How to attend? If you’re interested in participating at one or more locations alongside peers from your organization, please register at no cost for these events using the links below. Seats are limited and exclusive to qualified customers. Register now to secure your spot!

👉 Register for Power Platform Events (three days each):

• Dallas: February 11–13
• Chicago: February 18–20
• Redmond: March 4–6
• Toronto: March 11–13
• New York: March 11–13
• Atlanta: May 13-15
• Stockholm: May 26-28
• Brussels: June 24-26
• Singapore: June 23-25

👉 Register for Copilot Studio Events (two days each):

• Redmond: February 25–26
• Atlanta: March 4–5
• Houston: March 19–20
• Munich: April 22-23
• Sao Paulo: May 7-8
• Paris: May 14-15
• Tokyo: May 15-16
• Milan: May 28-29
• Toronto: June 4-5

These exclusive Kickstarter workshops are delivered to qualified customers at no cost as multi-day in-person events at local Microsoft offices. The sessions will be delivered by our expert Kickstarter delivery partners with members from Power CAT joining in select locations.

The three-day Power Platform events focus on Enterprise Grade Governance and Scale Workloads pillars. These include governance, security, and architecture workshops that are based on Power CAT best practices and the guidance found at Power Well-Architected.

The two-day Copilot Studio events focus on the Conversational AI and Agents pillar – you will be introduced to agent building capabilities in Microsoft Copilot Studio and participate in envisioning exercises to identify relevant use cases for your organization.

Why Participate? Engaging in these deep dive workshops as a team will enable your organization to learn about the latest capabilities, understand best practices for scalable adoption, and envision relevant agentic scenarios for your business. You will leave feeling empowered to drive a meaningful Power Platform and AI adoption strategy catered to the needs of your organization.

Our workshops are more than just events – they’re a launchpad for a transformative change! Check out the full catalog of the eight Kickstarter workshops that are aligned to pillars and the respective personas:

Power Platform: Three Days to Secure, Scalable, High-Performing Solutions

Transform your organization with this value-packed, three-day workshop series, offering best practices and actionable insights to design and optimize secure, enterprise-ready Power Platform solutions:

• Day 1: Designing Secure and Compliant Governance – Tailor strategies to safeguard and scale Power Platform adoption.
• Day 2: Power Platform Security – Tackle compliance, monitoring, and data protection challenges with expert guidance.
• Day 3: Building Well-Architected Solutions – Create reliable, scalable solutions using proven Microsoft practices.

Leading with AI: Two Days to Build Secure and Scalable AI Solutions

Unlock the power of Generative AI and Microsoft Copilot Studio with this immersive, two-day workshop designed to transform your business:

• Day 1: Introduction to Copilot Studio, Transforming IT Operations with Conversational AI, Autonomous Agents and AI Builder, Discover High-ROI use cases for Agentic Solutions
• Day 2: Developing an AI-Powered HR Helpdesk, creating an autonomous Employee Onboarding Solution, Envisioning and Building with Copilot Studio.

Hope to see you at a city near you. We plan to add additional cities and virtual options in the coming weeks! For additional information or questions, please contact: KSEvents@microsoft.com.

The post Register Now for Power Platform and AI workshops in a city near you! appeared first on Microsoft Power Platform Blog.

IP cookie binding in Dataverse

IP based cookie binding is a security technique that helps protect Dataverse against cookie replay attacks. A cookie replay attack occurs when an attacker intercepts a valid cookie and exploits it to impersonate the user who originally created the cookie. IP based cookie binding addresses this threat by evaluating the IP address associated with the cookie in the request. If the IP address in the request does not match the IP address of the device where the cookie was originally created, the Dataverse API will automatically reject the cookie and prompt the user with a message indicating that their session may have been compromised. This ensures that only the legitimate and authorized user is able to access the protected resources and prevents attackers from using stolen cookies to gain unauthorized access. IP based cookie binding is a real-time solution, which means it can detect and prevent cookie replay attacks as soon as they occur, providing an added layer of security for the customer’s organization.

How can I enable this feature?

Power Platform administrators can enable this feature in their environments via Power Platform admin center. This feature is turned off by default.

• Select the Environments from the left navigation bar and click on the environment where you want to enable this feature.
• Select Settings –> Product –> Privacy + Security
• Turn on the “Enable IP address-based cookie binding”

More details about this feature are available here

The post IP based cookie binding in Dataverse is Generally Available. appeared first on Microsoft Power Platform Blog.

Microsoft Dataverse is a cloud-based, low-code solution that lets you securely store and manage data that’s used by business applications. With your data stored in Microsoft Dataverse, there are many ways to access or modify it. You can work with the data natively with tools such as Power Apps or Power Automate, or through connectors and APIs you can link to Microsoft Dataverse from any business solution. Dataverse was built for powerful, scalable solutions. 

