Protecting Data with Dataverse Part 2: Security from Internal Threats (Users)
In this blog series, we will be covering how to protect data in Dataverse from external and internal threats (both from internal users and Microsoft). In today’s post, we will focus on protecting data from internal user threats.
Secure Data from Internal Data Leaks and Disgruntled Employees
- How can I minimize user access to sensitive data in my applications?
Microsoft Purview Information Protection establishes protection across environments and provides ways to combine data sets to be defined that allow data collaboration. Microsoft Purview‘s data classification allows you to protect your data based on data sensitivity/classification and prevent sensitive data from falling into the wrong hands. IT professionals and administrators can designate containers (Dataverse environments) and folders (data entities) with data sensitivity that can define the boundaries for that data in the organization. The platform also provides additional security using Role-Based Access (RBAC) that system administrators can configure to further lock down access to your organization’s tables in the system. Dataverse uses Azure AD identity and access management mechanisms to help ensure that only authorized users can access the environment, data, and reports.
- How can I ensure users have the right privileges necessary to access a Dataverse environment?
Dataverse uses role-based security to group together a collection of privileges. These security roles can be associated directly with users, or they can be associated with Dataverse teams and business units. These privileges provide users access to records. Secure data and ensure users have the least privilege necessary through Dataverse authorization and data level security roles that define row, field, hierarchical, and group protection.
- How can I make sure users do not have the ability to intentionally leak or allow others to easily access and leak sensitive data in my environment?
Dataverse provides features that you can easily configure and set up to stop users from data leaking or accidentally providing access to the system. Data Loss Prevention Policies are one way to do this. You can create data loss prevention (DLP) policies that can act as guardrails to help prevent users from unintentionally exposing organizational data.
Protect, Detect & Respond to Internal Client Threats
We recommend the following preventative steps:
- Leverage Dataverse Authorization to create the right group and individual access to collections and records. See how access to a record is determined in Dataverse for more details about how to set up the proper authorization model.
- Use IP address-based cookie binding to block cookie replay attacks in Dataverse.
- Restrict guest user access permissions through Azure Active Directory.
- Limit IP surface area by configuring inbound and outbound rules within Power Platform. See Azure service tags overview for available service tags.
Take these steps to identify and locate possible issues:
- Review audit logs in Azure Active Directory for public IP address access to your environment and to identify which users have authenticated to Dataverse.
- Retrieve the history of audited data changes in Dataverse.
- Review Microsoft 365 admin center activity reports.
- Use Microsoft Dataverse usage reports.
- Track user access of the Microsoft Power Platform.
- Deep auditing for all data changes to detect tampering or manipulation and rich access/activity auditing for data exfiltration risks.
Follow these steps to execute an effective response:
- Disable user from the environment (see delete users from environments).
- Revoke user access in an emergency in Azure Active Directory.
- Modify IP Firewall to meet your changing network requirements.