Tip #1442: Security for beginners

A Microsoft open-source course on security for beginners: An individual studies atop a giant book emitting a glowing lock. Surrounding icons represent various security concepts. The course covers common security threats, Zero Trust, SecOps, and Application Security. Learn more. 📚🔒🌐 #CyberSecurity #Learning

We talk about security around Dataverse and Power Platform from time to time. We even dabble into platform agnostic security tips. Today is all about vendor-agnostic cybersecurity. Learn the fundamentals of identity management, zero trust, AppSec, and data security in this new 7-lesson open source course, “Security for Beginners” created by Microsoft Cloud Advocates. Each […]

Tip #1424: The user does not have sufficient access right to run flow with custom connector

I’ve tried all the right things: Created, deployed, and configured custom connector into the target environment before importing the solution that uses the connector. All tests pass. Created a manual Power Automate flow as part of the solution. Shared the flow with the user (should not need to for the solution flows but just in […]

Tip #1407: How to secure Power Apps portal from making the news

Screenshot from Portal 2 game by Valve. Screenshot contains two robots from the in-game promotion video on cooperation.

You are a CEO of Rykita, a worldwide manufacturer of power tools used by millions. You wake up invigorated and ready for action only to see the news headlines “Rykita injures more than a thousand customers”, “Calls for Rykita to blunt their tools”, “Rykita customers bleed profusely”, “Users of Rykita tools risk infection if injured”, […]

Tip #1260: Use App Access Roles

Role play and theater masks

If you use any of the new Microsoft solutions/apps for Field Service, Customer Service, PSA, or marketing, you will notice some new roles appear in your security role list that contain the works “app access.” We’ve discussed all of the reasons that model-driven apps may not work correctly for users. The most common reason is […]

Tip #1207: Check applied entity permissions in portals

Liquid is a great templating language adding flexibility to your Dynamics 365 Portal templates. However, as any abstraction, it hides some of the things happening under the hood, including some security filtering. Consider this fragment running on authenticated page: And… the count is 2 while expected to be the total number of contacts in this […]