What features will soon be available to better protect access to data?

It can be difficult for organisations to protect data and resources in the way that they want, particularly in cases where they need to fulfil legal and regulatory requirements. This post summarises enhancements that will help in these situations.

The Ignite conference provided some very interesting commentary about the Power Platform, including the roadmap for the future.The biggest piece of news was the announcement of Power FX.

Another interesting announcement included details about developments to data loss prevention policies, and the ability to better protect access to data. Here's a summary of some of the features that Charles Lamanna mentioned in his sessions.

1. There will be the ability to restrict where users can access data

It currently isn't possible to limit the locations where users can access data. As an example, let's imagine an app that uses a SQL Server data source. There may be a requirement to restrict access to this SQL data source from machines that are connected to a specific network, or devices that match a particular IP range.

To faciliate this requirement, data loss protection policies will include endpoint filtering. This will enable administrators to grant or deny access to a connector based on the endpoint/location of the user.

2. Connectors will provide more granular access to data and actions

Through "connector actions", we can define more specifically the actions that app builders and users can carry out through connectors.

Let's take the example of an app that uses Twitter connector. With the introduction of this feature, we can define a rule that permits app builders and users to retrieve data from a corporate Twitter account, but deny the ability to post tweets, or to retweet messages.

3. There will be the ability to classify and to label data

In most organisations, there is a need to classify or to label data.For example, the UK has a protective marking scheme that all government agencies must adhere to. This classifies records, documents, and data into categories that include official, secret, and top-secret.

Microsoft provides a solution called "Microsoft Information Protection" (MIP).

MIP labels and classifies data, using techniques that can include artificial intelligence.The data loss prevention policies from the Power Platform will support MIP, which will enable app builders to better control sensitive data.The benefit of MIP is that it applies the protective marking at the data level. This means that the protection will carry forward into all apps that use the data.

4. There will be improved isolation of data, where tenants are joined together

There are many organisations with a federated tenant setup, That is, a setup where separate Microsoft 365/ Dynamics 365 organisations have been joined together, possibly as a result of mergers or acquisitions, or to faciliate better sharing of data between business partners..

There is often the requirement to better control access to data between tenants. For example, let's imagine two distinct car companies that work together to produce common parts. There is a requirement to share some resources and data, but not to allow the complete sharing of data in both directions.

A new feature called 'tenant isolation' will facilitate this requirement. With this feature, an administrator can specify a target tenant, and define rules to block access from other tenants.


The Power Platform will soon include better features to secure and to control access to data. These features include connector endpoint filtering, the ability to control the specific actions are permissible against connectors, support for "Microsoft Information Protection", and the ability to isolate tenants in federated configurations.