CRM Crate

Learn to audit Power Platform activities using Microsoft Purview

In this blog post, we will learn to effectively audit Power Platform activities using Microsoft Purview, ensuring robust monitoring and governance. In this blogpost, learn to audit Power Platform activities using Microsoft Purview. Before we begin, ensure you subscribe to CRM Crate to remain informed about the latest developments in the Power Platform field.

Learn to audit Power Platform activities using Microsoft Purview

Microsoft Power Platform is a suite of applications, connectors, and a data platform (Dataverse) that provides a quick and easy way to build apps, automate workflows, create chatbots, and analyze data. It’s designed to help businesses and organizations leverage their data, streamline processes, and make more informed decisions. Here’s what’s included in the Power Platform:

  1. Power BI: A business analytics tool that allows you to visualize your data and share insights across your organization. It connects to hundreds of data sources and simplifies data preparation with the ability to create rich reports and dashboards.
  2. Power Apps: A suite of apps, services, connectors, and a data platform that provides a rapid development environment to build custom apps for your business needs. With Power Apps, you can create apps with no or minimal code, which can run on any device.
  3. Power Automate: Previously known as Microsoft Flow, this service helps you create automated workflows between your apps and services to synchronize files, get notifications, collect data, and more. It’s all about automating repetitive tasks and processes.
  4. Power Virtual Agents / Copilot Studio: This allows you to create powerful AI-driven chatbots that can interact with your customers or employees without the need for coding. These chatbots can answer questions, guide users through processes, or even handle transactions.
  5. Dataverse: Formerly known as Common Data Service (CDS), Dataverse is a scalable data service and app platform that lets you securely store and manage data used by business applications. Dataverse integrates seamlessly with other Power Platform tools and Microsoft services.

In essence, the Power Platform empowers you to build end-to-end business solutions by combining the capabilities of these individual tools. It’s particularly powerful because it allows users who might not be professional developers to create and deploy complex applications and automations.


Auditing activities in Power Platform with Microsoft Purview

Auditing activities in Microsoft Power Platform provides several key benefits that can significantly enhance your organization’s security, compliance, and operational efficiency. Here are some of the primary advantages:

  1. Enhanced Security: Auditing helps track who is accessing your data and what actions they are taking. This visibility allows you to detect and respond to unauthorized access or suspicious activities promptly.
  2. Compliance and Governance: Many industries have strict regulatory requirements for data handling and reporting. Auditing activities ensure that you have a detailed record of data interactions, which is crucial for compliance audits and demonstrating adherence to regulatory standards.
  3. Improved Data Integrity: By monitoring changes to your data, you can ensure its accuracy and reliability. Auditing helps identify and rectify errors or malicious alterations, maintaining the trustworthiness of your information.
  4. Operational Insights: Auditing provides valuable insights into how your Power Platform applications are being used. You can analyze usage patterns, identify bottlenecks, and optimize processes based on actual user behavior.
  5. Accountability and Transparency: Keeping a detailed log of activities promotes accountability among users. When individuals know their actions are being recorded, they are more likely to follow best practices and organizational policies.
  6. Proactive Issue Resolution: With detailed audit logs, you can quickly troubleshoot and resolve issues. If a problem arises, you can trace back through the logs to understand what happened and take corrective action.
  7. Historical Record: Audit logs serve as a historical record of all activities within the platform. This can be invaluable for reconstructing past events, conducting investigations, or simply understanding the evolution of your system over time.

By leveraging these benefits, organizations can maintain a secure, compliant, and efficient environment within Microsoft Power Platform, ultimately driving better outcomes and more effective use of their digital tools.

Learn about Microsoft Purview and how to audit different Power Platform activities using it

Microsoft Purview is an all-in-one solution designed to help your organization manage, protect, and oversee data no matter where it’s stored. It offers integrated tools to tackle issues like data fragmentation, limited visibility that affects data protection and governance, and the merging of traditional IT management roles.

