MS.POWERPLATFORM.5.1v1 - The ability to create Power Pages sites SHOULD be restricted to admins.

Information

Users may unintentionally misconfigure their Power Pages to expose sensitive information or leave the website in a vulnerable state.

Solution

1. This setting currently can only be enabled through the [Power Apps PowerShell modules](https://learn.microsoft.com/en-us/power-platform/admin/powerapps-powershell#installation).

2. After installing the Power Apps PowerShell modules, run `Add-PowerAppsAccount -Endpoint $YourTenantsEndpoint`. To authenticate to your tenants Power Platform.
Discover the valid endpoint parameter [here](https://learn.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/add-powerappsaccount?view=pa-ps-latest#-endpoint). Commercial tenants use `-Endpoint prod`, GCC tenants use `-Endpoint usgov` and so on.

3. Then run the following PowerShell command to disable the creation of Power Pages sites by non-administrative users.

Set-TenantSettings -RequestBody @{ "disablePortalsCreationByNonAdminUsers" = $true }

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-5, 800-53|AC-6, 800-53|CA-2, 800-53|CA-7, 800-53|CM-5, 800-53|CM-6, 800-53|CM-7, 800-53|CM-8, 800-53|IA-2, 800-53|IA-8, 800-53|RA-5, 800-53|SA-8, 800-53|SC-2, 800-53|SC-3, 800-53|SC-7, 800-53|SC-18, 800-53|SC-29, 800-53|SC-30, 800-53|SC-39, 800-53|SI-2, 800-53|SI-3, 800-53|SI-4, 800-53|SI-7, 800-53|SI-10

Plugin: microsoft_azure

Control ID: 4c0e89053c4196efcf14125c792d48007085f9db80d588f441ed6972d3d69823