{"id":110968,"date":"2018-08-30T07:47:07","date_gmt":"2018-08-30T14:47:07","guid":{"rendered":""},"modified":"2025-06-11T08:07:08","modified_gmt":"2025-06-11T15:07:08","slug":"security-governance-strategy","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/power-automate\/security-governance-strategy\/","title":{"rendered":"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy"},"content":{"rendered":"<p>A common cyber security approach used by organizations to protect their digital assets is to leverage a defense-in-depth strategy. The SANS Institute <a href=\"https:\/\/www.sans.org\/reading-room\/whitepapers\/basics\/defense-in-depth-525\" target=\"_blank\" rel=\"noopener\">defines<\/a> defense-in-depth as \u201cprotecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack.\u201d<\/p>\n<p>When customers ask how to best secure and govern their Power platform\u00a0environments (which includes Microsoft Flow and PowerApps), we provide similar guidance. The following list represents different layers that you can use to protect your digital assets and apply governance to ensure your organization\u2019s interests are met.<\/p>\n<ul>\n<li><strong>Secure data at rest <\/strong>Microsoft Flow does not provide users with access to any data assets that they don\u2019t already have access to. This means that users should only have access to data that they really require access to. It also means that if a user has access to this data through a web browser, then they likely have access to it through Microsoft Flow. A recommendation the Microsoft Flow team suggests, is using a <strong>least privilege<\/strong> approach to data access. The United States Computer Emergency Readiness Team <a href=\"https:\/\/www.us-cert.gov\/bsi\/articles\/knowledge\/principles\/least-privilege\" target=\"_blank\" rel=\"noopener\">refers<\/a> to least privilege access as: \u201cEvery program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error.\u201d Deploying least privilege access is a good practice and a big part of an organization\u2019s overall security hygiene.<\/li>\n<\/ul>\n<ul>\n<li><strong>Network Access Control <\/strong>The National Institute of Standards and Technology (NIST) encourages organizations to inspect \u201cinbound and outbound network traffic for specific IP addresses and address ranges, protocols, applications, and content types based on the organization\u2019s information security policies.\u201d While Microsoft Flow is a cloud-based application, organizations have the ability to govern how connections are established when users are connected to the corporate network. For example, if an organization blocks access to a social media site from within their corporate network by blocking the sign-on page through their firewall, then when this same log-in page is launched from the flow portal, the connection can also be blocked from being established.<\/li>\n<\/ul>\n<ul>\n<li><strong>Location-based Conditional Access <\/strong>For organizations that want to govern where users can access the Microsoft Flow service from, they can setup Azure Active Directory Conditional Access policies that can restrict what network addresses have access to the service. For additional information, please refer to the following <a href=\"https:\/\/www.microsoft.com\/en-us\/businessapplicationssummit\/video\/BAS2018-111120\" target=\"_blank\" rel=\"noopener\">presentation<\/a> from the Microsoft Business Application Summit.<\/li>\n<\/ul>\n<ul>\n<li><strong>Data leakage<\/strong> can be avoided by configuring Data Loss Prevention (DLP) <a href=\"https:\/\/docs.microsoft.com\/en-us\/flow\/prevent-data-loss\" target=\"_blank\" rel=\"noopener\">polices<\/a> that allow an administrator to group connectors into Business data and Non-Business data groups. Connectors within each group can communicate with each other but cannot be used within a flow if the connectors span these two data groups. There are both design-time and runtime checks that will enforce these policies.<\/li>\n<\/ul>\n<ul>\n<li><strong>Anomaly Detection <\/strong>is another common strategy used by organizations to understand user behavior. For example, if an organization usually creates 5 new flows every day and there is an exponential spike in flows being created, then it may be worth understanding what is driving that growth. Is it legitimate usage or is there a threat. How can this be detected? Microsoft recently <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/blog\/new-connectors-for-powerapps-and-flow-resources\/\" target=\"_blank\" rel=\"noopener\">released<\/a> management connectors for Microsoft Flow, Microsoft PowerApps and Microsoft Power platform. We also published a <a href=\"https:\/\/preview.flow.microsoft.com\/en-us\/galleries\/public\/templates\/0b2ffb0174724ad6b4681728c0f53062\/get-list-of-new-powerapps-flows-and-connectors\/\" target=\"_blank\" rel=\"noopener\">template<\/a> that will automate the discovery of these assets.<\/li>\n<\/ul>\n<p style=\"text-align: center\"><img decoding=\"async\" style=\"width: 700px;height: 265px\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png\" alt=\"\" \/><\/p>\n<ul>\n<li>NIST <a href=\"https:\/\/csrc.nist.gov\/csrc\/media\/publications\/shared\/documents\/itl-bulletin\/itlbul1997-03.txt\" target=\"_blank\" rel=\"noopener\">classifies<\/a> <strong>Audit Trails <\/strong>as \u201ca record of system activity both by system and application processes and by user activity of systems and applications.\u00a0 In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications.\u201d Microsoft Flow publishes audit trail events to the Office 365 Security and Compliance center related to:\n<ul>\n<li>Created flow<\/li>\n<li>Edited flow<\/li>\n<li>Deleted flow<\/li>\n<li>Edited permissions<\/li>\n<li>Deleted permissions<\/li>\n<li>Started a paid trial<\/li>\n<li>Renewed a paid trial<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>As part of these audit events, the user who was involved in the event will be captured and in the case of create flow and edit flow events, the connectors used in these flows will also be captured.