Using the Power Pages Security Scan

Portals are often the front door to your organisation. Customers, partners, and even staff interact with them every day. But like any door, if the locks aren’t checked regularly, you could be inviting trouble.

That’s why Microsoft introduced the Power Pages Security Scan feature. It’s designed to help admins and makers spot vulnerabilities in their Dynamics 365 portals before attackers do.

Why security scans matter

Even with best intentions, it’s easy for small configuration issues to creep in:

• A table permission left too broad

• An authenticated page exposed publicly

• Custom scripts with unsafe references

These are the kinds of gaps that can turn a business-critical portal into a risk surface. Manual reviews are possible, but they’re time-consuming and inconsistent. The new security scan automates this process.

How the scan works

1. Navigate to your portal in Power PagesIn the Security tab, you’ll now see a Security Scan option.

2. Run the scan The tool crawls your portal setup, checking for common misconfigurations like:

   • Overly permissive table permissions

   • Anonymous access to sensitive pages

   • Inline scripts that might pose a cross-site scripting (XSS) risk

3. Review the report

   Results are categorised by severity, making it easy to prioritise fixes

Example output

Think of it as an automated checklist. Instead of digging through dozens of permissions manually, you get a report like:

• Critical: Anonymous access to Contacts table

• Warning: Authenticated page exposes email addresses

• Pass: Web roles correctly scoped

  
  

This isn’t just handy for day-to-day admins — it’s gold for audits and compliance checks.

Making it part of your governance process

The real power comes when you treat the security scan as part of a routine:

• Before go-live: Run a scan to catch issues early.

• On a schedule: Add a quarterly reminder for admins to run scans.

• After major updates: Anytime you publish new pages or tweak permissions.

For larger organisations, you can even export scan results and store them alongside your compliance evidence.

Wrapping up

Portals extend Dynamics 365 out into the world, but that reach also means risk. The Power Pages Security Scan is a lightweight, built-in way to catch the obvious mistakes before they become costly incidents.

If your organisation relies on portals, don’t treat this as a one-off check. Bake it into your governance cycle, and you’ll turn what used to be a painful manual process into a quick, repeatable step that keeps your portals, and your data, safe.