Integrating Microsoft Sentinel and Power Platform to better monitor and protect your low-code solutions

Use Microsoft Sentinel to monitor and protect your Microsoft Power Platform products.

In today’s digital landscape, low-code and no-code development platforms have become increasingly popular among businesses looking to accelerate their application development processes. However, with the convenience and speed that these platforms offer, there are also security concerns that organizations must consider.

Microsoft Power Platform provides a wide range of tools for citizen developers to build low-code or no-code apps quickly. At times, this might introduce potential security vulnerabilities due to lack of security awareness. As developers distribute their apps widely within their organization, it could expose sensitive customer data. Microsoft Power Platform admins can monitor certain types of security threats using the static analysis tools and reports provided in the platform. Having continuous, more holistic threat detection and the ability to apply preventative guardrails is crucial to enable frictionless productivity while minimizing cyber risk.

Do more with less—Microsoft Sentinel solution for Microsoft Power Platform

Today, we are excited to announce the Microsoft Sentinel solution for Microsoft Power Platform, a premium offering, allowing customers to detect various suspicious activities such as Microsoft Power Apps execution from unauthorized geographies, suspicious data destruction by Power Apps, mass deletion of Power Apps, phishing attacks made possible through Power Apps, Power Automate flows activity by departing employees, Microsoft Power Platform connectors added to the an environment, and the update or removal of Microsoft Power Platform data loss prevention policies.

This integration will enable Microsoft Power Platform admin center to surface proactive threats to your data and other assets and provide recommendations or automations for mitigation or resolution. This will be essential for organizations to protect their sensitive data, mitigate security risks, and stay one step ahead.

  • Identify and prevent insider attacks: Microsoft Power Platform administrators can be alerted about a wide range of insider threats, including mass deletion of sensitive data, bulk retrieval of sensitive data outside of normal activity hours, and more. 
  • Improve incident response time: Microsoft Power Platform administrators can quickly identify and use recommendations or mitigations provided by Microsoft Sentinel to respond to security incidents, reducing the time it takes to mitigate risks. 
  • Comply with regulatory requirements: Microsoft Power Platform administrators can resolve their regulation and compliance requirements that mandate the use of threat detection tools to protect sensitive data and other assets.  
  • Enhance overall security standing: Microsoft Power Platform administrators can use this integration to proactively monitor their sensitive data, identify vulnerabilities, and take steps to strengthen overall security standing. 

More information on pricing for this solution will come ahead of general availability.

What is Microsoft Sentinel?

Microsoft Sentinel is a cloud-native security information event and management (SIEM) platform that provides intelligent security analytics for enterprises and provides security operations center (SOC) analysts with a single pane of glass for threat detection and incident management across the organization. Microsoft Sentinel solutions are a collection of SIEM content elements that cover log collection, threat detection, incident investigation, and response for a specific domain in an easy-to-consume-and-deploy package available in Microsoft Sentinel Content hub.

The solution allows customers to investigate the detected threats and understand what the name of the suspicious app is, the environment it belongs to, the user who created or modified the app, the users using the app, and more.

The Microsoft Sentinel solution for Microsoft Power Platform will help organizations to:

  • Collect Microsoft Power Platform and Power Apps activity logs, audits, and events into the Microsoft Sentinel workspace.
  • Detect execution of suspicious, malicious, or illegitimate activities within Microsoft Power Platform and Power Apps.
  • Investigate threats detected in Microsoft Power Platform and Power Apps and contextualize them with additional user activities across the organization.
  • Respond to Microsoft Power Platform-related and Power Apps-related threats and incidents in a simple and canned manner manually, automatically, or via a predefined workflow.

Customers can also use the automation and response capabilities of Microsoft Sentinel to create playbooks and automation rules using Microsoft Azure Logic Apps that will help handle and mitigate the detected threats by automatically or manually disabling the suspicious app, limiting users access to certain apps, or escalating to other stakeholders to advise on the legitimacy of a suspected activity.

Getting started

The Microsoft Sentinel solution for Microsoft Power Platform will be available in Public Preview across regions over the next few weeks, and details will be published soon in the following docs: What is Microsoft Sentinel? | Microsoft Learn