Max and Zoe Discuss: Cross-Tenant Inbound and Outbound Restrictions

Dynamics 365, Governance, Power Platform 2 Minutes

Max: “Zoe, I’ve been thinking. Our data in Power Platform is starting to feel a bit… too free.”

Zoe: “What do you mean, Max? Are we losing control over our data?”

Max: “Not exactly losing control, but it feels like we’re not doing enough to keep our data within the tenant. I’m worried about the risk of data exfiltration, especially with all these connectors.”

Zoe: “Ah, sounds like it’s time to talk about Tenant Isolation. It’s like setting up invisible barriers that keep our data from sneaking out or letting others sneak in.”

Max: “That’s exactly what I’m looking for. So, how does it work?”

Zoe: “Tenant Isolation in Power Platform lets administrators control how data moves across tenants using Microsoft Entra ID-based authentication. It’s a way to make sure that connections can only be established with your tenant if you explicitly allow them.”

Max: “So, if I turn on Tenant Isolation, what happens?”

Zoe: “When you turn on Tenant Isolation, all inbound and outbound cross-tenant connections are blocked by default. But don’t worry, you can set up allowlists to make exceptions for specific tenants.”

Max: “That sounds handy. What if I have existing apps and flows using cross-tenant connections?”

Zoe: “Great question! Before you enable Tenant Isolation, you can run reports to identify which tenants need to be exempt. That way, you can create rules to allow those connections to continue.”

Max: “I see. But what happens if someone tries to establish a connection that’s not on the allowlist?”

Zoe: “Simple—Power Platform will block it, even if they have valid Microsoft Entra credentials. You can configure these allowlists directly from the Power Platform admin center.”

Max: “That’s reassuring. But what about outbound connections? Do I need to manage those separately?”

Zoe: “Yes, outbound connections are treated the same way. You can allow specific tenants to connect out, or you can block them altogether. It’s all about controlling the flow of your data.”

Max: “I like this idea of building virtual walls around our data. But what if I change the Tenant Isolation policy after apps and flows have already been created?”

Zoe: “Good point. If you update the policy, some apps and flows might break if they relied on those cross-tenant connections. You’ll see errors in Power Automate’s run history, and you’ll need to adjust the connections or update the allowlist.”

Max: “Got it. This is definitely something we need to set up. Any known issues I should be aware of?”

Zoe: “There is one. The Azure DevOps connector doesn’t fully support Tenant Isolation due to its unique authentication process. If that’s a concern, you might want to limit its use with data policies.”

Max: “Thanks for the heads-up, Zoe. It sounds like Tenant Isolation is the way to go for keeping our data secure.”

Zoe: “Absolutely, Max. Let’s get those virtual walls up and keep our data where it belongs—right here with us.”

Unknown's avatar

Published by Kailash Ramachandran

As a Software Consultant by trade, I excel in the intricate art of designing and developing software applications, skillfully navigating through complex technical puzzles. My professional life revolves around programming, but away from the computer, I'm an ardent sports aficionado. I actively participate in a variety of sports, savoring the exhilaration of competition and the joys of physical exertion. In moments of respite from the adrenaline of sports and the focus of coding, I retreat into the rich realms of literature. My love for reading is eclectic, spanning various genres, each quenching my endless curiosity and love for storytelling. More recently, I've embarked on a journey into writing, a venture where I channel my thoughts and imaginative flair into written expressions, exploring this new avenue of creativity with enthusiasm.

Published

Leave a comment