Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CoE Starter Kit - QUESTION] Questions regarding the Starter Kit #9521

Open
1 task done
narayansapkota225 opened this issue Jan 22, 2025 · 1 comment
Open
1 task done

[CoE Starter Kit - QUESTION] Questions regarding the Starter Kit #9521

narayansapkota225 opened this issue Jan 22, 2025 · 1 comment
Labels
coe-starter-kit CoE Starter Kit issues question Further information is requested

Comments

@narayansapkota225
Copy link

Does this question already exist in our backlog?

  • I have checked and confirm this is a new question.

What is your question?

I have following concerns regarding the solution and any clarification would be helpful.

Does the solution data move out of our tenant?
Does the solution data move out of tenant region?
Does the solution require any specific Data Policies or DLP to be setup to run?
Does the solution work with tenant isolation on?
Does the solution have any data concerns?
Does the solution use any connectors or components with security concerns/vulnerability?
Does the solution cause any issues in our environment or tenant?

If I can get answers to this question, then I can be assured that the CoE Starter Kit is a reliable and endorsed solution from Microsoft.

Best regards!

What solution are you experiencing the issue with?

Core

What solution version are you using?

January 2025

What app or flow are you having the issue with?

Generic

What method are you using to get inventory and telemetry?

None
@narayansapkota225 narayansapkota225 added coe-starter-kit CoE Starter Kit issues question Further information is requested labels Jan 22, 2025
@narayansapkota225 narayansapkota225 changed the title [CoE Starter Kit - QUESTION] QUESTION [CoE Starter Kit - QUESTION] Questions regarding the Starter Kit Jan 22, 2025
@Grant-Archibald-MS
Copy link
Collaborator

@narayansapkota225 answering youe questions.

Does the solution data move out of our tenant?

Data is stored in your environment that you install the CoE Kit and by the Dataverse Security that you apply to that environment. 

Does the solution data move out of tenant region?

Data is collected across the tenant or environments that you can configure an stored in custom Dataverse tables environment that you install the CoE Kit

Does the solution require any specific Data Policies or DLP to be setup to run?

Yes the list of connectors is documented in Setup Document

Does the solution work with tenant isolation on?

The solution is build on key Power Platform connectors. For example:

  • Power Apps Admin Connector - Tenant isolation restricts cross-tenant connections for connectors using Azure AD-based authentication. This means that the Power Apps Admin Connector will only allow connections within the same tenant unless explicit exceptions are configured. This helps prevent unauthorized access and data exfiltration across tenants
  • Power Automate Admin Connector - Similar to the Power Apps Admin Connector, the Power Automate Admin Connector is also affected by tenant isolation. It restricts cross-tenant connections, ensuring that only authorized connections within the same tenant are allowed. This enhances security by preventing unauthorized access to flows and automations from external tenants
  • HTTP with Preauth Connector - The HTTP with Preauth Connector, which uses Azure AD-based authentication, is also subject to tenant isolation policies. This means that cross-tenant HTTP requests will be blocked unless specific exceptions are configured. This helps mitigate risks such as data exfiltration and unauthorized access to HTTP endpoint
  • Dataverse Connector - The Dataverse Connector is affected by tenant isolation in the same way as other Azure AD-based connectors. Cross-tenant connections are restricted, ensuring that data access is limited to authorized users within the same tenant. This helps maintain data privacy and security across different environments
  • Power Platform Admin Connector - The Power Platform Admin Connector is designed to manage and administer various aspects of the Power Platform. Tenant isolation restricts cross-tenant connections for this connector as well, ensuring that administrative actions are only performed within the same tenant. This helps prevent unauthorized administrative access and enhances overall governance

Does the solution have any data concerns?

The solution would be bound by normal Data governance and security similar to any Power Platform solution. Dataverse Security Models for data at rest. Connection management and sharing for the Power Automate Cloud flows.

Collection of data for some connectors will require System Administrator role to collect data.

Does the solution use any connectors or components with security concerns/vulnerability?

Given the CoE Kit is based on Power Automate Cloud Flows and Connectors and Dataverse as a data store it is bound by Data Polices and Dataverse Security permissions that are assigned.

Does the solution cause any issues in our environment or tenant?

The Solution makes use of Power Platform Connectors to collect and aggregate data. to make use of the Toolkit you will need to apply the appropriate security, data policies and Power Automate Licensing to handle the data usage and avoid throttling limits of action execution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
coe-starter-kit CoE Starter Kit issues question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Grant-Archibald-MS @narayansapkota225