Power Platform governance capabilities continue to expand and this latest addition allows organizations using Azure Active Directory (AAD) to secure resources with finer granularity in Power Apps. For instance, apps with sensitive data can enforce one or more Conditional Access policies. You can decide additional apps that would need to enforce any Conditional Access policies based on your organizations policies.. Conditional Access no longer needs to be an all-or-nothing-application across all Power Apps. This finer granularity of Conditional Access on individual apps is available in public preview, this support leverages Azure AD’s Conditional Access authentication context which is also in preview.
The granular application of Conditional Access enables many scenarios including:
- Some but not all apps can require end-users to perform Multi-factor authentication.
- Some but not all apps can require end-users to be connected to their Intranet to access the app.
- Some but not all apps require end-user connect from a device that is compliant with the organization’s device management policies.
- All members of an Azure AD tenant can access Power Apps mobile while a subset of individuals can access apps presented to everyone in the tenant.
- Different Conditional Access policies can be applied to an app that exists in different environments, e.g. Dev, UAT, Production environments.
The following screenshots illustrate the experience when end-users are required to perform Multi-factor authentication when an individual app is launched.
Power Platform admins can use this capability today. To get started, it’s recommended you proceed with these steps:
- Audit your Azure AD Conditional Access policies
- Audit canvas apps where you’re interested in applying Conditional Access policies
- Create Conditional Access authentication contexts for each policy you wish to apply to an app. Note, this may require partnering with another admin in your organization to create the required Conditional Access policies or authentication contexts.
- Add authentication contexts to your preferred apps.
You can watch a Power CAT Live video highlighting this capability which includes a demo here.
You can find the full documentation here.
Stay tuned, we expect to introduce respecting Conditional Access on other individual Power Platform resources in the future.