Security and sovereignty controls in Dataverse and Power Platform
Security controls
Security is the foundation of sovereignty. To ensure a successful deployment of Cloud for Sovereignty solutions in Dataverse or Power Platform environments, we recommend that you go through the following resources to understand the security, privacy, and sovereignty features available to support sovereign requirements for data residency and access control.
For an overview of the security controls that can help you protect your data and prevent unauthorized access to Dataverse, see Protect your data with Dynamics 365 security controls - Dynamics 365 | Microsoft Learn.
Datacenter security describes how your data is physically protected from external and internal threats in the Azure regional data centers.
Follow the secure-by-design guidelines and controls and use best practices to secure and govern your Microsoft Power Platform environments to start your sovereignty journey from a secure baseline.
For more guidance in setting up your Dataverse and Power Platform environments to be both secure and sovereign, review these resources:
- Data storage and governance in Power Platform
- What is Microsoft Dataverse?
- Security concepts in Microsoft Dataverse
To get a detailed overview of data locations and availability controls across all Dynamics 365 and Power Platform services, see Dynamics 365 and Power Platform CY22-Q4-Trust documentation.pdf
To get more specific insights on secure implementation of Microsoft Dynamics, see Updated Scalable Security Modeling white paperDataverse and Power Platform provide fine-grained and multi-level access control that can help administrators ensure that their users and applications comply with sovereignty requirements. These controls are described in this article.
Sovereignty controls
Besides security, correct configuration of sovereign controls can help you to establish your sovereignty baseline.
Data residency and multi-geo deployments
When you sign up for Power Platform services, you choose a country/region that maps to the most suitable Azure geography where a Power Platform deployment exists. Data residency ensures that customer data is stored in the tenant's assigned Azure geography (or home geo).
If you're a global organization, multi-geo deployments lets you store data in specific regions to comply with local regulations. In multi-geo deployments, metadata remains in the home geo, while metadata and actual data resides in the remote geo. Microsoft can replicate data to other regions for data resiliency.