With the open-source Dataverse SDK for Python (announced in Public Preview at Microsoft Ignite 2025), you can fully harness the power of Dataverse business data. This toolkit enables advanced analytics, streamlines automation, and fuels innovation by providing seamless access to enterprise data directly from Python environments.

Why Python? Why Now? 

Python has become the language of data science, AI, and automation. From Pandas and Jupyter Notebooks to sophisticated machine learning libraries like scikit-learn, Python empowers a global community of data professionals and developers to innovate at scale. Recognizing this, we’re thrilled to introduce the Dataverse SDK for Python, an open-source toolkit designed to seamlessly connect the Microsoft Dataverse platform with the tools and workflows Python developers love. 

Bridging Business Data and Data Science 

The Dataverse SDK for Python unlocks enterprise business data for advanced analytics, AI-driven solutions, and agentic workflows. Whether you’re orchestrating ETL pipelines, automating business logic, or visualizing trends, this SDK puts Dataverse’s robust, secure, and compliant data platform at your fingertips—directly from your favorite Python environment. 

Key Features at Launch 

These features empower both professional developers and data scientists to create, test, and deploy agentic flows and analytics on trusted business data using familiar Python tools.

• Open Source & Accessible: Available on PyPI and GitHub, the SDK invites community feedback, contributions, and transparency. There’s no cost to get started—just install and go! 

• MVP Core Capabilities: Rapidly prototype with support for DML/DDL operations, file uploads, and file columns, making it easy to integrate with existing Python workflows. 

• Seamless Python Integration: Designed for compatibility with popular tools like pandas and Jupyter, letting you analyze, visualize, and automate Dataverse data efficiently. 

• Enterprise-Grade Security: Leverages trusted Dataverse security, enabling enterprise compliance and governance for all your data-driven solutions. 

Who Should Use the Dataverse SDK for Python? 

With a low barrier to entry and robust extensibility, the SDK supports everyone from citizen makers to advanced AI engineers. 

• Data Scientists: Quickly analyze high-priority Dataverse cases, generate graphical insights, and accelerate decision-making—all in Python. 

• Developers & Makers: Build scalable, AI-powered automations and orchestrate server-side logic using Python skills, notebooks, VS Code, and CI/CD pipelines. 

• Business Leaders & Partners: Enable analytics modernization, automation, and innovation across teams, with seamless integration into existing data pipelines. 

Get Started 

By lowering barriers and accelerating adoption, we’re fostering a thriving ecosystem where everyone can create, automate, and innovate with trusted business data. The Dataverse SDK for Python is built for—and with—the community. We invite you to: 

• Install the SDK via PyPI and explore our check out the GitHub repo.

• Watch our introductory YouTube video and share your feedback. 

• Submit feature requests, report bugs, and contribute code to help us improve. 

• Share your own stories and solutions—we love to spotlight community innovation! 

Together, let’s unleash the power of business data with the Dataverse SDK for Python! Learn more with additional resources, we can’t wait to see what you’ll build:

• Dataverse SDK for Python (preview) documentation – Power Apps | Microsoft Learn
• Dataverse SDK Python reference | Microsoft Learn
• PowerPlatform-Dataverse-Client · PyPI

The post Introducing the Dataverse SDK for Python  appeared first on Microsoft Power Platform Blog.

1. New Audit Create and Update Events for AI-Assisted Agent Activity 

Dataverse now provides detailed auditing for AI-assisted data changes. Every update by an AI agent is logged, allowing organizations to monitor AI actions and maintain transparency. 

Why is this important? 

• Organizations can identify when AI alters data. 

• Audit trails distinguish AI activities from human ones for tracking and review. 

• Compliance is easier as regulations demand documentation of automated changes. 

For example, if a chatbot updates customer preferences, admins can see the event, agent, affected columns, and timestamp—helping sustain trust as automation grows. 

2. Auditing Core Business Tables and Security-Related Tables for Data Privacy Compliance 

Dataverse offers auditing for essential business and security tables to help organizations comply with evolving privacy regulations like GDPR. Administrators can enable audits for critical data such as Contacts, Accounts, Opportunities, security roles, permissions, and access logs. 

• Auditing ensures strong data governance, tracks user activity, and maintains regulatory compliance. 

• Security table auditing increases visibility into permission changes and supports forensic investigations. 

Organizations can configure these audits to meet privacy requirements and maintain thorough records of sensitive data.  

