ASD's Blueprint for Secure Cloud

Mitigation of Power Platform security risks

This section describes how core security risks within the Power Platform will be mitigated for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 1 minute

Below lists the core security risks for the Power Platform and how they are mitigated via the documented design decisions.

Information leakageConfigure Power Platform Data loss prevention (DLP) policies to act as guardrails to help prevent users from unintentionally exposing organisational data and to protect information security in the tenant.
Enable Tenancy Isolation to block inbound and outbound connections with external tenancies
Connection to external data sourcesConfigure Power Platform Data loss prevention (DLP) policies to restrict usage to Microsoft 365 only connectors.
- Data Gateways which connect to external data sources not enabled.
Operational Information securityEnable Power Platform Customer lockbox to ensure that organisation can review and approve (or reject) data access requests when data access to customer data is needed by Microsoft engineers.

Security & Governance

  • None identified


  • None identified


  • None identified


Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra