{"id":237423,"date":"2026-04-24T05:03:32","date_gmt":"2026-04-24T05:03:32","guid":{"rendered":"https:\/\/osmosys.co\/uk\/?p=237423"},"modified":"2026-04-24T05:03:36","modified_gmt":"2026-04-24T05:03:36","slug":"power-platform-security-best-practices-before-go-live","status":"publish","type":"post","link":"https:\/\/osmosys.co\/uk\/power-platform-security-best-practices-before-go-live\/","title":{"rendered":"Power Platform Security Best Practices Before Go-Live: What UK Teams Should Lock Down First"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\n<p>On <strong>22 April 2026<\/strong>, the head of the UK\u2019s National Cyber Security Centre warned that the country faces a \u201cperfect storm\u201d for cyber security, driven by rapid <a href=\"https:\/\/osmosys.co\/blog\/dataverse-vs-sql-server-vs-onelake\/\">technological change<\/a> and geopolitical pressure. A month earlier, the UK Government\u2019s Cyber Action Plan reinforced that cyber resilience is no longer just an internal IT concern. It is now tied to continuity, assurance, and risk management across digital services. For organisations about to launch a Power Platform solution, that matters. A Power App or flow is no longer \u201cjust a tool\u201d once it touches customer records, employee data, service operations, or core business decisions.<\/p>\n\n\n\n<p>That message lands differently in the UK because the market has already seen what prolonged disruption looks like. In 2025, major British retailers including Marks &amp; Spencer, the Co-op, and Harrods dealt with cyber incidents, with M&amp;S suffering weeks of disruption to online orders and related operations. The lesson for business application teams is straightforward: weak security does not stay inside the IT function. It spills into revenue, operations, customer experience, and executive attention.<\/p>\n\n\n\n<p>This is exactly why <strong>power platform security best practices<\/strong> should be part of go-live planning, not a last-minute admin check. Under the UK GDPR, organisations must put in place \u201cappropriate technical and organisational measures\u201d to protect personal data, and the ICO makes clear that security includes confidentiality, integrity, availability, and regular testing of whether your controls are actually working.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#go-live-is-where-weak-design-becomes-a-business-risk\">Go-live is where weak design becomes a business risk<\/a><\/li><li><a href=\"#1-start-with-identity-not-with-screens\">1) Start with identity, not with screens<\/a><\/li><li><a href=\"#2-do-not-treat-the-default-environment-as-a-safe-long-term-home-for-serious-apps\">2) Do not treat the default environment as a safe long-term home for serious apps<\/a><\/li><li><a href=\"#3-design-dataverse-security-around-business-roles-not-around-convenience\">3) Design Dataverse security around business roles, not around convenience<\/a><\/li><li><a href=\"#4-use-dlp-policies-as-a-release-gate-not-as-clean-up-afterwards\">4) Use DLP policies as a release gate, not as clean-up afterwards<\/a><\/li><li><a href=\"#5-separate-dev-test-and-production-properly-and-use-managed-environments-where-they-matter\">5) Separate dev, test, and production properly and use Managed Environments where they matter<\/a><\/li><li><a href=\"#6-turn-on-auditing-before-you-need-to-investigate-something\">6) Turn on auditing before you need to investigate something<\/a><\/li><li><a href=\"#7-build-uk-gdpr-readiness-into-the-solution-design-not-only-into-the-policy-folder\">7) Build UK GDPR readiness into the solution design, not only into the policy folder<\/a><\/li><li><a href=\"#8-test-security-the-same-way-you-test-functionality\">8) Test security the same way you test functionality<\/a><\/li><li><a href=\"#a-practical-power-platform-go-live-checklist\">A practical Power Platform go-live checklist<\/a><\/li><li><a href=\"#faq\">FAQ<\/a><ul><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"go-live-is-where-weak-design-becomes-a-business-risk\">Go-live is where weak design becomes a business risk<\/h2>\n\n\n\n<p>Many Power Platform projects are approved because they solve a real business problem quickly. That speed is useful, but it also creates a pattern: teams spend most of their effort on process logic, screens, approvals, and integrations, then try to \u201cadd security\u201d close to release. In practice, that is usually too late. The security shape of a solution is set much earlier by identity design, environment strategy, connector policy, Dataverse role modelling, and audit choices. This is also consistent with UK guidance on data protection by design and with NCSC guidance that security should be built into system design, not bolted on afterwards.<\/p>\n\n\n\n<p>A good go-live decision should answer a harder question than \u201cdoes the app work?\u201d It should answer: <strong>who can access what, from where, using which connector paths, under which approvals, with which audit trail, and how quickly can we investigate or contain an issue if something goes wrong?<\/strong> That is the difference between a functional launch and a defensible one.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" data-src=\"https:\/\/osmosys.co\/wp-content\/uploads\/2026\/04\/2-3.png\" alt=\"Power Platform security best practices before go-live for Power Apps, Power Automate, and Dataverse\" class=\"wp-image-239840 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1-start-with-identity-not-with-screens\">1) Start with identity, not with screens<\/h2>\n\n\n\n<p>For UK organisations, the first serious security conversation should not be about the app UI. It should be about identity. Microsoft\u2019s guidance for Power Platform points to Conditional Access through Microsoft Entra ID as a core control, allowing access decisions based on user context and risk signals, including requirements such as multifactor authentication. The NCSC\u2019s identity and access guidance makes the same broader point: access management and MFA are foundational, not optional extras.<\/p>\n\n\n\n<p>That means your pre-go-live review should define which users need access, which users need privileged access, which service accounts or application users exist, and what extra conditions apply to high-risk scenarios. If a Power App handles HR cases, finance approvals, commercially sensitive pricing, or customer personal data, access from unmanaged devices or from broad shared identities should be challenged before release, not after an incident. This is not just platform hygiene. It is part of an appropriate, risk-based security posture under UK GDPR.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2-do-not-treat-the-default-environment-as-a-safe-long-term-home-for-serious-apps\">2) Do not treat the default environment as a safe long-term home for serious apps<\/h2>\n\n\n\n<p>One of the most common pre-go-live mistakes is allowing business-critical apps to remain in the default environment because the build started there and \u201cit works.\u201d Microsoft\u2019s documentation is clear that the default environment is shared across the tenant, and new users are automatically added to the <strong>Maker<\/strong> role in that environment. Microsoft also recommends governing the default environment actively, using Managed Environment capabilities and moving high-value apps out when they become widely used or business-critical.<\/p>\n\n\n\n<p>That matters because security and governance are harder when too many assets, makers, and connectors accumulate in one shared space. If you are preparing a production release for a UK business team, a sensible stance is this: personal productivity experiments can begin in the default environment, but anything that supports a real process, a regulated record, or a business dependency should move into a deliberately governed production environment before go-live.<\/p>\n\n\n\n<p>Microsoft has also introduced <strong>environment routing<\/strong>, but it is turned off by default. If you want makers directed into personal developer environments rather than continuing to build in the default environment, that must be configured intentionally. For teams trying to scale Power Platform securely, that small administrative choice has a big downstream effect.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3-design-dataverse-security-around-business-roles-not-around-convenience\">3) Design Dataverse security around business roles, not around convenience<\/h2>\n\n\n\n<p>If your solution uses Dataverse, your security model deserves its own design session. Dataverse uses a role-based security model, and Microsoft notes that privilege grants are <strong>accumulative<\/strong>, with the greatest amount of access prevailing. In plain English, if you casually stack roles to \u201cget things moving,\u201d you can end up granting broader access than intended. Microsoft\u2019s predefined roles are built around least privilege, which is usually the right starting point.<\/p>\n\n\n\n<p>This is especially important when your Power Platform solution sits alongside Dynamics 365 workloads such as Sales, Customer Service, or Field Service. In those cases, <strong>dataverse security<\/strong> is not a side topic. It is central to whether users see only the records they should see, whether teams have the right operational boundaries, and whether admins can later demonstrate that access was intentionally designed. That is why one of the strongest <strong>dynamics 365 security best practices<\/strong> is to map access to real job roles, business units, and teams before UAT sign-off, rather than handing out broad roles because testing is under time pressure.