Learn about Microsoft Purview and how to audit different Power Platform activities using it

Microsoft Purview brings together the old Azure Purview and Microsoft 365 compliance tools into a single platform, helping your organization to:

  • Get a clear view of data throughout the organization
  • Protect and manage sensitive data throughout its lifecycle, no matter where it’s stored
  • Govern data more effectively with new, comprehensive methods
  • Handle important data risks and meet regulatory requirements

How to Search for audit data in Microsoft Purview?

Follow these steps to search for audit data in Power Platform using Microsoft Purview.

Learn to audit Power Platform activities using Microsoft Purview
  • Now, within the audit search window, you can filter the search results according to your requirements. We will use the Date & Activities filters to query the auditing information for our Power Platform tenant.
Learn to audit Power Platform activities using Microsoft Purview
  • Within the Activity filter, you can easily enter terms such as ‘Power Platform,’ ‘PowerApp,’ or ‘Power Automate’ and select the relevant activity name of your choice.
Learn to audit Power Platform activities using Microsoft Purview
  • Once the filtering configuration is completed, click on ‘Search.’ The auditing information will then be extracted and displayed in the output window as shown below.
Learn to audit Power Platform activities using Microsoft Purview

Understanding Power Apps activity logging

You can track the audit history of various Power App activities within the Power Platform tenant, such as Power App creation, publishing, and deletion. Logging occurs at the SDK layer, so a single action can trigger multiple logged events. Here are some examples of user events you can audit:

EventDescription
Created appWhen the app gets created for the first time by a maker
Launched appWhen the app gets launched
Marked app as FeaturedEvery time the app is marked as Featured
Restored app versionThe version of the app when restored
Edited appAny updates made to the app by the maker
Published appWhen the app is published and is made available to others in the environment
Edited app permissionEvery time a user’s permissions to the app is changed
Deleted appWhen the app is deleted
Marked app as HeroEvery time the app is marked as Hero
Deleted app permissionEvery time a user’s permissions to the app is removed
Removed app as HeroEvery time the app is unset as Hero
Removed app as FeaturedEvery time the app is unset as Featured
Patched appEvery time the app is patched
Deleted app versionThe version of the app when deleted
Consented to the app’s APIsWhen the current user has consented to the application’s APIs
Imported new canvas appEvery time new canvas app is imported
Imported existing canvas appEvery time existing canvas app is imported
Published solution canvas app versionWhen canvas app version from solution is published
Added DataLossPreventionEvaluationResultWhen DLP evaluation occurs for the App
Admin restored deleted appWhen the deleted app is restored by the admin
Admin set desired logical nameWhen the desired logical name of the app is set by the admin
Admin modified app ownerWhen the app owner is modified by the admin
Admin modified app permissionsWhen the app permissions is modified by admin
Admin deleted appWhen the app is deleted by the admin
Admin set quarantine stateWhen the quarantine state of the app is set by the admin
Admin set conditional accessWhen the conditional access of the app is set by the admin
Admin set bypass consent stateWhen the bypass consent state of the app is set by the admin
Admin set app as featuredEvery time the app is marked as Featured by the admin
Admin allowed third party appsWhen third party apps were allowed by the admin

The image below illustrates what the Power App creation audit looks like. Here, you can see details such as the user or maker who created the application, the creation timestamp, the outcome, the version, the creator’s email address, and more.

Learn to audit Power Platform activities using Microsoft Purview

Understanding Power Automate activity logging

You can track the audit history of various Power Automate activities within the Power Platform tenant, such as flow creation, flow deletion & flow permission modification. Here are some examples of user events you can audit:

CategoryEventDescription
FlowsCreated flowThe time when a flow is created.
FlowsEdited flowAny updates made to the flow.
FlowsDeleted flowWhen the flow is deleted.
Flow permissionsEdited permissionsEvery time a user’s permissions to a flow changes, for example, when a user is added as co-owner.
Flow permissionsDeleted permissionsEvery time a user’s permissions to the flow is removed.
TrialsStarted a paid trialWhen a user starts a paid trial.
TrialsRenewed a paid trialWhen a user renews a paid trial.
Hosted RPAMicrosoft Entra ID joinedWhen a hosted RPA bot is joined to the customer’s tenant Microsoft Entra ID.

