Microsoft Entra: Building Trust in a Borderless Digital World
As nonprofits embrace hybrid work, multi-cloud environments, and digital transformation to better serve their missions, the need for secure, intelligent access has never been greater. Traditional identity solutions often fall short in protecting diverse user groups like staff, volunteers, donors, and partners. Microsoft Entra offers a unified family of identity and network access products designed to verify every identity, validate every access request, and secure every connection—helping nonprofits stay resilient, compliant, and mission-focused. What Is Microsoft Entra? Microsoft Entra offers a unified family of identity and network access products designed to verify every identity, validate every access request, and secure every connection—helping nonprofits stay resilient, compliant, and mission-focused. The suite includes: Microsoft Entra ID (formerly Azure Active Directory): A cloud-based identity and access management service that supports Single Sign-On (SSO), Multifactor Authentication (MFA), and Conditional Access policies to protect users, apps, and resources. Microsoft Entra ID Governance: Automates identity lifecycle management, ensuring users have the right access at the right time—and nothing more. It supports access reviews, role-based access control, and policy enforcement. Microsoft Entra External ID: Manages secure access for external users like customers, partners, and vendors. It enables personalized, secure experiences without compromising internal systems. Microsoft Entra Private Access: Provides secure, VPN-less access to private apps and resources across hybrid and multi-cloud environments. It’s ideal for remote work scenarios and legacy app support. Microsoft Entra Internet Access: Offers secure web access with identity-aware controls, helping protect users from malicious sites and enforcing compliance policies. Why Microsoft Entra Matters for Nonprofits Unified Identity Protection: Secures access for any identity—human or workload—to any resource, from anywhere. Zero Trust Enablement: Verifies every access request based on identity, device health, location, and risk level. Multi-cloud and Hybrid Ready: Works across Microsoft 365, Azure, AWS, Google Cloud, and on-premises environments. Compliance and Governance: Supports nonprofit regulatory needs with automated access reviews, audit trails, and policy enforcement. Getting Started with Microsoft Entra Assess your security posture through Microsoft Secure Score – Helps nonprofits monitor and improve identity, device, and app security posture. Building Conditional Access policies in Microsoft Entra – Create policies to protect users and data based on risk, location, and device health. Create a lifecycle workflow – Automate onboarding, role changes, and offboarding for staff, volunteers, and contractors. Microsoft Entra External ID documentation – Manage secure access for donors, partners, and community members. Real-World Impact A global nonprofit recently used Microsoft Entra to streamline access for volunteers, staff, and external partners. By automating identity governance and enabling secure access to cloud apps, they reduced administrative overhead and improved security posture—without sacrificing user experience. Conclusion Microsoft Entra empowers nonprofits to modernize identity and access management with a unified, secure, and intelligent approach. Whether you're enabling remote work, collaborating with external partners, or safeguarding sensitive donor data, Entra provides the tools to build trust, enforce least privilege, and stay compliant. By adopting Entra, nonprofits can focus more on their mission and less on managing risk—ensuring that every connection is secure, every identity is verified, and every access is governed.Comprehensive Identity Protection—Across Cloud and On-Premises
Hybrid IT environments, identity is the new perimeter—and protecting it requires visibility across both cloud and on-premises systems. While Microsoft Entra secures cloud identities with intelligent access controls, Microsoft Defender for Identity brings deep insight into your on-premises Active Directory. Together, they form a powerful duo for comprehensive identity protection. Why Hybrid Identity Protection Matters Most organizations haven’t fully moved to the cloud. Legacy systems, on-prem applications, and hybrid user scenarios are still common, and attackers know it. They exploit these gaps using techniques like: Pass-the-Hash and Pass-the-Ticket attacks Credential stuffing and brute-force logins Privilege escalation and lateral movement Without visibility into on-prem identity