Administrators can turn on auditing for their environment via the Security hub: 

3. Auditing Original User Selected Label Values 

Dataverse improves auditing for option sets and dropdowns by tracking both the selected label and its backend value. This ensures accurate records even if labels change, supporting audits and compliance. Logs keep the user’s original choice for better dispute resolution and data integrity. This preserves user intent for clarity and compliance.  

4. Enhanced Audit Summary Viewing in the Environment Settings App 

Dataverse now offers a streamlined audit summary view within Environment settings, giving administrators and data stewards direct access to audit logs. The interface standardizes layouts for quick comparison, allows filtering by agent type, improves search and sorting, and supports exporting or sharing data for compliance and reporting. This update enables efficient review and management of audit data, ensuring transparency and regulatory readiness. 

5. Retention Policy for Audit Records 

As audit logs grow, Dataverse lets administrators set retention policies to automatically delete records after a chosen period, helping comply with privacy laws and cut storage costs. Policies can be customized by table or process. For example, HR might keep logs for seven years while marketing deletes them sooner. 

6. Managing Audit Storage: Identify and Delete Audit Records by Table 

Dataverse lets admins track audit storage by table and delete audit logs per table, reducing storage costs and improving performance. 

• Organizations can retain audits for important tables and clear less critical ones. 

• Example: If “Leads” generates excessive audits, admins can apply retention policies and delete its records without impacting other tables. 

7. Retention Policy for completed System Jobs 

Effective management of job audit history in Dataverse promotes system health and compliance. Organizations can set retention policies for system job audit data, enhancing performance by automatically deleting outdated records. 

• Only relevant job histories are kept, improving efficiency and supporting compliance. 

• Retention settings can be tailored to business unit requirements and legal obligations. 

For instance, audit logs for routine imports may be retained for 90 days, while financial operations may need up to a year of audit history. 

8. Dataverse audit events sent to Purview audit 

When an administrator turns on Auditing or checks Activity for an environment, these activities are sent to Purview as audit trail. 

See the list of Dataverse audit events that are sent to Purview – Microsoft Dataverse and model-driven apps activity logging – Power Platform | Microsoft Learn  

9. Auditing sensitive data with masked fields  

Sensitive data is protected by masking, ensuring that confidential information remains concealed. This masking is consistently applied within audit logs, so sensitive details are never exposed during audits. Whenever someone read sensitive information, the Read event is audited. 

Get started today

With so many key updates, check out the documentation to learn more and get started with empowering data stewardship, privacy, and control: 

• Use the Power Platform Environment Settings app – Power Platform | Microsoft Learn 
• GetAuditStorageDetails Action (Microsoft.Dynamics.CRM) | Microsoft Learn 
• Delete completed system jobs and process log to comply with retention policy – Power Platform | Microsoft Learn 
• Create and manage masking rules (preview) – Power Platform | Microsoft Learn 
• Microsoft Dataverse and model-driven apps activity logging – Power Platform | Microsoft Learn 

The post Dataverse Auditing: Enhancing Trust and Transparency in the Age of AI  appeared first on Microsoft Power Platform Blog.

As data security evolves, organizations must keep up with best practices and technology to protect sensitive information. Customer Managed Key (CMK) solutions give organizations direct control over encryption keys, strengthening security. We have made recent updates to Customer Managed Key (CMK) functionality:

1. Faster key application with less downtime.
2. Improved handling of key vault access changes.
3. Expanded global availability.
4. Transition from Bring-Your-Own-Key (BYOK) to CMK.  

Reducing System Downtime During Key Application: A Smoother Encryption Journey 

Previously, applying a new encryption key or reverting CMK environment to Microsoft Managed key meant the environment had to be taken offline so core services could complete encryption. Although this ensured security, it often led to prolonged downtime, disrupting productivity and business operations.  

To address these challenges, the key application process now enables online access as soon as core services finish encrypting with the new customer-managed key. Users can return to their environment much sooner, while secondary services complete encryption in the background. 

When encryption status changes from “Encrypting” to “Encrypting – online”, the environment is enabled for online access. 

Managing Downtime When Key Vault Access is Revoked: Greater Control and Clarity 

Access to your key vault is central to customer-managed key solutions. If this access is revoked, whether on purpose or by mistake, any environment using that key becomes unavailable. Previously, restoring access and system functionality was often slow and required support help from Microsoft. 

A new self-service feature gives environment admins more control.  Now, once access is restored, local admin can re-enable their environment independently—no need to wait for support or actions from Microsoft. 

