Introduction to Power Pages
Power Pages is a user-friendly SaaS platform that helps businesses create secure, custom business websites. It empowers developers of all skill levels to rapidly build and deploy tailored sites for consumers, partners, and internal stakeholders. With its emphasis on security, scalability, and ease of use, Power Pages offers a robust solution for developing external-facing web applications efficiently.
Why Choose Power Pages?
Built on the Microsoft Azure ecosystem, Power Pages is designed to meet the increasing demand for secure, scalable online services. Its ability to support pro and low-code developers makes it a preferred choice across the national security and healthcare industries. This white paper explores its key features, architecture, and secure data access capabilities.
Capabilities of the Power Pages Platform
The Power Pages Platform consists of two main layers offering robust capabilities for building and managing business websites.
Layer 1: Enterprise-Grade Core Platform
Dataverse ensures secure and compliant business data management while integrating robust authentication and authorization for controlled access. It also offers advanced site administration tools and guarantees seamless responsiveness across mobile, desktop, and tablet devices.
Layer 2: Website Development Assets
This layer offers an intuitive website builder with a drag-and-drop interface, enabling easy customization through Visual Studio and VS Code. Power Pages works effortlessly with GitHub and Azure DevOps to support continuous deployment, offers pre-built templates to speed up development, and links with tools like Power BI, Power Automate, and Power Virtual Agents to expand its capabilities.
Architecture of Power Pages
Power Pages is hosted on Microsoft Azure, offering several key advantages:
- Elastic Scaling: Automatically adjusts resources to maintain optimal performance.
- High Availability: Reduces downtime and ensures a reliable user experience.
- Platform Layer Security: Implements security measures to defend against threats.
- Automated Security Patching & Upgrades: Ensures continuous protection through Azure’s automated updates.
- Advanced Threat Protection: Strengthens security by using smart tools to detect and respond to potential threats.
Additionally, Power Pages ensures global accessibility and can be further secured with a Web Application Firewall (WAF) to monitor and block malicious requests, protecting against threats like SQL injection and cross-site scripting.
Authentication & Authorization in Power Pages
Authentication
Power Pages leverages the Microsoft Identity Platform for secure authentication, supporting industry-standard protocols such as OAuth 2.0, OpenID Connect, WS-Federation, and SAML 2.0. It seamlessly integrates with identity providers like Azure AD, Google, and Okta, enabling advanced security features such as Conditional Access and Multi-Factor Authentication (MFA). Once authenticated, users are linked to Contact records in Dataverse for streamlined profile management.
Authorization
Power Pages uses authorization to oversee access to distinct website resources, including business data and content, to uphold security and organization. It follows a Role-Based Access Control (RBAC) model, where users are assigned Web Roles to define their permissions. Additionally, Table Permissions regulate access to business data, while Page Permissions control visibility to website content. The next section explores these three key elements in detail.
Managing Access in Power Pages
- Web Roles: Power Pages uses web roles to manage user access and permissions. Both authenticated and anonymous users can be assigned specific roles that determine their access rights. Users can hold multiple roles, allowing them to combine different levels of access.
- Table Permissions: These permissions regulate access to business data displayed on the website, including lists, forms, and APIs. Makers can define various access levels for Dataverse table records and implement column-level permissions for precise data control. Since these permissions are linked to web roles, users receive appropriate access based on their assigned roles.
- Page Permissions: To enhance security, website pages containing content or interactive components can be restricted using page permissions. These permissions are mapped to web roles, ensuring users can only access the pages relevant to their roles.
Multi-Layered Security Architecture
Power Pages follows a Defence-in-Depth approach to security, using several layers of protection to help prevent unauthorized access. By leveraging the inherent security features of Microsoft and the Power Platform, it minimizes the likelihood of breaches and enhances the security of both the site and data. This section outlines the seven key security layers that fortify Power Pages:
- Physical Security: Microsoft’s global Azure data centers enforce strict access restrictions.
- Network Security: Ensures data is secure during transit, preventing unauthorized interception.
- Identity & Access Management: Manages user identities and permissions.
- Application Security: Protects against vulnerabilities and cyber threats.
- Data Security: Encrypts data both at rest and in transit.
- Security Monitoring & Logging: Tracks and responds to security events.
- Compliance & Governance: Ensures adherence to legal and industry security standards.
Physical Security
Power Pages is hosted on Azure App Service, ensuring high reliability and a fully managed infrastructure. It complies with strict security and regulatory standards, offering robust protection. Microsoft maintains the physical security of its global data centers, restricting access to authorized personnel only, thereby strengthening overall security and minimizing risks.
Features of Power Apps Portals
Power Apps Portals, a key component of Power Pages, provide a range of features that enhance customization, integration, and content management:
- Customization: Power Apps Portals offer extensive customization options for appearance, functionality, and branding. With a wide range of templates and themes, businesses can quickly customize the portal to reflect their brand.
- Forms & Data Capture: Users can seamlessly transfer data to backend systems using intuitive forms. Power Apps Portals support multiple data types, including text, numeric values, dates, and file attachments, ensuring efficient data collection.
- Integration: Power Apps Portals connect with external systems like Dynamics 365, SharePoint, and the Common Data Service. Additionally, it supports webhooks and APIs, enabling smooth integration with custom applications.
- Content Management: The platform includes essential content management features such as version control, approval workflows, and content reuse, ensuring streamlined content updates.
- Search Functionality: A powerful search engine that allows users to quickly find relevant content within the portal, enhancing accessibility and efficiency.
Conclusion
Power Pages offers an intuitive yet powerful platform for developing responsive and secure business websites. With seamless Microsoft Dataverse integration, robust security, and extensive customization options, it simplifies website creation while ensuring compliance and data protection. Whether you are a professional developer or a business user, Power Pages provides a streamlined solution to enhance your organization’s online presence with confidence.
