Overview

Power Platform Managed Identity utilizes workload identities based on Federated Identity Credentials (FIC). You have the option to provision either a User Assigned Managed Identity (UAMI) or an Application Registration and configure Federated Identity Credentials (FIC). Application Registration enables you to apply Azure policies to Power Platform resources, such as Dataverse plug-ins.

You have two options for provisioning of managed identities:

1. User Assigned Managed Identity (UAMI): You can provision a User Assigned Managed Identity (UAMI) in Azure. Dataverse plug-ins can use this identity to connect to Azure resources that support managed identity. In this case, you cannot enforce Azure policies.
2. Application Registration: By provisioning the application in Microsoft Entra ID, you establish an application context and Identity that can connect to Azure resources supporting managed identity.  This allows you to apply Azure policies to the application, ensuring that Power Platform resources, such as Dataverse plug-ins, adhere to these policies.

You need to configure Federated Identity Credentials (FIC) in both options to enable managed identity.

Supported scenario

Currently, Power Platform Managed Identity supports Dataverse plug-ins. This means that Dataverse plug-ins can connect to Azure resources that support managed identities without the need to manage credentials. By leveraging managed identities, the connection process becomes more secure and streamlined, as it eliminates the risks associated with credential management. This feature ensures that Dataverse plug-ins can access necessary Azure resources seamlessly and securely, enhancing overall efficiency and security.

Today we support Managed Identity for Independent Software Vendor (ISV) plug-ins within the context of their environment. For example, an ISV plug-in installed in the environment, will have access to the resources within the scope of the environment. However, it will not have to access resources within the ISV tenant.

Availability

Power Platform Managed Identity support for Dataverse plug-ins is available in public preview to all our customers in public cloud.

Call to action

• Start by following the step-by-step instructions – Set up Managed Identity support for Dataverse plug-ins
• Learn more about Power Platform Managed Identity
• Share your feedback

The post Announcing public preview of Power Platform Managed Identity support for Dataverse Plug-ins appeared first on Microsoft Power Platform Blog.

Overview

Power Platform Managed Identity utilizes workload identities based on Federated Identity Credentials (FIC). You have the option to provision either a User Assigned Managed Identity (UAMI) or an Application Registration and configure Federated Identity Credentials (FIC). Application Registration enables you to apply Azure policies to Power Platform resources, such as Dataverse plug-ins.

You have two options for provisioning of managed identities:

1. User Assigned Managed Identity (UAMI): You can provision a User Assigned Managed Identity (UAMI) in Azure. Dataverse plug-ins can use this identity to connect to Azure resources that support managed identity. In this case, you cannot enforce Azure policies.
2. Application Registration: By provisioning the application in Microsoft Entra ID, you establish an application context and Identity that can connect to Azure resources supporting managed identity.  This allows you to apply Azure policies to the application, ensuring that Power Platform resources, such as Dataverse plug-ins, adhere to these policies.

You need to configure Federated Identity Credentials (FIC) in both options to enable managed identity.

Supported scenario

Currently, Power Platform Managed Identity supports Dataverse plug-ins. This means that Dataverse plug-ins can connect to Azure resources that support managed identities without the need to manage credentials. By leveraging managed identities, the connection process becomes more secure and streamlined, as it eliminates the risks associated with credential management. This feature ensures that Dataverse plug-ins can access necessary Azure resources seamlessly and securely, enhancing overall efficiency and security.

Today we support Managed Identity for Independent Software Vendor (ISV) plug-ins within the context of their environment. For example, an ISV plug-in installed in the environment, will have access to the resources within the scope of the environment. However, it will not have to access resources within the ISV tenant.

Availability

Power Platform Managed Identity support for Dataverse plug-ins is available in public preview to all our customers in public cloud.

Call to action

• Start by following the step-by-step instructions – Set up Managed Identity support for Dataverse plug-ins
• Learn more about Power Platform Managed Identity
• Share your feedback

The post Announcing public preview of Power Platform Managed Identity support for Dataverse Plug-ins appeared first on Microsoft Power Platform Blog.

We are excited to announce that the virtual network support for Dataverse plug-ins within Microsoft Power Platform is now generally available for all our customers in public cloud! This feature allows you to protect your outbound connections from Power Platform Dataverse plug-ins to resources within your private network. Virtual network support for Power Platform is based on Azure subnet delegation. With Azure subnet delegation, you can delegate your subnets to the Power Platform and configure it to run the services within your delegated subnet. This way, you can securely manage your egress traffic from the Power Platform according to your network policy.

Power Platform Approach to securing outbound connectivity.

Virtual network support for Power Platform is optimized to handle API (Application Programming Interface)-centric workloads, and hence is the recommended approach for outbound connectivity from Power Platform services to resources within your network when using Dataverse plug-ins and Power Platform Connectors. For Power BI and Power Platform Dataflows (PPDF), the recommended approach is to use virtual network data gateway, which is optimized to handle ETL (Extract, Transform, Load) workloads.

Overview of the feature

This feature is particularly useful for customers who have security and compliance requirements to secure their data by protecting outbound traffic from Power Platform.

With virtual network support, you will be able to solve following key problems.

• You don’t have to expose private endpoint protected resources within your VNet to the internet to allow Power Platform services to connect to these protected resources, thereby protecting your data.
• You don’t have to allow-list sets of Power Platform IP’s ranges or service tags to allow Power Platform services to connect to resources within your VNet, thereby protecting the resources from unauthorized access.

Currently, you can use secured private outbound connectivity from Dataverse plug-ins to enhance the security of data integration with external data sources within your secured private network from your Power Apps, Power Automate, and Dynamics 365 apps.

Unlocking Secure Data Integration with Microsoft Copilot Studio in Power Platform

In today’s interconnected world, secure data integration is crucial for organizations. Microsoft Copilot Studio offers robust solutions for fetching and processing data securely. Let’s explore scenario where Copilot Studio demonstrates the network security capability of Power Platform:

Scenario #1: Fetching Customer Data from a Web API Hosted in Azure

Imagine you need to retrieve customer data securely from your Web API hosted in Azure. Copilot Studio seamlessly orchestrates the process:

1. Microsoft Copilot Studio Initiates a Power Automate Flow: Copilot Studio triggers Power Automate flows through a command that include Dataverse unbound plug-in action.
2. Dataverse Plug-in Calls a Web API: The Power Automate flow makes a secure call using Dataverse Plug-in to a private endpoint-protected Web API. This ensures that customer data retrieval remains secure.

Learn more about this scenario through this video, please note the SQL connector VNet support is in preview.

Availability and Licensing

Virtual network support for Dataverse plug-ins is generally available to all our customers in public cloud and licensing information is available in this article Virtual Network support for Power Platform overview – Power Platform | Microsoft Learn
Call to action.

• Enable Virtual Network support for Dataverse plug-ins.
• Learn more about supported services within Power Platform Virtual Network support for Power Platform overview – Power Platform | Microsoft Learn
• Get started – Step by step instructions Set up Virtual Network support for Power Platform – Power Platform | Microsoft Learn
• Watch these demos.
  • Set up virtual network support for Power Platform (youtube.com)
  • Copilot Studio: Secure Data Access via Dataverse Plug-in & SQL Connector​ (youtube.com)
  • Power Apps accessing the SQL database using SQL connector (youtube.com)

The post Next-Level Connectivity Security: Dataverse Plug-ins Embrace Virtual Networks! appeared first on Microsoft Power Platform Blog.