<\/p>\n<p style=\"text-align: center\"><img decoding=\"async\" style=\"width: 700px;height: 441px\" src=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/2-auditlog.png\" alt=\"\" \/><\/p>\n<ul>\n<li><strong>Alerting <\/strong>is another line of defense that should be used to inform stakeholders when corporate policies have been broken. Much like we want Microsoft Flow users to automate their business processes, we also want to provide administrators with this same level of automation. An example of alerting that can be implemented is subscribing to Office 365 Security and Compliance Audit Logs. This can be achieved through either a <a href=\"https:\/\/preview.flow.microsoft.com\/en-us\/blog\/automate-flow-governance\/\" target=\"_blank\" rel=\"noopener\">webhook<\/a> subscription or <a href=\"https:\/\/preview.flow.microsoft.com\/en-us\/blog\/accessing-office-365-security-compliance-center-logs-from-microsoft-flow\/\" target=\"_blank\" rel=\"noopener\">polling<\/a> approach. However, by attaching Flow to these alerts, we can provide administrators with more than just email alerts. By leveraging the new <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/blog\/new-connectors-for-powerapps-and-flow-resources\/\" target=\"_blank\" rel=\"noopener\">Management Connectors<\/a> or <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/blog\/gdpr-admin-powershell-cmdlets\/\" target=\"_blank\" rel=\"noopener\">PowerShell Cmdlets<\/a> corrective action can be implemented which allows administrators to remain productive as they protect their environment.<\/li>\n<\/ul>\n<ul>\n<li><strong>Education<\/strong> cannot be ignored as a layer of defense. Cybersecurity is more than just technology and processes, it is also highly dependent upon people. Phishing continues to be a popular avenue for hackers to try and exploit. In part due to users clicking on links that they shouldn\u2019t. In many circumstances, users are tricked into clicking on links based upon clever campaigns being designed. End-user education continues to be another layer that organizations implement to prevent breaches. Microsoft Flow users should also be educated on company cyber security policies to ensure this security layer is not exploited.<\/li>\n<\/ul>\n<p><strong>Additional Resources<\/strong><\/p>\n<p>In this blog post we discussed many security layers that organizations should implement as they seek to govern and protect their environment. In addition to what we have discussed in this blog post, we also have additional resources that organizations can leverage to protect their environments.<\/p>\n<p>\u00b7<strong>PowerShell Cmdlets for PowerApps and Microsoft Flow<\/strong> In May, we <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/blog\/gdpr-admin-powershell-cmdlets\/\" target=\"_blank\" rel=\"noopener\">introduced<\/a> PowerShell cmdlets that provide both user and admin functions to automate Application Lifecycle Management (ALM) and administrative tasks. We continue to update these PowerShell cmdlets based upon customer feedback. Please find the latest release <a href=\"https:\/\/docs.microsoft.com\/en-us\/powerapps\/administrator\/powerapps-powershell\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p>\u00b7<strong>PowerApps and Microsoft Flow Governance and Deployment Whitepaper <\/strong>was <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/blog\/powerapps-enterprise-deployment-whitepaper\/\" target=\"_blank\" rel=\"noopener\">released<\/a> earlier this month and includes prescriptive guidance for deploying and managing the Power platform. Topics within the whitepaper focus on the following areas:<\/p>\n<ul>\n<li style=\"margin-left: 40px\">Data Loss Prevention (DLP) Policies<\/li>\n<li style=\"margin-left: 40px\">PowerApps and Microsoft Flow Access Management<\/li>\n<li style=\"margin-left: 40px\">Automating Governance<\/li>\n<li style=\"margin-left: 40px\">Deployment Scenarios<\/li>\n<li style=\"margin-left: 40px\">Office 365 Security and Compliance Center<\/li>\n<li style=\"margin-left: 40px\">Importing and Exporting application packages<\/li>\n<li style=\"margin-left: 40px\">Licensing<\/li>\n<\/ul>\n<ul>\n<li><strong>Power platform Admin Center (coming soon)<\/strong> At the Business Application Summit in July, we <a href=\"https:\/\/www.microsoft.com\/en-us\/businessapplicationssummit\/video\/BAS2018-111120\" target=\"_blank\" rel=\"noopener\">announced<\/a> a unified experience for managing Dynamics 365, PowerApps, Microsoft Flow and CDS for Apps assets. One of the features of this new admin experience is Admin Analytics, which will provide administrators with an analytics experience that will provide insight into how these flows and apps are used within their tenant.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A common cyber security approach used by organizations to protect their digital assets is to leverage a defense-in-depth strategy. When customers ask how to best secure and govern their Microsoft Flow and PowerApps environments, we provide similar guidance. The following list represents different layers that you can use to protect your digital assets and apply governance to ensure your organization\u2019s interests are met.<\/p>\n","protected":false},"author":349,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","ms-ems-related-posts":[],"footnotes":""},"audience":[3378],"content-type":[3423],"job-role":[],"product":[3474],"property":[],"topic":[3445,3435],"coauthors":[2910],"class_list":["post-110968","post","type-post","status-publish","format-standard","hentry","audience-it-professional","content-type-tips-and-guides","product-power-automate","topic-management-and-governance","topic-operations"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy - Microsoft Power Platform Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy - Microsoft Power Platform Blog\" \/>\n<meta property=\"og:description\" content=\"A common cyber security approach used by organizations to protect their digital assets is to leverage a defense-in-depth strategy. When customers ask how to best secure and govern their Microsoft Flow and PowerApps environments, we provide similar guidance. The following list represents different layers that you can use to protect your digital assets and apply governance to ensure your organization\u2019s interests are met.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/power-automate\/security-governance-strategy\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Power Platform Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-30T14:47:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-11T15:07:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png\" \/>\n<meta name=\"author\" content=\"Kent Weare\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kent Weare\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/\",\"@type\":\"Person\",\"@name\":\"Kent Weare\"}],\"headline\":\"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy\",\"datePublished\":\"2018-08-30T14:47:07+00:00\",\"dateModified\":\"2025-06-11T15:07:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/\"},\"wordCount\":1117,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png\",\"keywords\":[\"Governance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/\",\"name\":\"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy - Microsoft Power Platform Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png\",\"datePublished\":\"2018-08-30T14:47:07+00:00\",\"dateModified\":\"2025-06-11T15:07:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.webp\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.webp\",\"width\":1024,\"height\":387,\"caption\":\"graphical user interface, application, Teams\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/\",\"name\":\"Microsoft Power Platform Blog\",\"description\":\"Innovate with Business Apps\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization\",\"name\":\"Microsoft Power Platform Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png\",\"width\":194,\"height\":145,\"caption\":\"Microsoft Power Platform Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/person\/a66d308251aebf9036a1e62c6bc2cd20\",\"name\":\"Kent Weare\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=gcd0a495c06c9934b159bd99f16922ecd\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g\",\"caption\":\"Kent Weare\"},\"url\":\"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy - Microsoft Power Platform Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/","og_locale":"en_US","og_type":"article","og_title":"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy - Microsoft Power Platform Blog","og_description":"A common cyber security approach used by organizations to protect their digital assets is to leverage a defense-in-depth strategy. When customers ask how to best secure and govern their Microsoft Flow and PowerApps environments, we provide similar guidance. The following list represents different layers that you can use to protect your digital assets and apply governance to ensure your organization\u2019s interests are met.","og_url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/power-automate\/security-governance-strategy\/","og_site_name":"Microsoft Power Platform Blog","article_published_time":"2018-08-30T14:47:07+00:00","article_modified_time":"2025-06-11T15:07:08+00:00","og_image":[{"url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png","type":"","width":"","height":""}],"author":"Kent Weare","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kent Weare","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/","@type":"Person","@name":"Kent Weare"}],"headline":"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy","datePublished":"2018-08-30T14:47:07+00:00","dateModified":"2025-06-11T15:07:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/"},"wordCount":1117,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png","keywords":["Governance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/","name":"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy - Microsoft Power Platform Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.png","datePublished":"2018-08-30T14:47:07+00:00","dateModified":"2025-06-11T15:07:08+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.webp","contentUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2024\/06\/1-flow.webp","width":1024,"height":387,"caption":"graphical user interface, application, Teams"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2018\/08\/30\/security-governance-strategy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/"},{"@type":"ListItem","position":2,"name":"Power platform Security &amp; Governance: Deploying a Defense in Depth Strategy"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/","name":"Microsoft Power Platform Blog","description":"Innovate with Business Apps","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#organization","name":"Microsoft Power Platform Blog","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-content\/uploads\/2020\/03\/Microsoft-Logo-e1685482038800.png","width":194,"height":145,"caption":"Microsoft Power Platform Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/#\/schema\/person\/a66d308251aebf9036a1e62c6bc2cd20","name":"Kent Weare","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=gcd0a495c06c9934b159bd99f16922ecd","url":"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ab342d9ec448e41bae6e48f7e21daf0dfc60f0df7c612a20e8dc99e0a468cfb9?s=96&d=mm&r=g","caption":"Kent Weare"},"url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/author\/keweare\/"}]}},"bloginabox_animated_featured_image":null,"bloginabox_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Power Platform Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts\/110968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/comments?post=110968"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts\/110968\/revisions"}],"predecessor-version":[{"id":128277,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/posts\/110968\/revisions\/128277"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/media?parent=110968"}],"wp:term":[{"taxonomy":"audience","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/audience?post=110968"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/content-type?post=110968"},{"taxonomy":"job-role","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/job-role?post=110968"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/product?post=110968"},{"taxonomy":"property","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/property?post=110968"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/topic?post=110968"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/wp-json\/wp\/v2\/coauthors?post=110968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}