<\/p>\n\n\n\n<p>A practical rule helps here: if a user only needs to run the app, do not let them inherit maker-style permissions by accident. If a builder needs to customise data structures, understand that Environment Maker alone does not grant data privileges in Dataverse. Separate making, administering, and data access deliberately.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"4-use-dlp-policies-as-a-release-gate-not-as-clean-up-afterwards\">4) Use DLP policies as a release gate, not as clean-up afterwards<\/h2>\n\n\n\n<p>A lot of exposure in Power Platform does not come from \u201chacking the app.\u201d It comes from data moving through the wrong connectors, the wrong combinations of connectors, or flows built faster than governance caught up. Microsoft\u2019s data policies are designed as guardrails to reduce the risk of users unintentionally exposing organisational data. Connector classification is central to this: connectors can be put into <strong>Business<\/strong>, <strong>Non-Business<\/strong>, or <strong>Blocked<\/strong> groups, and data cannot be shared across connectors in different groups.<\/p>\n\n\n\n<p>That means your production release should not proceed until DLP policies are reviewed against the solution\u2019s actual connector pattern. If the app reads from SharePoint, writes to Dataverse, triggers email, calls an HTTP endpoint, or connects to third-party SaaS tools, your team should know exactly which combinations are allowed and why. This is particularly important in the UK market, where data protection, contractual commitments, and sector expectations often require evidence that data movement was intentionally controlled.<\/p>\n\n\n\n<p>One detail that often gets missed: when you create a new data policy, connectors are placed in the <strong>Non-Business<\/strong> group by default unless you classify them differently. That is a reminder that DLP is not \u201cdone\u201d just because a policy exists. It needs active design and review.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"5-separate-dev-test-and-production-properly-and-use-managed-environments-where-they-matter\">5) Separate dev, test, and production properly and use Managed Environments where they matter<\/h2>\n\n\n\n<p>A secure release is rarely possible if development, experimentation, and production live too close together. Microsoft positions environments as the container for different apps, data, roles, and target audiences, and Managed Environments add further control, visibility, and policy options for Power Platform at scale. In practice, this means your go-live plan should include an environment strategy, not just a deployment checklist.<\/p>\n\n\n\n<p>For a UK business audience, this is where the phrase <strong>secure by design<\/strong> should stop being branding language and become operational language. NCSC guidance says secure-by-design systems should minimise attack surface, keep data flows simple enough to monitor, protect service accounts, and manage configuration changes carefully. That aligns closely with good Power Platform discipline: isolate production, keep integrations intentional, avoid uncontrolled connector sprawl, document configuration changes, and do not let privileged administration blur into normal business use.<\/p>\n\n\n\n<p>If you are launching a business-critical solution, your release package should therefore include solution packaging, environment-specific configuration, production-only secrets and connections, and a clear ownership model for who can deploy, approve, or alter settings after go-live. That is what turns a low-code build into a controlled application lifecycle.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"6-turn-on-auditing-before-you-need-to-investigate-something\">6) Turn on auditing before you need to investigate something<\/h2>\n\n\n\n<p>Teams often discover the importance of logs only after a suspicious change, a data exposure, or a support escalation. Microsoft states that Dataverse auditing can record changes across supported tables and columns, and Power Platform activity logs can be surfaced in Microsoft Purview when the right prerequisites, permissions, and environment settings are in place. For production environments, this should be decided before go-live.<\/p>\n\n\n\n<p>This matters for both operations and compliance. If a record was changed, a role was modified, a flow behaved unexpectedly, or a user performed an action that later becomes part of an incident review, you need to know whether the evidence exists and where it lives. The ICO\u2019s guidance is also explicit that good security includes the ability to detect events and minimise impact, not simply to hope incidents never happen.