activity, these threats can go undetected. That’s where Defender for Identity steps in. What Is Microsoft Defender for Identity? Defender for Identity is part of Microsoft Defender XDR—a cloud-based solution that monitors on-premises Active Directory for suspicious behavior. It uses behavioral analytics and threat intelligence to detect identity-based attacks in real time. Key capabilities: Detects compromised accounts and insider threats Monitors lateral movement and privilege escalation Surfaces risky users and abnormal access patterns Integrates with Microsoft 365 Defender and Sentinel for unified response Why It Pairs Perfectly with Microsoft Entra Microsoft Entra (formerly Azure AD) protects cloud identities with features like Conditional Access, Multifactor Authentication, and Identity Governance. But Entra alone can’t see what’s happening in your on-prem AD. By combining Entra and Defender for Identity, you get: End-to-end visibility across cloud and on-prem environments Real-time threat detection for suspicious activities like lateral movement, privilege escalation, and domain dominance Behavioral analytics to identify compromised accounts and insider threats Integrated response capabilities to contain threats quickly and minimize impact Actionable insights that help strengthen your identity posture and reduce risk Together, they deliver comprehensive identity protection—giving you the clarity, control, and confidence to defend against modern threats. Real-World Impact Imagine a scenario where an attacker gains access to a legacy on-prem account and begins moving laterally across systems. Defender for Identity detects the unusual behavior and flags the account as risky. Entra then blocks cloud access based on Conditional Access policies tied to that risk signal—stopping the attack before it spreads. Getting Started Deploy Defender for Identity sensors on your domain controllers Install a sensor - step-by-step instructions to install Defender for Identity sensors on your domain controllers to begin monitoring on-premises identity activity. Activate the sensor on a domain controller - Guidance on activating the installed sensor to ensure it starts collecting and analyzing data. Deployment overview - A high-level walkthrough of the Defender for Identity deployment process, including prerequisites and architecture. Connect Defender for Identity to Microsoft 365 Defender Integration in the Microsoft Defender portal - Learn how to connect Defender for Identity to Microsoft 365 Defender for centralized threat detection and response. Pilot and deploy Defender for Identity - Best practices for piloting Defender for Identity in your environment before full-scale deployment. Enable risk-based Conditional Access in Entra Configure risk policies in Entra ID Protection - Instructions for setting up risk-based policies that respond to identity threats in real time. Risk-based access policies overview - An overview of how Conditional Access uses risk signals to enforce adaptive access controls. Use Entra ID Governance to enforce least privilege Understanding least privilege with Entra ID Governance - Explains how to apply least privilege principles using Entra’s governance tools. Best practices for secure deployment - Recommendations for securely deploying Entra ID Governance to minimize identity-related risks. Integrate both with Microsoft Sentinel for advanced hunting Microsoft Defender XDR integration with Sentinel - How to connect Defender for Identity and other Defender components to Microsoft Sentinel for unified security operations. Send Entra ID data to Sentinel - Instructions for streaming Entra ID logs and signals into Sentinel for deeper analysis. Microsoft Sentinel data connectors - A catalog of available data connectors, including those for Entra and Defender for Identity, to expand your threat detection capabilities. Final Thoughts It's the perfect time to evaluate your identity protection strategy. By pairing Microsoft Entra with Defender for Identity, you gain full visibility across your hybrid environment—so you can detect threats early, respond quickly, and protect every identity with confidence. Ready to strengthen your identity perimeter? Start by deploying Defender for Identity and configuring Entra policies today.Want to Avoid Accidently Deleting your Resources in Azure? It's Easier Than You Think
Sometimes, knowingly or unknowingly you might delete a resource group in Azure. In this article let's talk about how to configure Azure Resource Locking in order to protect them from being deleted or modified accidentally.Cybersecurity Is Mission Imperative: What Nonprofits Must Learn from the 2025 Digital Defense Report
In today’s digital-first world, nonprofits depend on technology to deliver services, engage communities, and scale impact. But with that reliance comes growing risk—from identity-based attacks to AI-driven threats and cloud vulnerabilities. The 2025 Microsoft Digital Defense Report offers a strategic lens into the global cybersecurity landscape. For nonprofit leaders, it’s more than a technical document—it’s a wake-up call. Cybersecurity is no longer a back-office concern. It’s a mission-critical priority. Key Takeaways for Nonprofits: Identity is the new attack surface—protect credentials, not just systems. AI is reshaping both threats and defenses—learn to leverage it. Cloud and vendor vulnerabilities are rising—secure your digital supply chain. Resilience matters—build systems that recover quickly and train your teams. The quantum era is coming—start preparing for post-quantum cryptography. Why It Matters: Protecting data means protecting people. Embedding cybersecurity into every layer of your organization—from boardroom strategy to frontline service delivery—is essential to maintaining trust and impact. For More Information: Explore the full Microsoft Digital Defense Report 2025 for deeper insights and practical guidance. Read the full report: Microsoft Digital Defense Report 2025 To learn more and join the conversation, follow Microsoft for Nonprofits LinkedIn for updates, expert insights, and community engagement around nonprofit cybersecurity. Visit: Microsoft for NonprofitsCybersecurity Starts Here: Strong Passwords for Nonprofits
In the nonprofit world, trust is everything. Whether you're protecting donor data, safeguarding beneficiary information, or managing internal systems, your digital security matters. One of the simplest—and most powerful—ways to protect your organization is by using strong passwords. These tools form the first line of defense against cyber threats and help ensure your mission stays on track. Why Strong Passwords Matter Weak passwords are like unlocked doors—they invite trouble. Cybercriminals often exploit simple or reused passwords to gain unauthorized access, impersonate staff, steal sensitive data, or disrupt operations. A strong password acts as a digital lock: hard to guess, harder to crack. Characteristics of a strong password: At least 12 characters long A mix of uppercase, lowercase, numbers, and symbols Unique for every account Not based on personal info (no pet names, birthdays, or favorite sports teams!) Microsoft Tools That Help You Stay Secure Microsoft offers nonprofit-friendly tools to help enforce strong password policies and protect user identities: Microsoft Entra ID (formerly Azure Active Directory) Centralized identity and access management Multi-factor authentication (MFA) to prevent unauthorized logins Conditional access policies and role-based access control Microsoft 365 Security Center Monitor password-related alerts and suspicious sign-ins Enforce password expiration and complexity policies View security recommendations tailored to your organization Microsoft Defender for Endpoint Detects brute-force password attacks and credential theft Protects devices from malware and phishing attempts Integrates with Microsoft 365 for unified threat response Tips for Nonprofit Teams Building a culture of cybersecurity starts with small, consistent actions: Make it policy: Require strong passwords use across your organization Train your team: Host a lunch-and-learn or share a how-to guide on password safety Enable MFA: Add multi-factor authentication for all accounts Audit regularly: Review access and update credentials when staff roles change Clean up old accounts: Remove unused logins and shared credentials Your Mission Deserves Protection Cybersecurity isn’t just an IT issue—it’s a mission-critical priority. By adopting strong password practices, you’re taking a proactive step to protect your people, your data, and your impact. Microsoft’s ecosystem offers scalable, nonprofit-friendly tools to help you build a secure foundation—so you can focus on what matters most: serving your community.Cybersecurity 101: Protecting Your Nonprofit with Microsoft Tools
