Protecting Data with Dataverse Part 2: Security from Internal Threats (Users)  

In this blog series, we will be covering how to protect data in Dataverse from external and internal threats (both from internal users and Microsoft). In today’s post, we will focus on protecting data from internal user threats. 

Secure Data from Internal Data Leaks and Disgruntled Employees 

  • How can I minimize user access to sensitive data in my applications? 

Microsoft Purview Information Protection establishes protection across environments and provides ways to combine data sets to be defined that allow data collaboration. Microsoft Purview‘s data classification allows you to protect your data based on data sensitivity/classification and prevent sensitive data from falling into the wrong hands. IT professionals and administrators can designate containers (Dataverse environments) and folders (data entities) with data sensitivity that can define the boundaries for that data in the organization. The platform also provides additional security using Role-Based Access (RBAC) that system administrators can configure to further lock down access to your organization’s tables in the system. Dataverse uses Azure AD identity and access management mechanisms to help ensure that only authorized users can access the environment, data, and reports. 

  • How can I ensure users have the right privileges necessary to access a Dataverse environment? 

Dataverse uses role-based security to group together a collection of privileges. These security roles can be associated directly with users, or they can be associated with Dataverse teams and business units. These privileges provide users access to records.  Secure data and ensure users have the least privilege necessary through Dataverse authorization and data level security roles that define row, field, hierarchical, and group protection.  

  • How can I make sure users do not have the ability to intentionally leak or allow others to easily access and leak sensitive data in my environment? 

Dataverse provides features that you can easily configure and set up to stop users from data leaking or accidentally providing access to the system. Data Loss Prevention Policies are one way to do this. You can create data loss prevention (DLP) policies that can act as guardrails to help prevent users from unintentionally exposing organizational data.   

Protect, Detect & Respond to Internal Client Threats 


We recommend the following preventative steps: 

  • Limit IP surface area by configuring inbound and outbound rules within Power Platform. See Azure service tags overview for available service tags. 


Take these steps to identify and locate possible issues: 


Follow these steps to execute an effective response: 

  • Modify IP Firewall to meet your changing network requirements. 

Additional Resources

Learn more about Dataverse Security features and capabilities covered in the Microsoft Dataverse Security white paper.