<\/p>\n\n\n\n<p>A practical pre-release question is therefore: if an executive asks next week who accessed a sensitive record, which flow changed a business value, or whether a suspicious action can be investigated, do you already know how your team will answer? If the answer is vague, the app is not yet security-ready.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"7-build-uk-gdpr-readiness-into-the-solution-design-not-only-into-the-policy-folder\">7) Build UK GDPR readiness into the solution design, not only into the policy folder<\/h2>\n\n\n\n<p>For UK organisations, the legal context should not be handled as a separate paperwork exercise. The ICO defines a personal data breach as a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. It also states that organisations must protect personal data with appropriate technical and organisational measures, and that reportable breaches generally need to be notified within <strong>72 hours of discovery<\/strong>.<\/p>\n\n\n\n<p>In practical Power Platform terms, that means your go-live plan should answer questions such as these: what personal data is being processed, who is the data owner, which processors or third-party connectors are involved, how is access restricted, how is availability protected, and what restoration path exists if something fails. The ICO also stresses that security includes availability and the ability to restore access in a timely way. That is important for apps that support case handling, employee services, customer operations, or field processes where downtime itself can become a serious issue.<\/p>\n\n\n\n<p>This is where many teams improve quickly once the framing changes. They stop asking \u201cis the app secure?\u201d and start asking \u201ccan we explain, evidence, and defend how this app handles risk?\u201d That is a much better go-live question.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"8-test-security-the-same-way-you-test-functionality\">8) Test security the same way you test functionality<\/h2>\n\n\n\n<p>The UK GDPR does not just expect security measures to exist. The ICO says organisations need a process for regularly testing, assessing, and evaluating the effectiveness of those measures. NCSC guidance similarly points to regular vulnerability and security assessments as part of sound system security. So a Power Platform solution should not pass release simply because the form saves, the flow runs, and the dashboard loads.<\/p>\n\n\n\n<p>A better pre-go-live test pack includes role-based access tests, negative tests for users who should not see or edit certain records, DLP validation, connector path validation, audit log verification, approval segregation checks, and recovery or rollback considerations for critical components. In other words, do not just prove the app works for the right person. Prove that it fails safely for the wrong person.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"a-practical-power-platform-go-live-checklist\">A practical Power Platform go-live checklist<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" data-src=\"https:\/\/osmosys.co\/wp-content\/uploads\/2026\/04\/3-3.png\" alt=\"Power Platform security best practices before go-live for Power Apps, Power Automate, and Dataverse\" class=\"wp-image-239841 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<p>Before production release, UK teams should be able to say yes to the following:<\/p>\n\n\n\n<p>\u2192 Access is controlled through named identities and risk-aware policies, not broad shared access.<\/p>\n\n\n\n<p>\u2192 The app is not sitting indefinitely in the default environment just because that is where it started.<\/p>\n\n\n\n<p>\u2192 Dataverse roles are mapped to job responsibilities, reviewed for least privilege, and checked for cumulative access conflicts.<\/p>\n\n\n\n<p>\u2192 DLP policies and connector classifications reflect the actual data movement pattern of the solution.<\/p>\n\n\n\n<p>\u2192 Development, testing, and production are intentionally separated, with Managed Environment controls used where appropriate.<\/p>\n\n\n\n<p>\u2192 Auditing is enabled where needed, and investigation paths are clear before an incident occurs.<\/p>\n\n\n\n<p>\u2192 UK GDPR readiness has been considered in the design, including breach handling, access control, availability, and evidence.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"final-thought\">Final thought<\/h2>\n\n\n\n<p>The UK cyber conversation in April 2026 is not telling organisations to stop digitising. It is telling them to stop separating speed from control. Power Platform remains a strong way to deliver useful business applications quickly, but the closer those apps get to real operations and real data, the less room there is for informal security decisions. The right go-live standard is not \u201cgood enough for launch week.