baref00t.io

// compliance / powerplatform

Power Platform Security Assessment

Global

Power Platform | Global

Assess your Power Platform governance posture. Environment controls, DLP policies, Power Automate security, Power Apps sharing, Power BI governance, and Copilot Studio controls.

Optional — full coverageOne optional step unlocks deeper coverage

These steps are optional. The assessment runs either way — if you don’t grant the access below, the related controls simply report “Not Assessed”. Grant it and baref00t assesses them too.

  • Power Platform management-app registration (optional)

    Optional

    Power Platform governance lives outside Microsoft Graph, and — unlike our read-only Graph scopes — Microsoft does not allow this registration to be scoped to read-only: the registered app gains Power Platform Administrator capability tenant-wide. Because it is not read-only, it is entirely optional. Register it and baref00t reads your environment + DLP configuration; skip it and the Power Platform-specific controls report "Not Assessed" — the Entra/M365 governance controls still run either way. Remove any time with Remove-PowerAppManagementApp.

    If you choose to enable full Power Platform coverage, run the following in PowerShell as a Global Admin or Power Platform Admin. This is optional — the assessment runs without it.

    Install-Module Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser
Add-PowerAppsAccount
New-PowerAppManagementApp `
  -ApplicationId 89f14c09-7eff-43ef-8f57-b793a0ae60cd
One-off
$449

Single report, no commitment.

Monthly
$229/month

Continuous monitoring — fresh report every 30 days.

Available in AUD, USD, GBP, EUR, SGD. MSP partners get volume discounts via the partner programme.

What it scores

POWE1

6 dimensions

Environments, DLP, Automate, Apps, BI, Copilot Studio

POWE2

Weighted governance score with actionable remediation

POWE3

DLP connector classification and gap analysis

POWE4

Environment sprawl and managed environment checks

POWE5

Power BI external sharing and sensitivity label review

POWE6

Rating

Well Governed / Partially / Gaps / Ungoverned

Microsoft APIs

  • Microsoft Graph (universal scopes, read-only across the tenant)
  • Azure REST (when the product reads Azure subscription posture)
  • Defender + Intune APIs where applicable

Customer prerequisites

  • Microsoft 365 tenant with admin-consent capability
  • Global Reader or equivalent for the consenting admin
  • No agent installs, no infrastructure changes required
  • Report delivered by email within 10 minutes of consent

Other Compliance

e8
Essential Eight ML1, ML2 & ML3 Assessment

Assess your compliance with the ACSC Essential Eight Maturity Model. Mandatory for Australian Government entities under

mcsb
Cloud Security Benchmark v2 Assessment

Assess your Azure and Microsoft 365 environment against the Microsoft Cloud Security Benchmark v2 — 14 control domains c

cism365
CIS Microsoft 365 Benchmark Assessment

Assess your Microsoft 365 tenant against the CIS Benchmark — the industry-standard security configuration guide recognis

See all Compliance Assessments