Understanding Power Pages activity logging

You can track the audit history of various Power Pages activities within the Power Platform tenant, such as modification in Power BI visualization, modification Power BI embedding service, modification in SharePoint integration. Here are some examples of user events you can audit:

Activity NameOperation NameDescription
Enable Power BI visualizationPowerBIVisualizationEnabledWhen Power BI visualization is enabled for the site
Disable Power BI visualizationPowerBIVisualizationDisabledWhen Power BI visualization is disabled for the site
Enable Power BI embedded servicePowerBIEmbeddedServiceEnabledWhen Power BI embedded service is enabled for the site
Disable Power BI embedded servicePowerBIEmbeddedServiceDisabledWhen Power BI embedded service is disabled for the site
Enable SharePoint integrationSharePointIntegrationEnabledWhen SharePoint integration is enabled for the site
Disable SharePoint integrationSharePointIntegrationDisabledWhen SharePoint integration is enabled for the site
Edit site URLSiteURLUpdatedWhen site URL is changed
Edit site details – Name UpdateSiteNameUpdatedWhen site name is changed
Edit site details – Website Record UpdateWebsiteRecordUpdatedWhen website record is updated
Shut down siteSiteShutDownWhen site is shut down
Delete siteSiteDeletedSite is deleted
Add custom domain nameCustomDomainConnectedWhen site is connected to a custom domain
Remove custom domain nameCustomDomainDeletedWhen custom domain is removed from the site
Change site visibilitySiteVisibilityUpdatedWhen site visibility is changed (private to public, or public to private)
Update site visibility permissionsSiteVisibilityPermissionsUpdatedWhen site visibility permissions (who can change site visibility) are updated
convert trial to productionConvertedToProductionWhen site is converted from trial to production
Set up IP Restrictions – Adding IP rangeIPRestrictionsAddedWhen a new range of IP addresses are added which can access the site
Set up IP Restrictions – Deleting IP rangeIPRestrictionsDeletedWhen a new range of IP addresses are deleted which can access the site
Enable WAFWAFEnabledWhen AFD (Azure Front Door) Web Application Firewall for security is enabled
Disable WAFWAFDisabledWhen AFD (Azure Front Door) Web Application Firewall for security is disabled
Restart siteSiteRestartedWhen site is restarted
Update custom certificatesCustomCertificateUpdatedWhen a custom certificate associated with the site is updated
Enable maintenance modeMaintenanceModeEnabledWhen site is put in maintenance mode
Disable maintenance modeMaintenanceModeDisabledWhen site if taken off of maintenance mode
disableAnonymousAccess exception list changedAnonymousSettingExceptionListChangedWhen anonymous access governance control is changed

These operations take time to complete from the point they’re initiated. The audit logs are captured when the action is initiated. It isn’t necessary that the action is successfully completed.

Understanding Power Platform Connector activity logging

You can track the audit history of various Power Power Platform Connector activities within the Power Platform tenant, such as API creation, API modification, API deletion, connection modification, gateway modification, API permission modification. Here are some examples of user events you can audit:

Connector eventDescription
API createdWhen a custom API is created
API editedWhen a custom API is updated
API deletedWhen a custom API is deleted
Connection created or editedWhen a connection is created or updated
Connection deletedWhen a connection is deleted
Connection editedWhen a connection is updated
API permission added or editedWhen a custom API is shared or the permissions are updated
API made solution-awareWhen a non-solution API is moved to a solution
API permission removedWhen sharing permissions of a custom API are removed
Connection permission added or editedWhen a connection is shared or sharing permissions are updated
Connection permission removedWhen sharing permissions of a connection are removed
Gateway cluster editedWhen a gateway cluster is updated
Gateway permission added or editedWhen a gateway is shared or the sharing permissions are updated
Gateway permission removedWhen sharing permissions of a gateway are removed
Added ConnectionDlpEvaluationResultWhen connection is turned off due to data policies

Understanding Data Loss Prevention activity logging

You can track the audit history of few DLP policy activities within the Power Platform tenant, such as modification in DLP policy. Here are some examples of user events you can audit:

