Prevent data exfiltration with the app access control
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Users by admins, makers, or analysts | Dec 2024 | Jan 2025 |
Business value
You can protect against data exfiltration by managing and controlling what apps can run in your Dataverse environment. Data exfiltration safeguards help prevent sensitive information from unauthorized removal or extraction from your environment. This allows a business to maintain business continuity and comply with regulatory requirements.
Feature details
By default, when the App access control feature is activated, only approved apps can run in an environment, such as Dynamics 365 Sales or Dynamics 365 Customer Service. The local environment admin specifies which apps can be run by users in the environment. Unauthorized apps are blocked when a user tries to access them.
To help administration with selecting which apps to approve for use, we recommend that you turn on audit mode, for at least one week, to get the list of apps that your users are running in an environment. Using this audit log list, you can determine which apps you want to allow or block.
For apps that are allowed access, you can assign security roles to restrict who can run those apps in the environment. Only users assigned to the selected security role can run the apps.
Admins can navigate to the Security > Access controls page in the Power Platform admin center and then turn on the App access control feature. Admins can select the applications and the relevant security roles for which they want to allow access.