TickYouOff
Sign in
Back
🔒

Microsoft Power Platform Security Checklist (CISA SCuBA)

Medium 19 items · 3 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist translates the CISA SCuBA Secure Configuration Baseline for Microsoft Power Platform into actionable steps. It’s designed for IT and security teams (and informed general users) who need to harden Power Platform tenant, environments, apps, and data.

Source: https://ncp.nist.gov/checklist/1089

Progress
0 / 19
  1. Review the CISA SCuBA and Microsoft Power Platform guidance — Download and read the SCuBA baseline and Microsoft guidance before changes.
  2. Inventory Power Platform tenants, environments, apps, connectors, and owners — Create a single list of environments, apps, connectors, and administrators.
  3. Assign and review admin and service account roles; remove unnecessary privileges — Use role-based access, remove orphaned or legacy admin accounts.
  4. Configure access controls — Set tenant and environment access policies to limit exposure.
  5. Enable multi-factor authentication for all admins and privileged accounts — Require MFA for admin and service accounts to block credential misuse.
  6. Enforce least privilege for service and user accounts — Grant only the roles and permissions required for tasks.
  7. Implement Conditional Access policies for Power Platform — Block legacy auth and require compliant devices or location rules.
  8. Disable or tightly control site and app creation in the tenant — Limit who can create sites/apps to reduce shadow IT (see MS guidance).
  9. Configure Data Loss Prevention (DLP) policies across environments — Define policies to prevent sensitive data exfiltration via connectors.
  10. Restrict and block unapproved connectors and external data connections — Whitelist approved connectors and block risky or legacy connectors.
  11. Enable unified audit logging and monitoring for Power Platform — Ensure audit logs are captured and retained per policy.
  12. Integrate audit logs with your SIEM and create actionable alerts — Forward logs to SIEM and configure alerts for suspicious activity.
  13. Regularly review and apply Microsoft, CISA updates and CVE guidance — Subscribe to advisories and review CVEs affecting Power Platform.
  14. Implement backup and recovery for Power Platform apps and data — Define backup schedules and test restores for apps and Dataverse data.
  15. Conduct regular security assessments, configuration reviews, and penetration tests — Include environment-hardening and API/connector testing in reviews.
  16. Train creators and end users on secure app development and phishing risks — Provide guidance on secure low-code practices and safe sharing.
  17. Document and maintain incident response procedures specific to Power Platform — Include detection, containment, communication, and recovery steps.
  18. Subscribe to Microsoft and CISA advisories and confirm support contacts — Add vendor and CISA contacts for timely advisories and incident help.
  19. Review and restrict external sharing and guest access settings — Limit guest users, external sharing, and enforce tenant controls.
Sign in to save
📝 My Notes