Then, customers like you pushed us further.

You told us where agents didn’t scale, where authentication slowed runs, and where it was hard to understand why something failed—or to prove it behaved correctly. You also told us where your organization needed more control, visibility, and flexibility before rolling out CUAs broadly.

Today’s updates are a direct response to that feedback.

Computer‑using agents in Microsoft Copilot Studio now offer more model choice, stronger security and governance, and easier scale—so you can automate more of your work across web and desktop apps with confidence.

Here’s what’s new—and why it matters.

Choose the right model to navigate dynamic interfaces

Computer-using agents now support multiple foundation models, including Anthropic’s Claude Sonnet 4.5 alongside OpenAI’s Computer-Using Agent. This gives you the flexibility to choose the best fit for each agent, based on the interface and the task.

• Use OpenAI Computer-Using Agent to orchestrate multi‑step web and desktop flows.
• Opt for Anthropic Claude Sonnet 4.5 when you need high performance reasoning on dynamic user interfaces (UIs) and interpretation of dense, changing dashboards.

Secure authentication with built in credentials and Azure Key Vault

Authentication shouldn’t be the reason automations stall. Computer use now offers built‑in credentials so agents can:

• Securely perform website and desktop app logins
• Reuse them across multiple agents and automations
• Eliminate manual login prompts during runs, enabling unattended execution

For example, if an agent needs to log into a vendor portal and update a desktop ERP every night, built-in credentials now let the agent authenticate to both the web portal and the desktop app automatically. This removes manual interruptions and makes overnight processing dependable while maintaining governance controls. No need to babysit “unattended” runs.

You can choose between two storage options aligned to your governance needs: internal storage (encrypted in Microsoft Power Platform) for low-friction setup, or Azure Key Vault for enterprise-grade secret management.

Credentials are encrypted and are never exposed to the AI model, so only authorized agents can access them. This way, your security and compliance team can feel confident scaling CUAs to more scenarios.

See every computer-using agent action with session replay and audit logs

As agents touch more business‑critical systems, teams need to know what happened, why it happened, and where.

Computer use now has advanced monitoring and richer observability, so operations, security, and compliance teams can inspect behavior step‑by‑step. This includes:

• Session replay with screenshots
• Step‑by‑step action logs (with action types, coordinates, timestamps, and context)
• Run summaries (instruction text, duration, action counts, average time per action, and human escalation counts)
• Resource tracking (including websites, desktop apps, credentials used)
• Export options for offline review

But what does this look like in practice? Imagine an agent run produces an unexpected update, and your team can’t tell whether the agent misread the UI, clicked the wrong control, or encountered a hidden pop‑up.

Session replay and action logs now show exactly what the agent saw and did, pinpoint the step where the UI changed, and produce an exportable record for audit review. That way, you can fix issues faster and retain a defensible compliance trail.

Beyond the monitoring pane, compliance is further strengthened through:

• Microsoft Purview integration, sending audit logs to Purview
• Dataverse logging with configurable verbosity—choose All data, Data without screenshots, or Minimal
• Retention options from 7 days to indefinite, to match regulatory and governance requirements

Simplify infrastructure with managed Cloud PCs for computer-using agents

Scaling UI automation shouldn’t require managing fleets of desktops or fragile virtual machines. The new Cloud PC pool, powered by Windows 365 for Agents, provides fully managed cloud‑hosted machines that are Microsoft Entra joined and Intune enrolled, designed for computer use runs and built to scale with demand.

In other words, these Cloud PC pools provide managed capacity for high-volume runs when demand spikes—without the overhead of keeping dedicated hardware patched, available, and idle the rest of the time. This way, your team can handle spikes without over-provisioning hardware.

Note: For evaluation, you can create up to two Cloud PC pools per tenant with 50 hours of free usage for published autonomous agents—making it easier to pilot CUAs at scale before broader rollout.

Extend—don’t replace—your automation

If you’ve built automations with Microsoft Power Automate and RPA, computer use expands what you can automate—especially when:

• Interfaces change frequently
• APIs aren’t available
• Decision logic becomes more complex

Thankfully, you can keep classic RPA for deterministic scenarios with stable interfaces. CUAs then add flexibility and adaptive reasoning where RPA falls short (such as dynamic web apps, shifting layouts, or complex decisioning). After all, the goal isn’t to start over—it’s to modernize and extend what you already have.

For example, say you have an RPA bot that depends on fixed selectors. Historically, it broke each time a web form changed, forcing constant script updates.

Now, the RPA stays the same, while a CUA handles the variable UI portions—navigating changing layouts, interpreting dialogs, and escalating edge cases. The result? Reduced maintenance and improved reliability.

Get started and help shape what comes next

Ready to try computer‑using agents in a US‑based Copilot Studio environment?

1. Create or open an agent in Microsoft Copilot Studio.
2. Go to Tools → Add tool → New tool and select computer use.
3. Describe the task you want the agent to perform in natural language.
4. (Optional) Choose a model, configure built‑in credentials, and set up a Cloud PC pool for secure, scalable runs.

For deeper guidance, configuration details, and best practices, see the computer use documentation.

Before you go: We’re actively investing in advanced governance, operations, and scale for CUAs—and customer feedback directly informs the roadmap. Tell us what you think of the latest CUA updates today:

• Email feedback to computeruse-feedback@microsoft.com
• Join the Copilot Studio community

The post Computer-using agents now deliver more secure UI automation at scale appeared first on Microsoft Power Platform Blog.

Microsoft Power Platform is designed to meet that challenge. It empowers teams to build solutions faster, automate more processes, and scale across the business within a framework that puts security and governance first. With tools that are AI-ready and built for enterprise-grade environments from Copilot-assisted development to intelligent threat detection and posture management, the platform helps organizations move with both agility and control.

Let’s break down the facts about building secure, modern applications.

Fact: Low code does not mean low security

Despite the ever-growing usage and strong ROI, there are still people who think that low-code tools are not built for enterprise grade applications. Power Platform proves otherwise by delivering a comprehensive, layered security model designed to meet the demands of large organizations. As part of a managed security approach, the platform integrates governance and security controls directly into the development lifecycle ensuring that policies are consistently applied across environments.

From identity and access management to data protection and network security, Power Platform provides native capabilities that reduce risk without slowing innovation. Features like role-based access control, conditional access for individual apps, and data loss prevention policies are all included. Azure Virtual Network (VNet) helps keep apps and data private by creating a secure connection that blocks public internet access and limits traffic to only trusted sources.

Visibility and access control are central to this approach. Power Platform includes tenant-level analytics and inventory tracking that allow IT teams to monitor what’s being built, which connectors are in use, and whether apps are operating within approved environments. Advanced connector policies complement these tools by helping enforce data boundaries and prevent unauthorized connections, rather than providing direct visibility or access control. With tools like IP filtering, cookie binding, and role-based permissions, IT can ensure that only the right users have access to sensitive data. This helps prevent shadow IT before it starts giving teams a secure space to innovate while ensuring IT retains oversight.

The platform’s approach to security also extends to AI and agents. Security is enforced across all components of the platform, including apps and AI agents. As organizations adopt tools like M365 Copilot and Copilot Studio, Power Platform provides a secure foundation for building and deploying AI agents. These agents follow existing data loss prevention policies, access controls, and network protections, ensuring AI adoption does not create new exposure.

Power Platform also provides the flexibility to extend Copilot Studio agent protection beyond default safeguards with additional runtime protection. Organizations can choose to integrate additional monitoring systems such as Microsoft Defender, custom tools, or other security platforms for a defense-in-depth approach to agent runtime security.

Centrica, the UK’s largest retailer of zero-carbon electricity, is a good example of secure low-code innovation. With over 800 Power Platform solutions and 15,000 users, Centrica maintains enterprise-grade governance by embedding security, oversight, and controls into every stage of development.

Accenture also demonstrates how Power Platform helps reduce risk at scale. By giving more than 50,000 employees the ability to build within defined guardrails, the company reduced demand for short-term IT projects by 30%. Their approach to low-code governance helped them gain visibility into platform activity while supporting global collaboration. As one Accenture executive put it, “For us, we define shadow IT as things we cannot see or control when we need to. By standing up the platform and inviting our people to create and build—at its very core we have gained visibility into what people are doing and how they are connecting, which starts governance at the platform level.”

Fact: You do not have to outsource to be compliant

There is a perception that distributed development models increase compliance risk. Power Platform addresses this with centralized administration and clear visibility into who is building, what they are building, and how data is being used.

From the Power Platform admin center, IT teams can configure environments, enforce policies, and monitor usage across the entire organization. Tools like Dataverse audit logging, Microsoft Purview integration, and Lockbox support provide deep visibility into sensitive operations and data access.

Purview enhances compliance by enabling data classification, sensitivity labeling, and activity tracking across Power Platform environments. It also helps organizations enforce retention policies and ensure data governance requirements are met supporting alignment with global regulations like GDPR and HIPAA.

AI capabilities introduce new governance needs, which Power Platform meets with built-in support for risk assessment and proactive recommendations. Copilot capabilities also assist admins in identifying misconfigurations and streamlining compliance reporting.

Power Platform also integrates with Microsoft Sentinel and solution checkers to detect anomalies, surface vulnerabilities, and alert administrators to unusual behavior. Security posture management tools help teams assess and adjust configurations over time, helping organizations scale AI responsibly while maintaining strong governance.

PG&E is a case in point. With more than 4,300 developers and 300 Power Platform solutions, the company has embedded governance and risk management into its development lifecycle. This approach has helped PG&E achieve more than $75 million in annual savings, while ensuring that compliance and oversight remain strong.

Fact: You are not alone in your administering. You have guidance and support.

Another misconception is that managing low-code platforms at scale requires external tools or consultants. Power Platform includes everything needed to govern, secure, and scale app development from within your organization.

IT admins can use Power Platform admin center and advisor to receive AI-driven, real-time recommendations tailored to their environment. These insights help assess environment health, refine governance policies, and proactively manage security posture. Advisor also provides a security score, giving teams a clear view of how well they are securing their environments and a concrete way to demonstrate progress and accountability to leadership.

The platform is designed to adapt to each organization’s structure and needs. Recommendations can be dismissed when covered by other controls, and environmental groups allow governance to be tailored to specific business units or departments. This flexibility ensures that security doesn’t get in the way of progress but works alongside it.

Advanced features like test automation, environment isolation, and integrated observability help maintain consistent performance. VNet integration allows organizations to connect securely to on-premises systems without exposing resources to the public internet.

An example of one of leading automotive manufacturers highlights these capabilities. The company used VNet support in Power Platform to securely connect AI agents to internal systems without relying on an on-premises data gateway. The result was faster deployment, better compliance with internal security policies, and more than 3,000 hours saved through improved data access.

Start building secure, scalable solutions

Foster innovation while still maintaining security and governance principles. Microsoft Power Platform gives IT leaders and developers the ability to move quickly while maintaining the control their organizations require. With built-in governance, privacy protections, and AI-powered insights, teams can confidently scale low-code development without introducing risk. You no longer have to choose between innovation and security. With Power Platform, you can deliver both.

Explore real-world success stories and best practices. Visit the Power Platform site and follow this blog for the next article in the series breaking down the facts of the modern development.

The post Breaking down the facts about secure development with Power Platform appeared first on Microsoft Power Platform Blog.

Why CodeQL

Security vulnerabilities can hide in plain sight especially in custom HTML and JavaScript that power dynamic site experiences. Traditional testing and QA often detect issues too late in the development cycle. However, CodeQL, a semantic code analysis engine from GitHub, scans your site’s codebase to identify vulnerabilities before they become security incidents. Whether it’s cross-site scripting (XSS), injection attacks, or insecure DOM access, CodeQL helps uncover these risks early and automatically.

When and Where CodeQL scan is Available

CodeQL scan is available in VS Code desktop for locally downloaded Power Pages sites. These are marked with the Current tag in your list of active sites. This means you must first download your site for local development using tools Visual Studio Code or Power Platform CLI.

To use this feature, make sure the Power Platform Tools extension is installed in Visual Studio Code (VS Code) Desktop. If you haven’t set up VS Code Desktop yet, see the Set up Visual Studio Code for Power Pages documentation for guidance. Once downloaded, the Run CodeQL screening option becomes available in the VS Code desktop’s Power Pages Actions view.

When selected, it:

• Performs static analysis on your HTML and JavaScript files
• Surfaces potential vulnerabilities across the codebase
• Provides actionable insights to remediate issues before publishing or deploying changes

Run a CodeQL security scan for your Power Pages site

Follow these steps to run a CodeQL security scan for your Power Pages site:

1. Download your Power Pages site locally using VS Code desktop
2. Open the downloaded site in VS Code desktop
3. Navigate to Power Pages Actions view and select the site from active site list
4. Right click on the site and select Run CodeQL screening command to initiate a security scan
5. Review the results, which highlight:
   • Vulnerable patterns in JavaScript
   • Deprecated or unsafe HTML usage
   • Code that could expose user data or be exploited by attackers

Benefits of using CodeQL Screening

• Shift-left your site security: Find issues during development, not post-deployment
• Higher code quality: Spot and fix security smells that affect performance and maintainability
• Compliance readiness: Improve your site’s posture for security audits and certifications

We are looking forward to your feedback

Security isn’t an afterthought it’s a core feature. With CodeQL Screening, Power Pages helps you build secure-by-design experiences for your customers and stakeholders.

• Learn more about developing Power Pages locally
• Get started with GitHub CodeQL on GitHub Docs

Explore these new capabilities and share your thoughts and experiences. Your feedback is crucial in shaping the future of Power Pages.

The post Strengthen Your Power Pages Security with CodeQL code scan appeared first on Microsoft Power Platform Blog.

Power Pages continues to enhance its default security framework and empowers users to confidently use the platform. As organizations increasingly rely on Power Pages for their external-facing portals, it’s essential to stay ahead of malicious actors who may attempt to exploit these sites for phishing.

The Phishing Detection Security Agent for Power Pages proactively scans and reviews public sites to identify suspicious activity. By doing so, it reduces reliance on external reports, accelerates remediation of confirmed threats, and ensures a more secure environment for the site users.

Key Benefits

• Enhanced trust and security: safeguards both your organization and end users by preventing phishing threats from being hosted on Power Pages.
• Secure by default: proactive monitoring helps catch issues preventively.
• Actionable notifications: admins are kept informed of suspensions and can take immediate steps if remediation is needed.

Capabilities at a Glance

• Suspension of confirmed phishing sites: If Microsoft detects and verifies phishing activity, the site is suspended to protect users.
• Admin notifications: Tenant admins are alerted via email, Microsoft Teams, and within the Power Platform Admin Center (PPAC) whenever a suspected portal is suspended.
• Dispute support: If a legitimate site is incorrectly flagged, admins can raise a support ticket with Microsoft to review and reinstate the site.

Admin Experience

Admins will be notified in multiple ways when action is taken:

• Power Platform Admin Center: Navigate to Manage Hub → Power Pages → Your Sites/Portal Hub to view suspension notifications.
• Email and Teams: Instant alerts are sent directly to tenant admins.
• Dispute resolution links: Every notification includes a direct link to contact Microsoft Support if a site needs to be reinstated.

Next Steps for Admins

To make the most of the Phishing Detection Agent:

1. Monitor notifications regularly in PPAC, using Teams, and email.
2. Review suspended sites promptly and raise disputes if you believe a site was incorrectly flagged.
3. Educate makers in your organization about secure site creation best practices to minimize risks.

Learn more: Protect your sites using phishing detection for Power Pages | Microsoft Learn

The post Protecting Your Organization with the Phishing Detection Security Agent for Power Pages appeared first on Microsoft Power Platform Blog.

Microsoft Power Platform enables organizations to build low-code apps and automation within your established governance, controls, and operational models. This framework can be applied to AI agents as well. Microsoft Copilot Studio is built upon the developments and experiences from Power Platform, allowing organizations to utilize their existing resources.

Copilot Studio plays a leading role in the agent shift. According to Microsoft’s FY25 Q3 earnings release, Copilot Studio has been used by over 230,000 organizations, including 90% of the Fortune 500¹. IDC project 1.3 billion AI agents by 2028². The scale and speed of adoption make one thing clear: governance is emerging as a critical priority.

CIOs should consider these five key areas:

1. A Governance Mindset Is Essential for Agents
2. Low-code Lessons Apply Directly to Agents
3. Driving Visibility, Cost Control, and Business Value
4. Empower Innovation with Guardrails
5. Community, Training, and Experimentation Drive Adoption

1. A Governance Mindset Is Essential for Agents

Agents don’t just respond to prompts. They initiate actions and operate across disparate systems. That means governance can’t be static. It must evolve to cover the growing agent behaviors and industry requirements.

Begin by considering agents as digital labor. Assign them trackable identities, define their roles and permissions, and continuously monitor their behaviour and performance.

According to Microsoft’s 2025 Work Trend Index, Frontier Firms—organizations powered by intelligence on tap and human-agent teams—are emerging through three phases of AI evolution: from assistants to digital colleagues running entire businesses processes. This progression is redefining collaboration, as humans shift from users to orchestrators of digital labor.

Not every agent should have the same level of autonomy. Some might only perform low risk activities like answering questions. Others, like a sales development agent, might handle RFPs and pricing proposals autonomously. CIOs should define tiers of autonomy and enforce them with technical guardrails. Just like you wouldn’t give a new hire full system access on day one, agents also need scoped permission and supervision. Consider the agent supervision across review, monitor and protect depending on the agent complexity.

Reviewers are responsible for identifying and reviewing AI-generated output and content to verify accuracy. Monitors observe and track the actions of AI and agents, enabling human or AI-based follow-up as necessary. Protectors have the ability to adjust or restrict AI and agent actions and permissions.

2. Low-code Lessons Apply Directly to Agents

If you have experience with Power Platform, you’re already familiar with this process. You can apply the same playbook: establishing a center of excellence, enforcing security measures like Data Loss Prevention policies, managed environments, and role-based access controls to agents as well.

Maintain consistency by applying your existing compliance, security, and audit frameworks to agents, updating them for new behaviors as needed. In addition to using Power Platform Admin Center, leverage other Microsoft tools like Purview and Entra ID, and ensure your governance framework supports safe innovation.

Additional IT guidance content can be found on the adoption site.

3. Driving Visibility, Cost Control, and Business Value

Visibility is the foundation of effective agent governance. Without it, agents can proliferate unchecked, leading to redundancy, security gaps, and unnecessary costs. This is why CIOs must establish reliable telemetry that offers deep insight into who created an agent, what data it accesses, how often it’s used, and the resulting impact on the organization’s resources.

Fortunately, tools like Copilot Studio’s built-in analytics and Power Platform Admin Center offer the transparency and insights to manage agent usage and costs effectively. By tracking consumption and reviewing performance regularly, teams can identify underused or redundant agents, forecast expenses with tools like the cost calculator, and ensure agents stay aligned with strategic goals.

Read the agents cost management E-book here

While managing costs helps keep investments in check, it’s the business value that ultimately justifies them. CIOs should look beyond usage limits and budget forecasts to ask a more strategic question: what outcomes are agents actually driving? This shifts the focus from spend to impact.

Ultimately, governance without visibility is just guesswork. Robust telemetry ensures that every agent is accounted for, managed wisely, and contributing to safe, scalable innovation.

4. Empower Innovation with Guardrails

The people closest to the work often have the best ideas for how agents can help them. Empowering business teams to build their own agents can accelerate innovation and speed.

But empowerment without guardrails is a risk. All agents must operate within strict security and compliance boundaries. Enforce permission models so agents only access authorized data sources. Use environment strategies and connector policies to keep sensitive data safe and audit each key step.

A zoned governance model, with centralized policy and progressive autonomy, gives CIOs a scalable way to manage agents. IT sets boundaries allowing business units to innovate safely within these zones:

• Zone One: Personal Productivity – The entry point for experimentation and innovation provides isolated environments where individuals can safely explore agent capabilities, guided by governance and security policies.
• Zone Two: Collaboration – This zone supports team-based agent development with stronger controls, including environment-level policies, connector restrictions, and operational oversight. It enables broader adoption while maintaining compliance and consistency.
• Zone Three: Enterprise Managed – The most advanced zone, designed for production-grade agents. It includes enhanced security protocols, continuous monitoring, and structured lifecycle management. This zone supports complex, cross-functional and autonomous agent scenarios with full visibility, scalability, and strategic alignment.

Scaling agent deployment effectively requires not just the right tools, but also thoughtful organizational structures and clear assignment of roles and responsibilities. Establishing rhythms and governance frameworks ensures responsible agent management across the organization.

As organizations operationalize agents and build the structures to support them, CIOs will likely encounter demand for roles that didn’t exist just a few years ago. They’re emerging in response to the unique demands of building, governing, scaling, and securing AI and agent systems responsibly.

5. Community, Training, and Experimentation Drive Adoption

People are the engine behind every successful technology initiative—and AI and agents are no exception. The biggest challenges in agent governance aren’t technical. They’re cultural. To succeed, you need more than policies and platforms. You need people who are bought in, equipped, and empowered. 

Build an active agent community hosting events such as “Agent Show-and-Tell” and hackathons. Acknowledge successful projects and appoint departmental champions to mentor others and drive adoption.

Training should cover both agent development and guidance on responsible governance. Support users with learning paths based on their different AI readiness levels and take advantage of the agent creator community.

Support experimentation within a structured framework. The Center of Excellence should manage best practices, training, and governance, gathering insights to improve and scale effective approaches.

What to Do Next

CIOs are uniquely positioned to lead the agent transformation by building and evolving on what already works. The governance models, CoEs, and controls you’ve established for Power Platform don’t need to be reinvented, they need to be extended to incorporate agent autonomy, decision making and responsible AI.

Calls to action:

1. Governance is the foundation, not the finish line.

Agents introduce new opportunities but also risks and responsibilities. CIOs must lead with a governance mindset that treats agents like digital labor—assigning identities, defining autonomy, and enforcing oversight through familiar tools like PPAC, DLP, Purview, and Entra ID.

2. Culture will make or break your agent strategy.
Technology alone won’t drive adoption. Build a community of practice, empower champions, and invest in training that reinforces not just how to build agents—but how to govern them responsibly.

3. Ready to operationalize? Start here.
Download the e-book for detailed insights and a shareable copy of the five sections.

Check out these additional resources to get started

• Agent Governance Whitepaper
• Implementation Guide
• Agent Success Kit
• Agents Cost Management E-Book
• Agent Creator Community
• How to deploy transformational enterprise-wide agents: Microsoft as Customer Zero

Citations:

1: Microsoft Earnings Release, Call Transcript, FY25, Q3

2: IDC Info Snapshot, sponsored by Microsoft, 1.3 Billion AI Agents by 2028, #US53361825 and May 2025

Disclaimers

This blog is for informational purposes only and does not constitute legal, regulatory, or compliance advice.

The strategies, tools, and governance models referenced herein are based on Microsoft technologies and may not be suitable for all organizations, industries, or jurisdictions.

Any forward-looking statements are subject to change and should not be interpreted as commitments or guarantees.

The post Evolving Power Platform Governance for AI Agents appeared first on Microsoft Power Platform Blog.

Bot Protection Rule

The Bot Protection rule adds a layer of defense by identifying and blocking suspicious, bot-like activity in real time before it can impact sites. Bots can be helpful (like search engine crawlers) or harmful (like scrapers, spam bots, and credential stuffing tools). Power Pages allows configuring rules that distinguish between:

• Good Bots – Legitimate crawlers like Bing or other search engines like Google.
• Bad Bots – Malicious bots designed to steal data or disrupt services.
• Unknown Bots – Bots that don’t identify themselves clearly.

Enhanced Control Over Managed Rules

While managed rules have already existed behind the scenes, now makers can easily enable or disable specific managed rules directly from the Security workspace in Pages Design Studio. This gives better visibility and control over the protection applied to site. The managed rules categories include Cross-site scripting, Session fixation attack, Local and Remote file attack, etc. Using the configuration interface, specific subset rules within these categories can be enabled or disabled.

Learn more about configuring the feature by visiting documentation.

We are looking forward to your feedback

Your feedback is crucial in shaping the future of this feature. We want to hear from you!

The post Enhance Power Pages site security with Bot Protection and Managed Rules configuration appeared first on Microsoft Power Platform Blog.

We are thrilled to announce a series of recent enhancements to DLP for Power Automate and Copilot Studio, which significantly bolster governance, scalability, and usability across both cloud and desktop automation scenarios.

How does DLP for flows work?

DLP for Power Automate and Copilot Studio is currently generally available for all users. The feature can be accessed from the Power Platform Admin Center, where administrators can create and manage Data policies.

DLP evaluation occurs when editing and saving a flow or when policies are updated.

When a policy change is implemented, flows that do not comply with the Data policy are automatically suspended, and connections to blocked connectors are disabled.

Recent changes that you can now use in your organization

Trigger configuration

Administrators can now block triggers in the same way they can block actions in the DLP configuration experience (triggers are tagged with [TRIGGER]). This provides greater control over which triggers can be used within your organization.

Endpoint Filtering Public Preview for Browser Automation

A new Endpoint Filtering capability is in Public Preview. Endpoint filtering allows administrators to define the websites desktop flows can access by configuring the Browser Automation connector in Data Policies —an essential control for high-risk automation scenarios. Application-level filtering via UI Automation will follow soon this summer.

Environment variable

Use environment variables to migrate application configuration data in solutions. Environment variables are now supported in endpoint definitions, using the @environmentVariables("environmentVariableName") pattern.

For example, an SMTP endpoint can be allowed using @environmentVariables("smtpEndpoint"),587 where the environment variable is defined as smtp-mail.outlook.com.

Recent improvements that make your organization more secured

Runtime Enforcement

We have completed the rollout of support for runtime enforcement as of June 2025. This ensures that Data policies are consistently enforced not only at design time but also during execution.

Automatic reactivation of cloud flows

Policy updates can be disruptive, and administrators may occasionally revert updates that have unexpected effects. We have modified how policy rollout works to now activate compliant cloud flows that had been suspended in the previous 7 days due to policy violations, instead of disabling them. This makes it easier and faster to restore the state of a previous policy version.

Improve performance for large tenants and policies

We have recently strengthened our backend systems to better handle large-scale policy changes with smarter job throttling and improved detection strategies, reducing the time it takes for policy updates to take effect.

The post Announcing major DLP enhancements for Power Automate and Copilot Studio appeared first on Microsoft Power Platform Blog.

What is the Action Center?

The Action Center provides a centralized environment-level dashboard that surfaces critical insights and recommended actions directly in Power Pages Home. Whether it’s flagging expiring trial sites, outdated configurations, or pending security settings, the Action Center makes it easy to stay proactive, secure, and compliant.

How it Works

1. Access the Action Center

To access the Action Center, go to Power Pages Home, select your environment, and then click on ‘Action Center’ from the left pane.

2. Review Key Recommendations

The Action Center presents a prioritized list of insights to help you manage your environment effectively:

• Trial Sites Expiring Soon: Highlights sites set to expire in the next 7 days so you can convert them to production if needed.
• Inactive Sites: Flags websites that haven’t received traffic in the last 30 days. These might be outdated or unused.
• CDN Not Enabled: Lists production websites without Content Delivery Network (CDN) enabled. Enabling CDN improves site performance and global delivery.
• Web Application Firewall (WAF) Disabled: Surfaces sites that haven’t enabled the out-of-the-box WAF feature, a key protection against malicious web traffic.
• SSL Certificates Expiring: Lists production sites with SSL certificates that are expired or will expire within 90 days. Renew them to ensure secure access.
• Still on Bootstrap 3: Lists websites that are still using Bootstrap version 3. Migrate to the latest version for improved user experience and performance.
• Still on Standard Data Model: Lists websites that are still using the standard data model. Migrate to the enhanced data model to ensure consistency, modernization, and access to new capabilities.

3. Take Action or Collaborate

Where possible, makers/site owners can act directly through Power Pages Admin Center or Design Studio. For actions that require elevated permissions, you can coordinate with tenant administrators.

4. Share Recommendations with Your Team

All recommendations can be shared using Microsoft Teams for collaborative triage. You can share the entire recommendation or select specific items to send to your teammate by name.

The shared Teams card includes a direct link to the recommendation, so it’s easy to follow up.

Why It Matters

With Power Pages scaling across organizations, it’s essential to provide operational observability, security readiness, and administrative agility all in one place.

The Action Center equips your teams to:

• Detect and address risks early
• Maintain operational efficiency
• Keep environments secure and up to date
• Promote collaboration between roles

Learn more: https://learn.microsoft.com/en-us/power-pages/getting-started/action-center

Start Exploring Today!
From Power Pages Home, select your environment, then choose Action Center from the menu to open the dashboard.

Happy managing!

The post Power Pages Home Action Center Is Generally Available – Stay Informed, Stay in Control appeared first on Microsoft Power Platform Blog.

Successfully adopting Microsoft Power Platform is about more than just deploying tools. It’s about building a strategy that empowers people, ensures governance, and delivers lasting business value. And to support you on your successful adoption journey, we’re excited to announce the launch of the newly refreshed Power Platform Adoption Guidance.

This update is the most significant evolution of our adoption content to date. It reflects insights from real-world customer experiences, partner feedback, MVP expertise, and Power CAT programs, all to deliver practical, actionable guidance at every stage of your journey. Whether you’re just getting started or looking to mature your platform strategy, this guidance is designed to help you activate business-led innovation with confidence.

What’s new?

• Eight Pillars of Adoption: The guidance is now structured across eight strategic pillars, making it easier to plan, scale, and sustain your adoption journey.
• Redesigned Experience: We’ve overhauled the information architecture and user experience so you can find what you need faster and more intuitively.
• Expanded Content: The update includes over 200 pages of fresh content, covering everything from defining vision and metrics to managing mission-critical workloads and building thriving maker communities.
• Actionable Tools: The updated Adoption Workbook now includes exercises and templates that you can work through with your stakeholders to guide the development of a strategy and action plan, based on real-world customer experiences.

Why it matters

To be sure, this guidance is more than a documentation refresh. It’s a strategic resource for Power Platform product owners, adoption leads, change managers, and Center of Excellence (CoE) teams. The guidance helps you:

• Assess your Power Platform strategy
• Plan your Power Platform adoption
• Understand and improve your security posture
• Establish and implement a governance strategy
• Achieve operational excellence
• Achieve enterprise-grade availability for mission-critical workloads
• Establish a robust training and upskilling strategy
• Nurture a community of makers

The newly refreshed Adoption Guidance site includes other resources as well. Real-world case studies, toolkits documentation, and white papers aim to help you be successful with Power Platform.

Get started

Explore the new guidance at https://aka.ms/PowerPlatformGuidance. Share it with your teams. Use it to shape your strategy. And most importantly, let it guide you as you build what’s next with Power Platform.

The post The Next Generation of Power Platform Adoption Guidance is here appeared first on Microsoft Power Platform Blog.

Content Delivery Network (CDN)

CDN for Power Pages helps significantly improve website performance by delivering web content from servers closer to your site users. By caching files and pages on strategically distributed edge servers, CDN reduces latency and enhances the overall user experience.

Learn more about configuring the feature by visiting documentation.

Web Application Firewall (WAF)

As security is a top priority, with WAF now available in the US Government Cloud for Power Pages, you can protect your sites from malicious web traffic and common exploits such as cross-site scripting (XSS), session fixation, etc. This initial rollout includes Azure-managed rule sets, providing strong out-of-the-box protection. Support for custom rule configuration is coming soon and will provide even more control over your website’s defense mechanisms.

Learn more about configuring the feature by visiting documentation.

We are looking forward to your feedback

Your feedback is crucial in shaping the future of this feature. We want to hear from you!

The post Announcing Content Delivery Network and Web Application Firewall for US Government Cloud in Power Pages appeared first on Microsoft Power Platform Blog.