[Data Export V2 Product Issue]: Guidance Needed: DevSecOps & Zero Trust Security for CoE

[rdudelan]

Describe the issue

the Navy Power Platform team is requesting Microsoft to provide information, options and recommendations and/or to provide tools leveraging azure and Microsoft security cybersecurity stack in keeping with DevSecOps/Zero Trust principles for CoE objects and updates prior to seeking approval to import them into Navy Flank Speed for use by the Navy Power Platform team.  

Anything else?

No response

[Grant-Archibald-MS]

@rdudelan The CoE Kit's security framework, built on the Power Platform security model for Dataverse permissions and managed connections for Power Automate Cloud flows.

Connectors used by the kit can be managed by the Data Policy you can apply to the environment. This list of connectors is documented Validate Data Loss Prevention Polices

Access to the custom tables were data is aggregated to is managed using Dataverse Security. Access to this environment is managed by permissions that are managed by the customer. If needed specific security roles could be applied to control specific Create, Update, Delete actions that can be performed on the Dataverse tables that make up the CoE Kit.

The CoE Kit for Audit Log data can make use of an Entra Application as documented in Collect audit logs using Microsoft Graph API.

Any custom Power BI reports will be based on the permissions used for connection from Power BI to Dataverse. Access to Power BI reports is managed by who the repots are shared with.