Security In Dataverse 

The goals of the Dataverse security models are as follows: 

• To provide users with the access only to the appropriate levels of information that is required to do their jobs. 
• To categorize users by role and restrict access based on those roles. 
• To support data sharing so that users and teams can be granted access to records that they do not own for a specified collaborative effort. 

• To prevent a user’s access to records the user does not own or share. 

Why Choose Dataverse? 

• Security: Dataverse handles authentication with Azure Active Directory (Azure AD) to allow for conditional access and multi-factor authentication. It also provides rich auditing capabilities. 

• Logic: Dataverse allows you to easily apply business logic at the data level. Regardless of how a user is interacting with the data, the same rules apply. These rules could be related to duplicate detection, business rules, workflows, or more. 
• Data: Dataverse offers you the control to shape your data, allowing you to discover, model, validate, and report on your data. This control ensures your data looks the way you want regardless of how it is used. 
• Storage: Dataverse stores your physical data in the Azure cloud. This cloud-based storage removes the burden of worrying about where your data lives or how it scales.  
• Integration: Dataverse connects in different ways to support your business needs. Data exports and other tools give you the flexibility to get data in and out. 
• Auditing: The Dataverse auditing feature is designed to meet the external and internal auditing, compliance, security, and governance policies that are common to many enterprises. 

• Data Loss Prevention: The Power Platform and Dataverse protects your data with Microsoft Data Loss Prevention (DLP) both data at rest and in transit. 

Building Secure Hybrid Environments 

As organizations accelerate the transition to the cloud there is a higher need and reliance on advanced technologies when making business and operational decisions.  

• Connected: From anywhere in the world and at any time, your workers can access cloud-based services and data in your Microsoft 365 subscription and organizational resources, such as those offered by on-premises application data centers. 
• Secure: Sign-ins are secured with multi-factor authentication (MFA) and built-in security features supported by Azure AD which helps protect against malware, malicious attacks, and data loss. 
• Managed: Your hybrid worker’s devices can be managed from the cloud with security settings, allowed apps, and compliance with system health. 
• Collaborative and productive: Your hybrid workers can be as productive as on-premises in a highly collaborative way with online meetings and chat sessions with Teams, shared workspaces for cloud-based file storage with global accessibility and real-time collaboration with SharePoint and OneDrive, and shared tasks and workflows to divide up the work and get things done. 

Additional resources:

• Learn more about Dataverse Security features and capabilities covered in the Microsoft Dataverse Security white paper.  
• Learn more about the other Microsoft cloud solutions to help you build unified and seamless experiences across platforms.  

• Microsoft Azure 
• Microsoft 365 
• Microsoft Dynamics 365 

• Learn more about available licenses by downloading the Dynamics 365 Licensing Guide 

The post Security in Microsoft Dataverse  appeared first on Microsoft Power Platform Blog.

Power Apps has had Content Security Policy (CSP) support for model-driven apps since the beginning of the year, which was configured by running script as a System Administrator.

With these new capabilities, you can now control the CSP header for model-driven as well as canvas apps in the environment in Power Platform Admin Center. CSP can be configured in both enforced and report-only mode.

Configuration in Power Platform Admin Center

CSP can be configured using the Content security policy settings under the Privacy + Security section of an environment in Power Platform Admin Center. Turning enforcement on will provide protection against clickjacking attacks for apps in that environment. CSP is configured independently for model-driven and canvas apps, except for reporting which applies to both.

Reporting and enforcement are disabled by default, and we recommend you turn on enforcement in your production environments only after testing your apps in a sandbox environment with CSP turned on to ensure any intended functionality isn’t blocked due to this change. We also recommend turning reporting-only mode on in production before enforcement to catch any lingering issues before enforcement is enabled.

CSP support for canvas apps

Model-driven apps have had the ability to send default and custom CSP for some time. With this update we’ll support CSP for canvas apps as well. The default and customizable pieces of the CSP header are the same for both model-driven and canvas, but they are configured independently, allowing you to perform a gradual CSP rollout.

Violation reporting

As part of the CSP settings, you can also enable reporting and provide a custom reporting endpoint to receive any content security policy violation reports. This capability helps preview what violations would be blocked before turning it on completely. Refer to the Content Security Policy documentation for details on building reporting endpoint.

Please review the documentation for more details and as always, we would love to hear from you on how we could keep improving this feature. Please leave your feedback and comments on this post.

The post Announcing public preview of Content Security Policy for Power Apps appeared first on Microsoft Power Platform Blog.

Data Stewardship to Scale

The most inspiring reason for learning Dataverse is the breadth of capabilities you can use to set strong standards for data stewardship. As per Wikipedia: “Data Stewardship means the formalization of accountability over the management of data, and the data-related resources. So, while data governance programs set the rules, data stewardship oversees the smooth implementation of those rules.” Therefore, data stewards seek a comprehensive approach to data management to ensure the quality, integrity, accessibility and security of the data.

