Security Groups in Microsoft Entra ID (formerly Azure AD) help manage user access at scale. By assigning ISVs to specific Security Groups, customers can control access to Power Platform environments, even when ISVs have high-level admin roles.
2. How do Security Groups control ISV access to Power Platform environments?
Security Groups in Microsoft Entra ID are used to manage user access at scale.
Each Power Platform environment can be assigned a Security Group.
Only members of that Security Group can access the environment.
ISVs with Power Platform Administrator or Dynamics 365 Administrator roles must be explicitly added to the correct Security Group to gain access.
3. What are the benefits of using Security Groups for ISV access?
✅ Granular Access Control: ISVs can only access specific environments.
✅ Improved Security: Reduces the risk of unauthorized access.
✅ Auditability: Tracks ISV activities for compliance.
✅ Operational Efficiency: Easily manage ISV access by updating group membership.
✅ Zero Trust Alignment: Ensures ISVs access only what’s necessary.
4. How do I configure Security Groups for ISV access?
Step 1: Create a Security Group
Go to the Microsoft Entra admin center.
Navigate to Groups > + New Group.
Select Security as the group type, name the group, and add ISV accounts.
Step 2: Assign the Security Group to a Power Platform Environment
Go to the Power Platform admin center.
Select Environments, choose one, and under Details, assign the Security Group.
Step 3: Assign Roles within Security Groups
Go to Roles & Administrators in Microsoft Entra.
Assign Power Platform Administrator or Dynamics 365 Administrator roles to group members.
Step 4: Monitor and Audit Access
Use Microsoft Entra and Power Platform logs to track ISV activities.
Set up additional security measures like MFA and time-based access restrictions such as: MFA (Multi-Factor Authentication), Location-based access restrictions and Time-based access limits
5. What happens if an environment is linked to a Security Group?
If an environment is linked to a Security Group, only users within that group can access it—regardless of their Power Platform or Dynamics 365 Administrator roles.
Summary
Using Security Groups in Microsoft Entra ID ensures secure and controlled ISV access to Power Platform environments. This approach strengthens security, improves compliance, and aligns with the Zero Trust model.