from having the maker role in the default environment.

Community Support Team
Community Support Team

Re: How to secure and adminster the default Environment for enterprise scale deployment

Hi @emurdock 

The Environment Admin role can add or remove a user or group from either the Environment Admin or Environment Maker role. You could limit the permission of the users that you mentioned.

Here's a doc for your reference:

https://docs.microsoft.com/en-us/power-platform/admin/environments-overview

 

Best regards,

Community Support Team _ Phoebe Liu

 

Community Support Team _ Phoebe Liu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
firstImage

PowerApps Monthly Community Call!

Join us next Wednesday for our Demo Extravaganza, October 16, 2019 8am PDT.

firstImage

Microsoft Business Applications Virtual Launch Event

Join us for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020

FirstImage

Power Platform World Tour

Coming to a city near you

thirdimage

PowerApps Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

FourthImage

Join PowerApps User Group!!

Connect, share, and learn with your peers year-round

SecondImage

Power Platform Summit North America

Register by September 5 to save $200

Users Online
Currently online: 379 members 5,145 guests
Please welcome our newest community members: