Data sovereignty in Dataverse and Power Platform environments
The Microsoft Power Platform Admin Center centralizes management of environments and settings for Power Platform and helps manage both data residency and data access controls to support your sovereign requirements. Tenant settings in the Admin center lets you control how environments in your tenant are created and managed. This setting allows you to regulate which administrators have the ability to create new environments, limiting this capability to only Global, Dynamics 365, and Power Platform admins. This enhances your control over the location, method, and personnel accessing your data assets.
Manage users and permissions
Currently you can use the Admin Center to manage user and permissions management settings. For example, you can:
Dataverse teams: We recommend using Microsoft Entra group teams, to simplify user management and ensure that privileges and permissions are consistently implemented.
Assign security roles to users: We recommend using the Admin Center UI to manage users through creating security roles.
Configure user security in an environment: In the Admin center, specify security roles within a given environment to restrict which users can do what. Many pre-existing roles are configured to help you streamline this process. Tenant-level policy can be scoped to provide top-level controls that minimize the risk of data loss due to individual environments being misconfigured, by setting the scope to all environments. For more information, see Security concepts in Microsoft Dataverse - Power Platform
Enable managed environments
Managed Environments provide extensive capabilities to help you configure Dataverse and Power Platform and reduce the risk of inadvertent data leakage and align with your security and sovereignty requirements. These capabilities include IP Cookie Binding, Customer Lockbox, IP firewall, Customer-managed keys, etc.
In the Admin Center, you can administer data policies for your Managed Environments. We highly recommend that you use data policies to protect all the environments in your tenant For example, Data Loss Prevention policy
In the Admin Center, you can configure the solution checker in Managed Environments to enforce checks on your solutions against a set of best practice rules and identify problematic patterns. This check can help you to prevent poor data management practices that result in data access or distribution that violates your sovereign requirements.
Managed Environments is also previewing default environment routing a new sovereign-control-supporting feature so that when a new maker comes to Power Apps, they're automatically routed into their own, personal developer space rather than into a shared default environment, where they can build without risk of other makers accessing their apps or data.
For more information, see Enable Managed Environments - Power Platform and Data policies - Power Platform
Data residency in Power Platform
Data residency deals with the physical location where data is stored and processed. Data residency requirements are a common concern for public sector customers, who often request that Microsoft limit where different types of data are stored and processed. Power Platform provides controls and mechanisms to ensure that both personal data and customer data are protected to restrict the services and regions that end users can use and enforce service configuration to help customers achieve their data residency needs.
Geography selection
When you sign up for Power Platform services, your tenant's selected country/region is mapped to the most suitable Azure geography where a Power Platform deployment exists. For multi-geo tenants, you can specify the geo for an environment. Metadata and product data for your environment is stored in the remote geo. For more information, see Data storage and governance in Power Platform.
Tenant isolation
To reduce the chance of unauthorized data sharing, Power Platform should be set up with tenant isolation ON, to make sure that only a limited number of tenants (or none) can connect with their sovereign tenant. We suggest preventing inbound and outbound connections that go beyond the sovereignty boundary. For example, your policy controls can indicate that it's acceptable for your tenant to be connected by other tenant_ids that are within your sovereign boundary, but not regions outside that boundary. For more information on tenant isolation, see: Restrict cross-tenant inbound and outbound access - Power Platform.
Backup/failover
Microsoft may replicate nonpersonal data such as employee authentication information to other regions for data resiliency. However, personal and customer data isn't ever replicated or moved outside the geo. System backups of production environments occur automatically and are geo-redundant for resiliency and availability. In some cases, the backup region can be outside of your sovereign boundary.
To learn more about business continuity / disaster recovery, failover and fallback processes for Dataverse and F&O apps, see: Business continuity and disaster recovery for Dynamics 365 SaaS apps - Power Platform.
Data loss prevention policies
Power Platform Data Loss Prevention (DLP) policies can act as guardrails to help enforce data residency requirements. DLP policies can also help enforce which connectors can communicate with each other to prevent sensitive business data being inadvertently or deliberately transferred out of the sovereign region. By default, all connectors are initially assigned to the nonbusiness (personal-use) data group.
To reduce the risk of sensitive information leaking out of the sovereign environment, Connectors for sensitive data should be assigned to the Business data group. To further protect Dynamics 365 environments, these connectors should also be assigned to the Business data group. For more information on managing DLP policies, see: Manage data loss prevention (DLP) policies - Power Platform.
Dual-Write
Dual-write provides tightly coupled, bidirectional integration between finance and operations apps and Dataverse. Data changes in finance and operations apps can cause writes to Dataverse, and data changes in Dataverse can cause writes to finance and operations apps. This automated data flow provides an integrated user experience across the apps.
Dual-write requires specific security roles and permissions to work as expected. All Microsoft Dataverse users should be added to the dual-write runtime user and dual-write app user security roles. If these roles aren't properly managed, it could potentially lead to unauthorized access.
The data residency and compliance requirements could vary based on the geographic location where the data is stored and processed. It's important to ensure that the data flow complies with all relevant regional and international data protection regulations. For more information, see Dual-write and Set up dual-write security roles and permissions.
For more information, see Governance setting to control anonymous access to Dataverse data in Power Pages website.