Security is considered very important for every website, portal, or application. From the Power Platform Admin Centre, it is possible to manage the websites within the tenant and extract important information, such as how many days are left for a particular trial website to be active, the number of websites that have no Web Application Firewall (WAF) protection enabled as well as the number of websites which use external authentication. If these website insights are checked regularly, you will know if your websites are vulnerable to cyber threats. If there is any issue, security measures can be taken to ensure websites are safe or not.
By following these steps, you can track your website security within your tenant:
To track the security of all your websites, go to the Power Platform admin centre. The steps vary slightly depending on whether you’re using the new admin centre or classic admin centre.
Classic Admin Centre
- Log in to Power Platform Admin Centre
- Select Resources from the left pane and then choose Power Pages sites.
- Click the security (preview) tab.
New Admin Centre
- Login to the Power Platform Admin Centre
- Choose security from the left pane
- Below products, choose Power Pages
Anonymous Access Enabled
“Anonymous access enabled” means some tables in Microsoft Dataverse allow data access without logging in. At least one table permission allows anonymous users to access data. For more details, visit Table permissions and click “View details” for each website.
Web Application Firewall Disabled
“Web Application Firewall disabled” means the WAF is turned off for production websites. Enabling WAF improves website security, and Microsoft strongly recommends it. For more information, visit “Enable Web Application Firewall for a website” and click “View details” to check the WAF settings for each site.
External Authentication Enabled
“External authentication enabled” means that websites use non-Microsoft Entra ID authentication providers, allowing access to Dataverse data. For more information, visit “Authentication providers” and click “View details” to check the external authentication setup for each website.
Site Security Health
The Site Security Health Dashboard provides a summary of your organisation’s website security status based on various checks. For more details, visit the Security site checker. It assesses configuration settings and identifies common issues. Websites are classified into Standard, Enhanced, and Advanced levels based on specific criteria, which may change during the feature preview.
- Standard: If fewer than 33% of the security checks pass, the website is rated as Standard.
- Enhanced: If between 33% and 66% of the security checks pass, the website is rated as Enhanced.
- Advanced: If more than 66% of the security checks pass, the website is rated as Advanced.
- No results: This indicates the security checker couldn’t run, possibly due to IP restrictions or the website being stopped. To resolve this, run the checker from the Power Platform Admin Centre. It won’t work if there are IP address restrictions.
Click on View to see the security checker results. If settings don’t match Microsoft’s recommendations, they are marked as Warnings. However, your business needs might sometimes require configurations that Microsoft doesn’t recommend.
Authentication Providers
Authentication providers show all the different login methods available for websites in your tenant and how many websites use each method. Click on Review to see which websites are using a specific authentication provider.
Final Words
In conclusion, Power Pages and the Power Platform Admin Centre have collaborated to improve website security. These tools assist organisations in managing access control, ensuring strong logins, and protecting data. In today’s digital world, they are important for maintaining user safety and providing a secure online experience.