Cybersecurity isn’t just an IT concern—it’s a mission-critical priority. For nonprofits, safeguarding sensitive data, maintaining donor trust, and ensuring operational continuity are foundational to achieving impact. In an increasingly digital world, cyber threats are evolving rapidly, and nonprofits—often operating with limited resources—can be especially vulnerable. The good news? Microsoft offers a suite of powerful, easy-to-use tools designed to help nonprofits build a resilient security posture without needing a full-time IT department. What Is Cybersecurity? Cybersecurity is the practice of protecting systems, networks, and data from unauthorized access, attacks, or damage. For nonprofits, this means defending the integrity of: Donor and beneficiary information: Personal data that must be protected to maintain trust and comply with privacy laws. Financial records: From grant funding to payroll, financial data is a prime target for cybercriminals. Internal communications: Sensitive discussions around strategy, staffing, and partnerships. Program data and impact reports: Valuable insights that drive funding and stakeholder engagement. A breach in any of these areas can lead to reputational damage, legal consequences, and disruption of services—making cybersecurity a strategic imperative. Microsoft Tools That Help You Stay Secure Microsoft’s ecosystem is designed to meet nonprofits where they are—whether you're just starting your digital journey or managing complex operations across borders. Microsoft Defender Built-in protection against viruses, malware, ransomware, and phishing attacks Available across Windows devices and Microsoft 365 environments Real-time threat detection, automatic updates, and endpoint protection Microsoft Entra ID (formerly Azure Active Directory) Centralized identity and access management Multi-factor authentication (MFA) to prevent unauthorized logins Role-based access control to ensure staff and volunteers only access what they need Microsoft Purview Advanced data governance and compliance tools Helps classify, label, and protect sensitive information Supports regulatory compliance (e.g., HIPAA, GDPR) for nonprofits handling health or financial data Microsoft Outlook + Exchange Online Protection Filters out spam, phishing attempts, and malicious attachments Encryption options for secure email communication Safe Links and Safe Attachments features to prevent accidental clicks on harmful content Microsoft 365 Security Center Unified dashboard to monitor and manage security across your organization Actionable alerts and recommendations tailored to your environment Designed for ease-of-use, even for teams without dedicated IT staff Cybersecurity Best Practices for Nonprofits Technology alone isn’t enough—building a culture of security is key. Here are essential practices every nonprofit should adopt: Use strong, unique passwords and consider a password manager for staff Enable MFA on all accounts to add an extra layer of protection Educate your team on phishing, social engineering, and safe online behavior Keep software and systems updated to patch known vulnerabilities Limit access to sensitive data based on roles and responsibilities Back up data regularly using secure, encrypted methods Your Mission Deserves Protection Whether you're a small grassroots organization or a global NGO, your mission depends on trust, continuity, and resilience. Cybersecurity isn’t a luxury—it’s a necessity. Microsoft’s tools are designed to be scalable, affordable, and accessible, helping nonprofits protect what matters most: their people, their data, and their impact. By investing in cybersecurity today, you’re not just protecting your organization—you’re strengthening your ability to serve tomorrow.Know Your Risk: Using Microsoft Purview to Protect Sensitive Data
In today’s digital-first world, data is everywhere—and so are the risks. From donor records to financial reports, sensitive information flows across emails, documents, and cloud platforms. In keeping with the Cybersecurity Awareness Month theme, this is the perfect time to ask: Do you know where your sensitive data lives—and how well it’s protected? Enter Microsoft Purview, a unified data governance and compliance solution designed to help organizations discover, classify, and safeguard sensitive information across Microsoft 365 and beyond. Why Knowing Your Risk Matters Data breaches don’t just cost money—they erode trust. Whether you're a nonprofit, healthcare provider, or public sector agency, protecting sensitive data is essential to maintaining credibility and fulfilling your mission. But you can’t protect what you can’t see. That’s where Microsoft Purview comes in. What Microsoft Purview Can Do for You Discover Sensitive Data Automatically: Purview uses built-in AI and machine learning to scan your environment—emails, SharePoint, OneDrive, Teams, and more—to identify sensitive content like PII, financial data, and health records. Classify and Label Content Intelligently: With sensitivity labels and data classification policies, Purview helps you tag and track sensitive data based on its risk level and regulatory requirements. Prevent