Power Platform and Power Apps Security – FAQ
Q1: Where would the Power Apps data be stored?
The location of a Microsoft’s customer data is tied to the location of the Microsoft 365 Tenant. More details available at ‘Data Residency’ section in this link https://learn.microsoft.com/en-us/power-platform/admin/security/data-storage
For PowerApps, the location where the information is stored is configurable and can be specified at the time of deployment. More details available at https://learn.microsoft.com/en-us/power-platform/admin/regions-overview
Q2: Are you hosing the Power Apps on local or overseas servers?
For Singapore based customers, the ‘Southeast Asia’ region will be used for PowerApps applications which resides in Singapore Datacenter.
Q3: Is there an external back up of Power Apps data? If so, where would it be stored?
All PowerApps environments are automatically backed up continuously by the system in Azure and restore points are created every hour. On top of these system backups, manual backups can be created as well. More details available at https://learn.microsoft.com/en-us/power-platform/admin/backup-restore-environments
Q4: What are the security Protocols and are there any periodic Penetration Tests?
Yes. Microsoft provides publicly available Compliance certificates and periodic third party audit reports such as penetration tests under their Trust Center. More details are available at https://www.microsoft.com/en-sg/trust-center/compliance/compliance-overview#compliance
Some of the compliance standards including Singapore specific certifications are available at https://learn.microsoft.com/en-sg/compliance/regulatory/offering-home
Penetration test reports at https://servicetrust.microsoft.com/viewpage/PenTest
Q5: Would we able to link to our Microsoft 365 / Azure activity directory?
Yes. The Power Platform and Dynamics 365 are all managed under your Azure Active Directory (Now renamed as Microsoft Entra ID).
All your security groups will be created in your existing Azure AD and access controls for each app such as DMS, MMS etc will be controlled by these AD Security groups. More details available at https://learn.microsoft.com/en-us/power-platform/admin/wp-security-cds