search

cisagov / ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
1.76k stars 226 forks source link

New Power Platform Policy: Disable sharing PowerApps by default #1097

Open buidav opened 6 months ago

buidav commented 6 months ago

💡 Summary

By default, users can share their Power Apps with everyone in the tenant. Several recent hardening guides for Power Platform suggest disabling this capability.

Motivation and context

Add additional baseline policies for Power Platform.

Implementation notes

Add baseline policy to and necessary PowerShell/Rego code to check for this policy.

Note that this setting does not have a GUI. It must be configured through Power Apps PowerShell.

$tenantSettings = Get-TenantSettings
$tenantSettings.powerPlatform.powerApps.disableShareWithEveryone = $true
Set-TenantSettings $tenantSettings

Acceptance criteria

wintec01 commented 3 months ago

@buidav , was this setting introduced to all O365 tenants and set to disableShareWithEveryone : True by default for everyone?