Data Loss Before It Happens: Data Loss Prevention (DLP) policies allow you to block or warn users before sensitive data is shared externally or stored in risky locations. Monitor Insider Risk and Compliance: Purview’s Insider Risk Management and Compliance Manager tools help you detect risky behavior, enforce policies, and stay audit-ready. Extend Protection Beyond Microsoft 365: Purview integrates with third-party apps and on-premises data sources, giving you a holistic view of your data landscape. Real-World Impact A global nonprofit recently used Microsoft Purview to scan thousands of documents and emails for donor information. Within days, they identified exposure risks, applied sensitivity labels, and implemented DLP policies—reducing their compliance risk by over 40%. Getting Started with Microsoft Purview 1. Set Up Your Purview Account Sign in at portal.azure.com, search for “Microsoft Purview accounts,” and click Create to begin setting up a new Purview account. Click Create to start a new Purview account. Choose your subscription, resource group, region and account name. Click Review + Create, then Create Click on Go to resource once your deployment is complete to go to the Purview account’s overview page. From there, click “Open Microsoft Purview Governance Portal” and choose either the New or Classic experience, depending on your preferred interface, to launch Purview Studio. 2. Connect and Scan Data Sources Once inside Purview Studio, navigate to the left-hand menu and select “Data Map” to open the Data Sources page. Click “Register” to add a new data source Choose from supported sources such as Azure Data Lake, SQL databases, SharePoint, Amazon S3 and more. 3. Define Governance Policies Once your data sources are connected and scanned, it's time to establish governance policies to protect and manage your sensitive information. You Can: Use sensitivity labels to classify and protect data across Microsoft 365 - Create and publish sensitivity labels | Microsoft Learn Manage access using role-based permissions in Purview’s governance portal - Access control in the classic Microsoft Purview governance portal | Microsoft Learn Create DLP policies to monitor and prevent the sharing of sensitive data - Learn about data loss prevention | Microsoft Learn Detect and respond to risky user behavior with built-in analytics and privacy controls - Learn about Insider Risk Management | Microsoft Learn Manage metadata, lineage, and governance domains across your data estate - Learn about Microsoft Purview Unified Catalog | Microsoft Learn Track regulatory requirements, assess risk, and manage improvement actions- Get started with Microsoft Purview Compliance Manager | Microsoft Learn Conclusion Cybersecurity Awareness Month is more than a reminder—it's a call to action. In a world where data moves faster than ever, visibility and control are no longer luxuries—they're necessities. Microsoft Purview empowers organizations to take charge of their data, uncover hidden risks, and build a culture of trust and resilience. Whether you're just starting your governance journey or looking to strengthen existing policies, Purview offers the tools to discover, classify, and protect sensitive information across your entire digital estate. From automated scans to intelligent labeling and real-time risk management, it's your partner in proactive data defense. This month, make cybersecurity more than a priority—make it a practice. Start with Purview. Stay secure. Lead with confidence.Strengthen Your Security Posture This October with Smarter Endpoint Protection
As organizations accelerate digital transformation, endpoints have become the frontline of defense—and the most frequent target. From phishing emails to fileless malware, attackers are exploiting gaps in visibility and response. It’s no longer enough to react after the fact. You need security that’s proactive, intelligent, and built for scale. Microsoft Defender for Endpoint delivers exactly that—combining real-time detection, automated remediation, and deep threat analytics to help you stay ahead of adversaries. Detection: Smarter Than Signature-Based Security Defender for Endpoint uses a multi-layered detection strategy that goes far beyond traditional methods: Behavioral Analysis: It monitors how apps and users behave, flagging anomalies like privilege escalation or lateral movement. Machine Learning & AI: Defender analyzes trillions of signals daily to identify patterns that indicate emerging threats—even zero-day attacks. Threat Intelligence: Backed by Microsoft’s global security graph, it detects known malware, ransomware, and nation-state tactics in real