\u201d It is \u201cstrong enough to operate under scrutiny.\u201d<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" data-src=\"https:\/\/osmosys.co\/wp-content\/uploads\/2026\/04\/4-1.png\" alt=\"Power Platform security best practices before go-live for Power Apps, Power Automate, and Dataverse\" class=\"wp-image-239827 lazyload\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<p>If your team is preparing a release in Power Apps, Power Automate, or Dataverse, the best time to tighten security is before production, before scale, and before the app becomes difficult to unwind. That is what<a href=\"https:\/\/osmosys.co\/book-a-demo-2\/\"> <strong>power platform security best practices<\/strong> should mean in 2026.<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"faq\">FAQ<\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1776851598764\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Is Power Platform secure enough for business-critical use?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, but only when organisations use the platform\u2019s security and governance controls deliberately. Microsoft provides role-based Dataverse security, Conditional Access integration, DLP policies, Managed Environments, and auditing options, but those controls still need design, configuration, and review.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1776851629200\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Should production apps stay in the default environment?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>For anything widely used, regulated, or business-critical, that is usually a poor long-term choice. Microsoft recommends active governance of the default environment and moving high-value apps into more controlled environments.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1776851646326\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">What is the most overlooked security issue before go-live?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Usually it is not one dramatic flaw. It is a combination of weak role design, connector sprawl, casual use of the default environment, and limited audit readiness. That combination creates exposure even when the app itself appears to work well.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<div class=\"wp-block-group alignfull has-contrast-color has-text-color is-vertical is-content-justification-center is-layout-flex wp-container-core-group-is-layout-f1198d31 wp-block-group-is-layout-flex\" style=\"min-height:40vh;margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--60);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--60);padding-left:var(--wp--preset--spacing--50)\">\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" data-src=\"https:\/\/osmosys.co\/wp-content\/uploads\/2026\/03\/Osmosys-Logo-pictorial-1080x867.png\" alt=\"\" class=\"wp-image-239723 lazyload\" style=\"--smush-placeholder-width: 1080px; --smush-placeholder-aspect-ratio: 1080\/867;width:80px;height:auto\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Osmosys Software Solutions<\/p>\n\n\n\n<ul class=\"wp-block-social-links has-normal-icon-size is-style-logos-only is-nowrap is-layout-flex wp-container-core-social-links-is-layout-53bee8aa wp-block-social-links-is-layout-flex\"><li class=\"wp-social-link wp-social-link-linkedin  wp-block-social-link\"><a href=\"https:\/\/in.linkedin.com\/company\/osmosys_2\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M19.7,3H4.3C3.582,3,3,3.582,3,4.3v15.4C3,20.418,3.582,21,4.3,21h15.4c0.718,0,1.3-0.582,1.3-1.3V4.3 C21,3.582,20.418,3,19.7,3z M8.339,18.338H5.667v-8.59h2.672V18.338z M7.004,8.574c-0.857,0-1.549-0.694-1.549-1.548 c0-0.855,0.691-1.548,1.549-1.548c0.854,0,1.547,0.694,1.547,1.548C8.551,7.881,7.858,8.574,7.004,8.574z M18.339,18.338h-2.669 v-4.177c0-0.996-0.017-2.278-1.387-2.278c-1.389,0-1.601,1.086-1.601,2.206v4.249h-2.667v-8.59h2.559v1.174h0.037 c0.356-0.675,1.227-1.387,2.526-1.387c2.703,0,3.203,1.779,3.203,4.092V18.338z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">LinkedIn<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-facebook  wp-block-social-link\"><a href=\"https:\/\/www.facebook.com\/OsmosysSoftwareSolutions\/\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M12 2C6.5 2 2 6.5 2 12c0 5 3.7 9.1 8.4 9.9v-7H7.9V12h2.5V9.8c0-2.5 1.5-3.9 3.8-3.9 1.1 0 2.2.2 2.2.2v2.5h-1.3c-1.2 0-1.6.8-1.6 1.6V12h2.8l-.4 2.9h-2.3v7C18.3 21.1 22 17 22 12c0-5.5-4.5-10-10-10z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">Facebook<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-instagram  wp-block-social-link\"><a