Introductions:
Security is crucial for any website, portal, or application. With the Power Platform Admin Center, you can manage websites within your tenant and access key information. This includes details such as the remaining days before a trial website expires also metrics like the number of sites without Web Application Firewall (WAF) protection or those utilizing external authentication. By checking these insights regularly, you’ll know if your websites are safe from cyber threats. If you find any issues, you can take action to fix them and make sure your websites stay protected.
To monitor the security of all websites within your tenant effectively, follow these steps:
- Log in to the Power Platform Admin Center using your administrator credentials.
- Choose Resources from the left pane, then Power Pages sites.
- Click on the Security (Preview) tab.
Anonymous access enabled
“Anonymous access enabled” indicates websites in Microsoft Dataverse where some tables allow access to data without logging in. This means at least one table permission grants access to anonymous users. For further details, visit Table permissions and click “View details” to review the settings for each website.
Web Application Firewall disabled
“Web Application Firewall disabled” indicates production websites where the Web Application Firewall (WAF) is turned off. Enabling WAF enhances website security, and Microsoft strongly recommends doing so. For more details, visit “Enable Web Application Firewall for a website” and click “View details” to review the WAF settings for each website.
External authentication enabled
“External authentication enabled” indicates websites with non-Microsoft Entra ID authentication providers enabled, granting access to Dataverse data. For more details, visit “Authentication providers” and click “View details” to review the external authentication setup for each website.
Site security health
The Site Security Health Dashboard summarizes the security status of your organization’s websites based on security checks. For more information, go to Security site checker. It evaluates configuration parameters and identifies common issues. The classification into Standard, Enhanced, and Advanced levels follows outlined criteria, subject to potential changes during the feature preview.
- Standard: If less than a third (33%) of the security checks for a website pass, it’s rated as Standard.
- Enhanced: If more than a third (33%) but less than two-thirds (66%) of the security checks pass, it’s rated as Enhanced.
- Advanced: If more than two-thirds (66%) of the security checks pass, it’s rated as Advanced.
- No results: This means the security checker couldn’t run, possibly due to IP restrictions or the site being stopped. To fix this, run the checker from the Power Platform Admin Center. It won’t work if there are IP address restrictions.
Click “View” to see the security checker results. If settings differ from Microsoft’s recommendations, they’re marked as Warnings. Sometimes, your business requirements may require configurations that aren’t recommended by Microsoft.
Authentication providers
Authentication providers display a list of all the different ways you can log in to websites in your tenant, as well as how many websites use each one. Click on Review to see the websites that are using this authentication provider.
Conclusion:
In conclusion, Power Pages worked with the Power Platform Admin Center to enhance the security of websites. These tools help organizations manage access control, strong logins, and data protection. In today’s online landscape, these tools are essential for keeping users safe and providing a secure experience.