time. Endpoint Detection & Response (EDR): It continuously collects and analyzes endpoint data to surface suspicious activity and indicators of compromise. Response: Automated, Precise, and Scalable Once a threat is detected, Defender doesn’t just alert—it acts: Automated Investigation & Remediation: Defender uses AI to investigate alerts, determine root cause, and automatically contain or remove threats. Attack Timeline: Security teams get a visual map of the attack’s progression, helping them understand how it started and spread. Live Response: Analysts can remotely connect to compromised devices, run scripts, collect forensic data, and take corrective action. Integration with Microsoft Sentinel: Defender feeds threat data into your SIEM for broader visibility and correlation across your environment. Real-World Impact Take the example of a nonprofit organization targeted by a phishing campaign. Defender for Endpoint detected unusual PowerShell activity, isolated the device, and triggered an automated investigation. Within minutes, the threat was neutralized—no data loss, no downtime. Why It Matters During Cybersecurity Awareness Month, it’s the perfect time to evaluate your endpoint security. Defender for Endpoint doesn’t just detect threats—it empowers your team to respond with speed and confidence. Getting Started with Microsoft Security 1. Review Your Microsoft Secure Score - Start by assessing your current security posture in the Microsoft 365 Defender portal. Secure Score provides a prioritized list of recommendations to improve your organization's security based on real usage and configurations. Link: Assess your security posture through Microsoft Secure Score - Microsoft Defender XDR | Microsoft Learn 2. Enable Automated Investigation & Remediation (AIR) - Reduce response time and manual effort by turning on AIR. It automatically investigates alerts, determines root causes, and takes remediation actions—helping you contain threats faster. Link: Use automated investigations to investigate and remediate threats - Microsoft Defender for Endpoint | Microsoft Learn 3. Explore Threat Analytics in Defender - Threat Analytics provides expert-driven insights into emerging threats, vulnerabilities, and attack techniques—tailored to your environment. Use it to stay ahead of adversaries and understand how global threats impact your organization. Link: Threat analytics in Microsoft Defender XDR - Microsoft Defender XDR | Microsoft Learn 4. Connect Microsoft Defender to Sentinel - Integrate Defender with Microsoft Sentinel to unify your security operations. This enables centralized monitoring, advanced hunting, and automated incident response across your entire digital estate. Link: Connect Microsoft Defender XDR data to Microsoft Sentinel | Microsoft Learn This Cybersecurity Awareness Month, empower your organization to stay one step ahead of evolving threats. With Microsoft Defender for Endpoint, you gain intelligent, automated protection and deep visibility—so you can detect, respond, and neutralize risks before they turn into breaches.Empowering Nonprofits to Strengthen Digital Defenses
Did you know October is Cybersecurity Awareness Month? It’s the perfect time for nonprofits to strengthen their digital defenses and build a culture of security. This year’s theme— “Cybersecurity first, stay safe always”—is a powerful reminder to prioritize digital safety in every aspect of your mission. Whether you're protecting donor data, securing service delivery systems, or educating your team, cybersecurity is foundational to trust, resilience, and impact. What to Expect in October Throughout the month, Microsoft Elevate will be sharing a curated collection of resources designed to help nonprofit organizations build awareness, strengthen defenses, and elevate cybersecurity capabilities across their teams. Please see the resources below to explore and share with your teams: Cybersecurity Awareness Month Website - Explore best practices, infographics, videos, guidance tailored for organizations and individuals—and discover training and learning resources to build cybersecurity skills. Live: October 1, 2025 Link: https://aka.ms/CybersecurityAwareness Be Cybersmart Kit: - Infographics and tips to help your team stay secure in the age of AI. Live: October 1, 2025 Link: https://aka.ms/BeCybersmartKit Skilling Opportunities for Nonprofit Teams Cybersecurity is a shared responsibility. These free learning pathways and scholarship programs are designed to build skills and confidence across your organization: Career Essentials in Cybersecurity – LinkedIn Learning pathway with certification Link: https://aka.ms/Cyber-Pathway Securing You – MS Learn Pathway – Basics and Zero Trust modules Link: https://aka.ms/Cybersecurity_PreFundamentals Women in Cloud – Coursera access, mentorship, and certification vouchers for women in the US Link: https://aka.ms/WiC Last Mile Education Fund – Scholarships for US community college students pursuing cybersecurity careers Link: https://aka.ms/Cyber-Scholarship Why It Matters for Nonprofits Nonprofits are trusted stewards of sensitive data and critical services. Cybersecurity isn’t optional—it’s essential. By participating in Cybersecurity Awareness Month, you’re not just protecting your systems—you’re protecting your mission. A Final Word Cybersecurity isn’t just a technical priority—it’s a mission-critical responsibility. For nonprofits, safeguarding digital assets means protecting the communities you serve, the trust you’ve built, and the impact you strive to make every day. This October, let’s move beyond awareness and into action. With the right tools, training, and support, your organization can lead with confidence and resilience in an increasingly digital world. Together, we can make cybersecurity second nature—because when nonprofits stay secure, missions thrive. What’s Next As Cybersecurity Awareness Month continues, we’ll be spotlighting key insights from the upcoming Microsoft Digital Defense Report - a trusted annual resource that dives deep into emerging threats, evolving attack patterns, and actionable strategies tailored for nonprofits. This follow-up feature will offer timely intelligence to help your organization refine its security posture and stay ahead of the curve. Together, we can ensure nonprofits stay secure—so their missions continue to change lives.SharePoint and Power Apps: Managing Roles and Permissions
One of the key aspects of SharePoint security is managing permissions at the list or item level, which allows you to control who can view or edit the data. This granular control is essential for maintaining the integrity and confidentiality of sensitive information within your organization. By effectively managing permissions, you can ensure that only authorized personnel have access to specific data, thereby reducing the risk of unauthorized access. Whether you choose to restrict access to the entire list for simplicity or use item-level permissions for more advanced scenarios, SharePoint provides the tools you need to keep your data secure. Restrict Access to the Entire SharePoint List This happens in SharePoint itself, not Power Apps. You need to manage permissions at the list or item level: Go to your SharePoint site > Open the List. Click on the gear ⚙️ > List settings. Under Permissions and Management, click Permissions for this list. Stop inheriting permissions (click the ribbon command: Stop Inheriting Permissions). Remove default access groups (like "Members" or "Visitors"). Add a specific SharePoint group or individuals who should have full access —an admin or manager, not end users. End users will only interact with the list through Power Apps — they don’t need direct list access. Please keep in mind that if users need to edit entries, they must have access to the list. Without proper permissions, they won't be able to see or edit the list. The next user permissions option is ideal for users who need to edit their own entries. Use Item-Level Permissions in SharePoint This is only advisable if you can enforce it consistently: Go to List settings > Under Advanced settings. Scroll to Item-level Permissions. Choose: ✅ Read access: Only their own ✅ Create and Edit access: Only their own This works well only if users are submitting forms (e.g., time-off requests) that shouldn’t be visible to others. Prevent Users from Viewing or Editing Power App Code This is configured through Power Apps and Microsoft Admin Center. Limit Who Has Access to Edit the App In Power Apps Studio: Go to File > Share. Remove or do not add users as Co-owners. Instead, share as Users only — give them “Can use” permission. Use Environment Roles (Dataverse or Environment Scope) In the Power Platform Admin Center (https://admin.powerplatform.microsoft.com): Go to Environments > Click your environment > Security roles. Set roles so users: Are not Environment Admins or Makers. Only have User roles in production environments. Summary of What to Check: Task Where Goal Limit list access SharePoint List Settings Prevent users from directly viewing data Use item-level permissions SharePoint Advanced Settings Let users only see/edit their own submissions Limit app editing Power Apps Share Panel Ensure only owners can edit Secure environment roles Power Platform Admin Center Block access to Maker/Admin capabilities
