Tenant isolation is a crucial feature in the Power Platform that allows administrators to govern the movement of tenant data from authorized data sources to and from their tenant. It ensures secure connections while minimizing the risk of data exfiltration outside the tenant.
- Tenant isolation applies to connectors using Microsoft Entra ID-based authentication, such as Office 365 Outlook or SharePoint. It doesn’t impact Microsoft Entra ID-based access outside of Power Platform.
- By default, Power Platform allows seamless cross-tenant connections if the user from tenant A presents valid Microsoft Entra credentials when establishing a connection to tenant B. However, administrators can enable tenant isolation to restrict these connections.
- When tenant isolation is turned on:
- Inbound connections (from external tenants to your tenant) and outbound connections (from your tenant to external tenants) are blocked by Power Platform, even if the user has valid credentials for the Microsoft Entra-secured data source.
- Admins can create an allowlist of specific tenants to bypass these restrictions. The allowlist can include tenants for inbound, outbound, or both directions.
- Using a special pattern “*” allows all tenants in a specific direction when tenant isolation is enabled.
- Note that there is a known issue with the Azure DevOps connector, where the tenant isolation policy may not be enforced for connections established using this connector. If insider attacks are a concern, consider limiting the use of this connector or its actions using data policies.
Key Features and Benefits:
Microsoft Power Platform’s Cross-Tenant Restrictions offer a myriad of features and benefits, including:
- Data Isolation: Ensuring that data from one tenant remains isolated from others, preserving confidentiality and compliance.
- Secure Collaboration: Facilitating secure collaboration between tenants through carefully managed permissions and access controls.
- Compliance Assurance: Enforcing regulatory compliance by restricting data access based on predefined policies and regulations.
- Streamlined Administration: Simplifying administrative tasks by providing a centralized interface for managing cross-tenant configurations and permissions.
Considerations for Multiple Tenants:
If you’re managing multiple tenants, keep in mind the following considerations:
- User accounts, identities, security groups, subscriptions, licenses, and storage cannot be shared among tenants.
- A single domain can only be federated with one tenant.
By focusing on data security in Power Platform and implementing tenant isolation, organizations can enhance their overall data protection strategies and ensure compliance with regulatory requirements.
No Comment! Be the first one.