href=\"https:\/\/www.instagram.com\/osmosysindia\/\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M12,4.622c2.403,0,2.688,0.009,3.637,0.052c0.877,0.04,1.354,0.187,1.671,0.31c0.42,0.163,0.72,0.358,1.035,0.673 c0.315,0.315,0.51,0.615,0.673,1.035c0.123,0.317,0.27,0.794,0.31,1.671c0.043,0.949,0.052,1.234,0.052,3.637 s-0.009,2.688-0.052,3.637c-0.04,0.877-0.187,1.354-0.31,1.671c-0.163,0.42-0.358,0.72-0.673,1.035 c-0.315,0.315-0.615,0.51-1.035,0.673c-0.317,0.123-0.794,0.27-1.671,0.31c-0.949,0.043-1.233,0.052-3.637,0.052 s-2.688-0.009-3.637-0.052c-0.877-0.04-1.354-0.187-1.671-0.31c-0.42-0.163-0.72-0.358-1.035-0.673 c-0.315-0.315-0.51-0.615-0.673-1.035c-0.123-0.317-0.27-0.794-0.31-1.671C4.631,14.688,4.622,14.403,4.622,12 s0.009-2.688,0.052-3.637c0.04-0.877,0.187-1.354,0.31-1.671c0.163-0.42,0.358-0.72,0.673-1.035 c0.315-0.315,0.615-0.51,1.035-0.673c0.317-0.123,0.794-0.27,1.671-0.31C9.312,4.631,9.597,4.622,12,4.622 M12,3 C9.556,3,9.249,3.01,8.289,3.054C7.331,3.098,6.677,3.25,6.105,3.472C5.513,3.702,5.011,4.01,4.511,4.511 c-0.5,0.5-0.808,1.002-1.038,1.594C3.25,6.677,3.098,7.331,3.054,8.289C3.01,9.249,3,9.556,3,12c0,2.444,0.01,2.751,0.054,3.711 c0.044,0.958,0.196,1.612,0.418,2.185c0.23,0.592,0.538,1.094,1.038,1.594c0.5,0.5,1.002,0.808,1.594,1.038 c0.572,0.222,1.227,0.375,2.185,0.418C9.249,20.99,9.556,21,12,21s2.751-0.01,3.711-0.054c0.958-0.044,1.612-0.196,2.185-0.418 c0.592-0.23,1.094-0.538,1.594-1.038c0.5-0.5,0.808-1.002,1.038-1.594c0.222-0.572,0.375-1.227,0.418-2.185 C20.99,14.751,21,14.444,21,12s-0.01-2.751-0.054-3.711c-0.044-0.958-0.196-1.612-0.418-2.185c-0.23-0.592-0.538-1.094-1.038-1.594 c-0.5-0.5-1.002-0.808-1.594-1.038c-0.572-0.222-1.227-0.375-2.185-0.418C14.751,3.01,14.444,3,12,3L12,3z M12,7.378 c-2.552,0-4.622,2.069-4.622,4.622S9.448,16.622,12,16.622s4.622-2.069,4.622-4.622S14.552,7.378,12,7.378z M12,15 c-1.657,0-3-1.343-3-3s1.343-3,3-3s3,1.343,3,3S13.657,15,12,15z M16.804,6.116c-0.596,0-1.08,0.484-1.08,1.08 s0.484,1.08,1.08,1.08c0.596,0,1.08-0.484,1.08-1.08S17.401,6.116,16.804,6.116z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">Instagram<\/span><\/a><\/li>\n\n<li class=\"wp-social-link wp-social-link-youtube  wp-block-social-link\"><a href=\"https:\/\/www.youtube.com\/user\/OsmosysOfficial\" class=\"wp-block-social-link-anchor\" target=\"_blank\" rel=\"noopener\"><svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" focusable=\"false\"><path d=\"M21.8,8.001c0,0-0.195-1.378-0.795-1.985c-0.76-0.797-1.613-0.801-2.004-0.847c-2.799-0.202-6.997-0.202-6.997-0.202 h-0.009c0,0-4.198,0-6.997,0.202C4.608,5.216,3.756,5.22,2.995,6.016C2.395,6.623,2.2,8.001,2.2,8.001S2,9.62,2,11.238v1.517 c0,1.618,0.2,3.237,0.2,3.237s0.195,1.378,0.795,1.985c0.761,0.797,1.76,0.771,2.205,0.855c1.6,0.153,6.8,0.201,6.8,0.201 s4.203-0.006,7.001-0.209c0.391-0.047,1.243-0.051,2.004-0.847c0.6-0.607,0.795-1.985,0.795-1.985s0.2-1.618,0.2-3.237v-1.517 C22,9.62,21.8,8.001,21.8,8.001z M9.935,14.594l-0.001-5.62l5.404,2.82L9.935,14.594z\"><\/path><\/svg><span class=\"wp-block-social-link-label screen-reader-text\">YouTube<\/span><\/a><\/li><\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>On 22 April 2026, the head of the UK\u2019s National Cyber Security Centre warned that the country faces a \u201cperfect storm\u201d for cyber security, driven by rapid technological change and geopolitical pressure. A month earlier, the UK Government\u2019s Cyber Action Plan reinforced that cyber resilience is no longer just an internal IT concern. It is [&hellip;]<\/p>\n","protected":false},"author":44,"featured_media":237424,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","_lmt_disableupdate":"","_lmt_disable":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[52],"tags":[185,186,187,188,189],"class_list":["post-237423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dynamics-365","tag-dataverse-security","tag-dynamics-365-security-best-practices","tag-power-platform-go-live-checklist","tag-secure-by-design","tag-uk-gdpr-app-security"],"modified_by":"mounika","jetpack_featured_media_url":"https:\/\/osmosys.co\/uk\/wp-content\/uploads\/sites\/6\/2026\/04\/1-3.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/posts\/237423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/comments?post=237423"}],"version-history":[{"count":1,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/posts\/237423\/revisions"}],"predecessor-version":[{"id":237425,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/posts\/237423\/revisions\/237425"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/media\/237424"}],"wp:attachment":[{"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/media?parent=237423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/categories?post=237423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osmosys.co\/uk\/wp-json\/wp\/v2\/tags?post=237423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}