Security logging for external users refers to tracking and recording the activities of users who access your portal without being part of your organization’s internal network. This typically includes users who interact with your Power Pages (formerly Power Apps Portals) site using their external credentials, such as Microsoft accounts, LinkedIn profiles, or other third-party identity providers.
Having security logging in place for external users helps ensure that their actions are monitored for suspicious activity, compliance, and troubleshooting purposes. It also enhances the ability to quickly detect any potential security threats, such as unauthorized access or data manipulation.
This guide will help you understand how to implement and manage security logging for external users in Power Pages.
1. Understanding the Security Needs for External Users
External users typically have different security considerations compared to internal users:
- Authentication: External users authenticate using external identity providers, like Azure Active Directory (Azure AD), LinkedIn, or other federated identities.
- Permissions: External users may have limited access to certain resources compared to internal users, and their access should be carefully controlled and logged.
- Activity Monitoring: Logging activities such as login attempts, failed login attempts, page views, form submissions, and any changes they make to portal data is important for security auditing and compliance.
2. Setting Up Security Logs in Power Pages
Power Pages leverages Dataverse to manage external users, and you can use Audit Logs and Dataverse security features to track activities. Here’s a step-by-step guide to setting up security logging for external users:
a) Enable Auditing in Dataverse
Auditing in Dataverse allows you to track and record activities such as create, update, delete, and login actions for entities. The first step in security logging is to ensure that auditing is enabled for the relevant entities.
- Go to Power Platform Admin Center:
- Navigate to the Power Platform Admin Center.
- Choose the Environment where your Power Pages is located.
- Enable Auditing:
- Under the Settings section, go to Audit Settings.
- Enable auditing for entities such as Contact, User, and any other entities that store external user data.
- Ensure that the Audit Log is enabled for the entities you want to track, such as form submissions or user access records.
- Configure Audit Details:
- Decide which actions you want to audit. This could include logging when a user:
- Logs in or logs out
- Submits a form
- Updates or deletes records
- Accesses certain pages
- Decide which actions you want to audit. This could include logging when a user:
- Set Audit Log Retention Policies:
- It’s important to set up retention policies for your audit logs to comply with data retention regulations. Define how long audit logs will be stored and when they will be deleted or archived.
b) Track External User Authentication
Power Pages allows you to integrate various authentication providers such as Azure AD B2C or third-party identity providers (e.g., LinkedIn, Google). Security logging for external users should capture authentication events, including:
- Login Attempts: Track successful and failed login attempts.
- Session Management: Record the start and end of user sessions.
- Password Resets: Track events related to password changes and resets.
To track external user authentication:
- Monitor Sign-in Activity:
- Use Azure AD Sign-In Logs if you are using Azure AD or Azure AD B2C as your identity provider. These logs contain detailed information about user sign-ins, including:
- Authentication method
- Location
- Device and platform information
- Successful or failed sign-ins
- You can access the Sign-In Logs from the Azure portal under Azure Active Directory > Sign-ins.
- Use Azure AD Sign-In Logs if you are using Azure AD or Azure AD B2C as your identity provider. These logs contain detailed information about user sign-ins, including:
- Integrate with Power Automate:
- Use Power Automate to set up flows that trigger when a user logs in, logs out, or fails authentication. This can help capture custom events for tracking in Dataverse or for additional logging.
c) Use Security Logs for Auditing Data Access and Changes
External users often interact with Power Pages through form submissions, content updates, or data access. It’s essential to track these activities for security and compliance purposes.
- Track Data Access:
- Monitor when external users view or interact with sensitive data, such as their own personal information or records they are permitted to access.
- Use Dataverse Audit Logs to track record views, especially for sensitive entities.
- Track Data Modifications:
- Auditing should also cover when external users modify data within the portal. For example, if users update their contact details or submit feedback, these changes should be recorded in the audit trail.
d) Custom Logging of External User Activities
For more detailed or specific security logging requirements, you can create a custom logging mechanism. This can be done by using Power Automate or Azure Functions to log external user actions such as:
- Clicking on a specific page
- Submitting a form
- Interacting with a custom app or widget on the portal
For example:
- Create a Custom Log Entity in Dataverse: Create a custom Security Log table to store user interactions that are not automatically captured by audit logs.
- Capture Key Details: Include fields like:
- User: The external user who interacted with the portal.
- Action Type: The type of action (e.g., “Form Submitted”, “Page Viewed”).
- Timestamp: The time the action was performed.
- IP Address: Capture the IP address for security purposes.
- Session ID: Store the session ID to track the user’s activity within a session.
- Create Power Automate Flows: Use Power Automate to log actions performed by external users. For example, you can create a flow that logs every time an external user submits a form or accesses a particular page.
e) Monitor User Behavior and Detect Anomalies
To strengthen security, you can use the audit logs to detect anomalous activities, such as:
- Excessive login attempts: Detecting brute-force attacks or failed login attempts.
- Suspicious activity: Flagging if a user accesses a large number of records or submits multiple forms within a short period.
For more advanced anomaly detection, you can integrate Power Pages with Azure Sentinel or other SIEM tools to monitor and analyze security logs.
3. Report and Review Security Logs
Once security logging is set up, you will need to review and report on the captured data to ensure that no suspicious or unauthorized activities are taking place.
a) Create Power BI Reports
You can integrate Dataverse with Power BI to create reports based on security logs. For example, you could create:
- A report on external user login activity.
- A dashboard showing the number of form submissions and whether any submission failed due to authentication issues.
- A report on user behavior, such as the pages they visited or the data they accessed.
b) Automate Alerts
Set up Power Automate or Azure Monitor to trigger alerts if certain conditions are met, such as:
- A high number of failed login attempts by an external user.
- Access to sensitive data outside of normal business hours.
4. Compliance and Data Privacy
Ensure your security logging meets the regulatory requirements for data privacy, such as:
- GDPR: Ensure that user data, especially external user data, is only logged for necessary purposes and stored for a compliant period.
- Data Minimization: Only log the minimum amount of data necessary for auditing purposes.
- Right to Access and Delete: Allow external users to request access to their own audit logs or request deletion of their data, if required by applicable laws.