We are announcing the General Availability of security enhancements for Storage Shared Access Signature (SAS) for the Microsoft Power Platform. These new security enhancements will be made available on October 1, 2024.
How does this affect me?
This security enhancement adds IP restrictions to SAS calls, which are used to provide data export to users or to collect data imports from users. This feature will allow tenant admins to configure the following controls at an environment level:
SAS IP Restrictions – This control will allow admins to add IP restrictions to SAS calls outlined in the below table and this documentation: Storage Shared Access Signature (SAS) IP restriction
Setting | Description |
---|---|
IP Binding Only | This restricts SAS keys to the requester’sIP. |
IP Firewall Only | This restricts using SAS keys to onlywork within an admin specified range. |
IP Binding and Firewall | This restricts using SAS keysto work within an admin-specified range and only to the requestor’s IP. |
IP Binding or Firewall | If the request comes from within thespecified range, its only usable within that range. If the request comes fromoutside the range, IP Binding is applied. |
Logging of SAS calls – This control enables all SAS calls within Power Platform to be logged into Purview. This logging shows the relevant metadata for all creation and usage events and can be enabled independently of the SAS IP restrictions. More information about this control can be found in this documentation: Logging of SAS calls
What do I need to do to prepare?
Admins can access and modify these controls in the Power Platform admin center by using the following path:
Environments > [Select Desired Environment] > Settings > Product > Privacy + Security > Storage Shared Access Signature (SAS) Security
If you experience any issues with this new feature or have additional questions, please contact Microsoft Support.
Source: Microsoft