DLP eventDescription
Created DLP PolicyWhen a new DLP policy is created
Updated DLP PolicyWhen an existing DLP policy is updated
Deleted DLP PolicyWhen a DLP policy is deleted

Understanding Power Platform environment lifecycle activity logging

You can track the audit history of various Power Platform environment lifecycle activities within the Power Platform tenant, such as environment creation, environment deletion, environment restoration. Here are some examples of user events you can audit:

EventDescription
Provisioned environmentThe environment was created.
Deleted environmentThe environment was deleted.
Recovered environmentAn environment that was deleted within seven days has been recovered.
Hard-deleted environmentThe environment was hard deleted.
Moved environmentThe environment was moved to a different tenant.
Copied environmentThe environment, including specific attributes such as application data, users, customizations, and schemas, were copied.
Backed up environmentThe environment that has been backed up.
Restored environmentThe environment has been restored from a back up.
Converted environment typeThe environment was converted to a different environment type, such as production or sandbox.
Reset environmentA sandbox environment has been reset.
Upgraded environmentA component of an environment has been upgraded to a new version.
CMK-Renewed environmentThe customer-managed key (CMK) has been renewed on the environment.
CMK-Reverted environmentEnvironment was removed from enterprise policy and encryption was returned to Microsoft-managed key.

Understanding Power Platform environment property activity logging

You can track the audit history of various Power Platform environment property activities within the Power Platform tenant, such as modification in environment name, modification in domain name & modification in security group. Here are some examples of user events you can audit:

EventDescription
Changed property on environmentCommunicates when a property on an environment has changed. In general, properties are metadata (names) that is associated with an environment. Includes changes to:
1. Display name
2. Domain name
3. Security group ID
4. Admin mode
5. Background operations state

Understanding Power Platform licensing activity logging

You can track the audit history of various Power Platform licensing activities within the Power Platform tenant, such as modification in billing policy, modification in currency & modification in trials. Here are some examples of user events you can audit:

CategoryEventDescription
Billing PolicyBillingPolicyCreateEmitted when a new billing policy is created.
Billing PolicyBillingPolicyDeleteEmitted when a billing policy is deleted.
Billing PolicyBillingPolicyUpdateEmitted when the environments linked to a billing policy change (added, removed).
ISVIsvContractConsentEmitted when a tenant admin consents to an ISV contract.
License Auto-claimAssignLicenseAutoClaimEmitted when a license is assigned to a user automatically via an auto-claim policy.
License Auto-claimAssignLicenseAutoClaimPolicyCreateEmitted when a new auto-claim policy is created.
CurrencyCurrencyEnvironmentAllocateEmitted when currency (add-on) is allocated or deallocated to an environment.
TrialsTrialConvertToProductionEmitted when a trial plan is converted to a production plan.
TrialsTrialEnforceEmitted when a customer attempts to provision environments beyond the trial limit.
TrialsTrialProvisionEmitted when a new trial plan is provisioned.
TrialsTrialSignUpEligibilityCheckEmitted prior to trial provisioning when a check occurs to determine trial eligibility.
TrialsTrialViralConsentEmitted when a tenant changes their consented plan types, and reflects the new state.
TrialsAssignLicenseToUserEmitted when a trial license is assigned to a user.
Environment LifecycleEnvironmentDisabledByMiserEmitted when an environment is automatically disabled due to insufficient database capacity.

In conclusion, mastering the audit of Power Platform activities using Microsoft Purview is essential for maintaining robust governance and security in your digital environment. By leveraging Purview’s comprehensive monitoring and reporting capabilities, organizations can gain valuable insights into user activities, data flows, and application usage within the Power Platform. This not only helps in identifying potential compliance issues and operational inefficiencies but also enhances the overall security posture by enabling proactive management and remediation. As businesses increasingly rely on Power Platform for critical operations, integrating Purview into your auditing strategy ensures that you can safeguard your digital assets effectively while optimizing performance and compliance.


error: CRM Crate Security Engine - Disabled Right Click & Selection!

Congratulations!

Well Done,
Welcome to CRM Crate

Stay tuned with us and get all latest updates and learning in Microsoft CRM and related techonologes.