This update helps organizations respond quickly to permission issues, reducing downtime and improving operational flexibility. 

Global Expansion: Customer Managed Key availability in GCC-High

Organizations in government, defense, and other highly regulated sectors often need strict data residency and compliance. For U.S. government entities, GCC-High provides a secure, compliant cloud environment. 

Customer Managed Key (CMK) will soon be available in GCC-High, giving organizations in this environment access to the same advanced key management and encryption controls as commercial and specialized clouds. 

What this means for you: 

• Unified key management: Standardize encryption practices across all your cloud environments. 

• Compliance-ready: Federal and defense organizations can meet strict security requirements by managing their own keys in GCC-High. 

• Wider adoption: More agencies and contractors can now confidently use Power Platform and related services. 

Bring-Your-Own-Key (BYOK) Deprecation and Migration Guidance

Bring-Your-Own-Key (BYOK) was an early approach to customer-managed encryption, allowing organizations to supply their own keys for use in securing their data. However, as technology and security expectations have advanced, CMK has emerged as the preferred and supported solution, offering greater integration, management, and supportability. 

All Power Platform services are moving to exclusively support Customer Managed Key. BYOK is now deprecated, and customers with existing BYOK environments are required to migrate to CMK. The deadline for this migration is January 2026. 

What this means for you: 

• Plan your migration: If your organization currently relies on BYOK, you have until January 2026 to transition to CMK. 

• Get support: Reach out to your account manager or raise a support ticket to begin the migration process or to request assistance.  

• Future-ready: CMK offers improved functionality, better integration, and ongoing support for all Power Platform services. 

It is strongly recommended that customers begin planning for migration as soon as possible to avoid last-minute issues and to take full advantage of the superior security and management features offered by CMK. 

Get Started Today

Check out the documentation to learn more and get started:

• Manage your customer-managed encryption key – Power Platform | Microsoft Learn 

• Lock and unlock environments through key vault access – Power Platform | Microsoft Learn 

• Review the environment’s encryption status 

• CMK in Sovereign clouds 

• Migrate bring-your-own-key (BYOK) environments to customer-managed key – Power Platform | Microsoft Learn 

The post Customer Managed Key (CMK) Updates: Enhancing Security, Flexibility, and Global Reach  appeared first on Microsoft Power Platform Blog.

1. Prevent data leaks and data exfiltration
2. Fine-tune data visibility while maintaining performance and compliance. 

🛡️ Step 1:  Prevent data leaks with secured column masked fields 

Dataverse now supports column-level security with masking, allowing organizations to restrict access to sensitive fields such as Social Security Numbers, account numbers, or government IDs. This feature ensures that unauthorized users see only masked values, both in forms and exported data.  

Admins can define Secured Masking Rules using regular expressions to control what part of a field is visible. For example, you can show only the last four digits of an SSN. These rules apply to the server side, ensuring consistent enforcement across environments and export scenarios. 

Additionally, audit logs remain available for masked columns, enabling security teams to monitor access and detect anomalies. 

🚫 Step 2: Prevent Data Exfiltration by Controlling App Access 

To combat unauthorized data exports, Dataverse introduces App Access Control, a feature that lets admins define which apps are allowed to run in an environment.  

This control is enforced at the authentication layer, validating app IDs against an approved list. Whether users access Dataverse via Dynamics 365 Sales or a custom app, only permitted apps can interact with the environment. Admins can also run audit mode to identify commonly used apps before enforcing restrictions. Here is an example of preventing Excel desktop running in your environment:

This feature is especially valuable for regulated industries where data leakage risks must be tightly managed. 

👥 Step 3: Role-Based View Management with Tailor Grid Views by Security Role 

Dataverse now allows makers and admins to assign system views to specific security roles, ensuring users see only the views relevant to their role. 

This enhancement brings parity with role-based form access and helps reduce clutter in the UI. Makers can configure view visibility directly in the Maker Portal, while end users can share personal views with their teams. This granular control improves usability and user productivity.  

🧩 Step 4: Filtered Views Security for C2 System Users 

Dataverse introduces a filtered view-based security model that enables row-level access control based on column values. 

For example, a user may only access records where the “City” column equals “Redmond” or “Seattle.” This model is particularly useful for scenarios where traditional record ownership doesn’t apply, such as Power Pages C2 users. 

Admins can define predicates and associate them with security roles, allowing CRUD operations only on records that match the filter criteria. This model is already in use by Dynamics 365 Finance and Operations and Power Pages and is expanding to other workloads. 

💡 Get Started Today

Together, these features represent a significant leap forward in Dataverse’s security posture. They empower organizations to: 

• Comply with data privacy regulations 
• Prevent unauthorized data access and export 
• Customize user experiences based on roles 
• Secure sensitive data at the column and row level 

Whether you’re a maker, admin, or security architect, these tools offer the flexibility and control needed to safeguard your data in today’s complex environments. Learn more: 

• Prevent data leaks with Dataverse Data Masking Rules 
• Sample: Column-level security using Dataverse SDK for .NET 
• Prevent data exfiltration with the app access control 
• Manage access to public system views – Power Apps | Microsoft Learn 

The post 🔐 Strengthen Data Protection in Dataverse appeared first on Microsoft Power Platform Blog.

This capability will enable dynamic business logic, context-aware responses that can summarize, classify, extract, and generate content based on your data.  

What is a Prompt Column? 

A prompt column in Microsoft Dataverse is a specialized data column designed to hold textual inputs that serve as prompts for AI models. These prompts can be anything from simple commands to complex queries. The AI model processes these prompts to generate relevant responses based on the input provided. The result is immediately stored in the prompt column, ready to be used in apps, workflows, or reports. 

This means you can bring generative AI directly into your data model without writing code or managing external services. Whether you are summarizing customer feedback, generating draft responses, extracting structured data from unstructured text, or classifying records based on context, prompt columns make it possible with just a few clicks. 

Each prompt is fully customizable and can reference one or more input columns within the same table. This business logic is powered by natural language prompts, allowing you to tailor the AI behavior to your specific business scenario.   

Available Now in Public Preview 

This feature is currently in public preview and intended for early exploration. It is an opportunity to evaluate the functionality, experiment with real scenarios, and provide feedback that will help shape future improvements. 

Versatile Use Cases 

Prompt columns are ideal for: 

• Customer support: Automate responses to frequently asked questions by using AI prompts to generate accurate and timely replies based on customer inquiries stored in Dataverse.  

• Content creation: Use prompts to assist in writing articles, reports, or marketing materials by generating text that aligns with the input provided.  

• Data analysis: Leverage AI prompts to analyze complex datasets and generate insights, sentiments, extract and classify contents or summaries that help in making informed decisions.  

• Workflow automation: Integrate AI prompts into business workflows to automatically execute tasks such as scheduling, reporting, and data entry.  

Four Easy Steps to Get Started 

1. Go to https://make.powerapps.com/. 

2. Open or create a table. 

3. Add a new column and select Prompt (preview) as the data type. 

4. Write your prompt, link input columns, and test your results. 

Your Turn: Try Prompt Columns in Dataverse

Prompt Columns make Dataverse a powerful engine for integrating generative AI directly into your business logic, so you can easily interpret, enrich, and act on your data. Learn more:

• For detailed steps and best practices, check out: https://learn.microsoft.com/power-apps/maker/data-platform/prompt-column . 
• Watch how prompt column is used together in agents from Build session https://youtu.be/Nx-011g0710?si=FC_SwtGsH50oujgW
• Listen to a podcast about Dataverse in the Age of AI: Episode 89: Dataverse in the Age of AI (w/ Julie Koesmarno) | Low Code Approach
• Watch the EPPC keynote on Building the Agentic Data Platform for Tomorrow’s Business: EPPC25 Keynote – Nirav Shah – Building the Agentic Data Platform for Tomorrow’s Business
• Catch up with our latest sessions at Microsoft Build: Dataverse at Build: The Agent Platform Powering the Future of Agentic AI – Microsoft Power Platform Blog

The post Enrich Your Dataverse Tables Using AI Prompt Columns appeared first on Microsoft Power Platform Blog.

Microsoft Power Platform empowers you to do more with less by making it easier than ever to securely scale low-code adoption, increase organizational collaboration, and infuse AI and automation into all your business processes. Microsoft Power Platform comes with advanced risk and compliance features that give you an easy cost-effective way to cover your risks and compliance needs.

Protecting your data and meeting your compliance needs

CMK allows customers to meet their data and privacy regulatory requirements, and to meet the enterprise promise on enabling customers with greater control over the security of their data.

