Power Platform – Security update to “Http With Microsoft Entra ID (preauthorized)” connector [MC901932]

Power Platform – Security update to “Http With Microsoft Entra ID (preauthorized)” connector [MC901932]

We are announcing an update to the “Http With Microsoft Entra ID (preauthorized)” (sometimes called “Webcontents”) connector to enhance security. This change will begin rolling out on October 25, 2024, and will complete worldwide rollout November 15, 2024. As part of this change, a new connection type will be added that uses a first party app with no permissions attached. This is to ensure the best practices are followed by limiting security exposure to only what is required. Coinciding with this change, the name of the connector will be updated to “Http With Microsoft Entra ID”, removing “(preauthorized)” from the name.

How does this affect me?
Existing connections will continue to work. We will follow up at a later date when existing connections need to be migrated to the new connection type.

If the actions recommended below are not taken, new connections made after October 25, 2024, will fail.

What do I need to do to prepare?

  1. Please follow the steps listed at this linked article to add the required permissions to the first part app being used by the connector prior to October 25, 2024.
  2. Perform a test by adding a connection in the “Http With Microsoft Entra ID” (sometimes called WebcontentsV2) connector to make sure everything works fine.

Source: Microsoft

Show 1 Comment

1 Comment

  1. Mike Rosoft

    The upcoming update to the “Http With Microsoft Entra ID (preauthorized)” connector is here to enhance security for admins and users alike. Starting on October 25, 2024, and completing the worldwide rollout by November 15, 2024, this change aims to tighten security measures by introducing a new connection type that uses a first-party app with no attached permissions. This adjustment ensures that security exposure is minimized to only what is necessary. As part of this update, the connector will be renamed to “Http With Microsoft Entra ID”, bidding farewell to the “(preauthorized)” tag.

    Now, how does this impact you? Well, fret not! Existing connections will continue to function smoothly. However, a heads-up: for new connections made after October 25, 2024, without taking the recommended actions, they might hit a roadblock and fail to establish.

    To prepare for this security boost, here’s what you need to do:
    1. Follow the steps outlined in this linked article to add the required permissions to the first-party app before October 25, 2024.
    2. Test the waters by adding a connection in the “Http With Microsoft Entra ID” (also known as WebcontentsV2) connector to ensure everything runs like a well-oiled machine.

    Remember, a little preparation goes a long way in ensuring a smooth transition to the updated connector. Stay secure, stay connected, and happy connecting!

Leave a Reply

Your email address will not be published. Required fields are marked *