How does Dataverse help? Dataverse is designed to be more than just a database. It can also include data from other data sources, for example through virtual tables. Everyone can take advantage of the built-in Common Data Model (CDM) tables designed to support strong communications between you and the businesses you partner with. Of course, you can also easily create custom tables, views, and forms. But don’t stop there! Take the data model to the next level by layering business logic, rules, and process flows to maintain data integrity and guide participants through important process steps or milestones. This end-to-end approach of optimizing enterprise data models enables both solution makers and business analysts to use, and to share data, with confidence.

Get started right away extending the value of tables and leveraging business rules with the new “Formula Fx Column“. The Formula Fx Column enables us to use Excel-like expressions within table columns (aka Power Fx). In the solution below, I’ve added a column to check when the current contract value exceeds 30% of the original bid value. Now Dataverse will trigger process alerts through Power Automate when this occurs. Since the logic is built into the data, all the Makers (new and old) will automatically gain this logic when they build apps using this table; no matter what type of app they build!

TIP: Leverage Formula Fx columns to drive consistency in process and notifications

Granular Security

Microsoft consistently prioritizes security and customer trust. Anyone can learn more about Microsoft’s Security and Trust commitment, or specifically about security and compliance for the Power Platform. So, why do I call this out as one of the three reasons for learning Dataverse? Because Dataverse brings security to the next level with its scenario-focused approach that facilitates a wealth of data visibility, security, compliance and auditing. Dataverse manages these through several layers of controls making it a platform with security on steroids. Some of the most commonly used layers of security include, but are not limited to:

• The Environment: The environment itself is the root container in the tenant for Dataverse. So it’s easy to assign a Security Group (“SG”) to an environment. This will constrain the environment contents (such as database tables) to members of that SG.
• Column-Level Security: Each column within a record can be configured for column-level security. Now we can decide to share all Customer Account details with the Sales team, but restrict access related to contract value and invoicing to only the Finance team.
• Role-Based Security: Dataverse uses role-based security (RBS) to group together a collection of privileges. These security roles can be associated directly to users, or they can be associated with Dataverse teams and business units. Users can then be associated with the team, and therefore all users associated with the team will benefit from the role. My favorite thing about this is that you can create roles and then insert them into the Solution Package so they can easily be reused there or in other solutions.

This layered approach to security and record visibility supports the diversity of requirements needed for common business scenarios. It’s not just about ‘who can access what data’, it’s also about facilitating need-to-know visibility by combining layered security with filters and views to aid in discovery, yet reduce noise in a people-friendly methodology.

Note the roles and the people in the image below. They are all working on a construction project but they have varied data access constraints and requirements. Dataverse can ensure that each individual gets to what they need to know, when they need to know it.


TIP: Simplify, and reuse, Security Roles by storing them in Power Platform Solutions:

Extended Integration Powers

Not all of our data starts or ends in Dataverse. Dataverse is designed to help you to orchestrate all your enterprise data needs, no matter where that data is stored. In many cases we will want to migrate, synchronize with, or simply just view data virtually within Dataverse.

Both migration and synchronization occur easily using Dataflows. Dataflows are a self-service, cloud-based, data preparation technology. Dataflows enable customers to ingest, transform, and load data into Dataverse environments, Power BI workspaces, or your organization’s Azure Data Lake Storage account. Customers can trigger dataflows to run either on demand or automatically on a schedule; data is always kept up to date.

But wait, you don’t always have to move or synchronize data! In many cases, having a “virtual” table is the best choice for leveraging the data directly from the source. Any business user can create virtual connections to data external to Dataverse. Check out the new virtual table providers for SQL, SharePoint, and Excel for example. Thanks to virtual table providers, we can now take advantage of data outside of Dataverse to layer it into our solutions, or to enable more complex scenarios that require modern technologies such as Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT), Azure functions, extended compute power, and/or dynamic query-driven tables.

TIP: Optimize solutions by layering data sources that you rely on every day using virtual tables

My favorite service integrations are those related to optimizing Business Intelligence (BI) insights (such as with Power BI), and the wide selection of Azure service partnerships, such as with Azure Synapse. Azure Synapse extends both compute power and our ability to create dynamic table queries through the use of Spark or SQL select statements. Both existing Dataverse tables and query tables created in Azure Synapse, provide creative opportunities for visualizations and insights in Power BI (learn more in this demo).

TIP: Take advantage of Spark and SQL Select statements along with the enhanced compute power of Azure Synapse

Conclusion

There is definitely a broad return on investment when it comes to learning Dataverse.

• Data Stewardship to Scale – helps us to reuse data and set standards across our business
• Granular Security – secures data across the domain, across tables, including column and role based security
• Entended Integration Powers – enables us to bring data from anywhere we need it into our solutions

Get started learning today:
Microsoft Learn for Dataverse
Additional resources:

1. Security Concepts
2. Power FX and Business Rules
3. Virtual Table Connector Providers
4. Azure Synapse Link for Dataverse

The post 3 Primary Reasons to Learn Dataverse appeared first on Microsoft Power Platform Blog.