Encryption is one of several defenses-in-depth that are available to secure storage. All the customer data and configuration information stored in Power Platform is encrypted at rest with strong Microsoft-managed encryption keys by default. Using CMK provides added data protection control, by allowing customers to manage their own encryption keys. When managed key encryption is used, all business-critical data is encrypted with a user-provided Azure Key Vault key. This provides the ability for customers to rotate/swap the encryption key on demand. It also provides the ability for customers to revoke Microsoft’s access to sensitive information by revoking the access to the key, at any time.

The control and management of using your own key to encrypt data at-rest is one of the main risks and compliance requirements for enterprises using Cloud software-as-a-service applications. Power Platform provides this CMK service in a cost-effective way to help you meet your needs.

Mercedes Benz has found success with CMK in Dataverse overarchingly, as it’s made it easier for them to build more complex solutions on their enterprise-data. 

“Preventing other parties from accessing data stored in the cloud has been a key concern for Mercedes-Benz from the beginning. This is becoming even more important as we embraced the “cloud-first” paradigm striving to make the most out of cloud capabilities. We deem the risk so severe that we do not allow confidential data to be stored in the cloud if that risk is not mitigated properly. This made the use of Dataverse and the low-code/no-code capabilities complex using the Power Platform. Microsoft’s new security features help a lot in this regard, CMK being the key aspect but not underestimating the rest like IP-based cookie binding and IP firewall, subnet delegation, and others. While the features in [themselves] are changing the game, the support, consulting, and help implementing these are a constant boon for our security efforts and just one more reason why we place our trust in Microsoft’s Power Platform.”

—Patric Liebelt, Lead Center of Enablement Microsoft Power Platform, Mercedes-Benz

How do you control and manage your encryption key

The Azure Key Vault admin creates a key vault and generates an encryption key. A Power Platform Enterprise policy is then created which points to the key. The key vault admin grants the Power Platform Enterprise policy access to the key vault to read the key, and then grants a Power Platform local admin Read access to the Power Platform Enterprise policy.

The Power Platform local admin logs into the Power Platform Admin Center (PPAC) and add the Power Platform environment to the Power Platform Enterprise policy. All the environment data is automatically encrypted with the encryption key.

You can choose to add one environment or multiple environments for each Enterprise policy. And you can remove the environment from the Enterprise policy at any time to revert the encryption back to Microsoft-managed key.

Customer has total control of the encryption key that resides in their own Azure Key Vault. Microsoft Support staff does not have access to your key vault and/or your key, and therefore you have overall control over how and when your data can be used. If you delete or revoke access to your key vault and/or the key, all the environment(s) that is encrypted with the key will be disabled and can no longer be accessible by your users and/or Microsoft.

Learn more

Manage your customer-managed encryption key in Power Platform – Power Platform | Microsoft Learn

The post Announcing General Availability for Power Platform Customer-managed key (CMK) appeared first on Microsoft Power Platform Blog.

Users are no longer restricted to accessing/managing data in their own business unit. They can now access and own records across business units. Security roles from different business units can be assigned to the users regardless of the business unit the users belong to. This feature enables the Owning Business Unit column of the record so that it can be set/updated by the users. The Owning Business Unit column determines the business unit that owns the record.

This feature is currently being rolled out for Public Preview during the months of November and December, 2021. Power Platform admins can enable this feature in their environment via the Power Platform admin center.

1. Select the Environments tab, and then choose the environment that you want to enable this feature for.
2. Select Settings > Product > Features.
3. Turn On the Record ownership across business units (Preview)

Note: for Public preview, please enable this feature switch for your non-production environments.

See Modernize Business Unit video for a demo of this feature.

Full documentation of this capability can be found:

1. Dataverse security concept on Business Units
2. Modernize business unit – Matrix data access structure
3. Introducing Owning Business Units
4. Assign security roles from different business units
5. Manager hierarchy direct report’s business unit and manager’s business unit
6. Change the business unit for a user
7. Change the owner and/or business unit of a record
8. Cascading effects for parental table relationship behaviors when owner and/or business unit of a record is changed

Try it out and let us know what you think!  And stay tuned for when it is released for General Availability.

The post Announcing Public Preview for modernize business units appeared first on Microsoft Power Platform Blog.

See the following for details:

1. Manage application users in the Power Platform admin center – Power Platform | Microsoft Docs
2. Security roles and privileges – Power Platform | Microsoft Docs
3. Create users and assign security roles – Power Platform | Microsoft Docs
4. Dataverse teams management – Power Platform | Microsoft Docs

The post Administer Application Users, Security roles, Teams, and Users in the Power Platform admin center appeared first on Microsoft Power Platform Blog.