MS.POWERPLATFORM.1.1v1 - The ability to create production and sandbox environments SHALL be restricted to admins.

Information

Users creating new Power Platform environments may inadvertently bypass data loss prevention (DLP) policy settings or misconfigure the security settings of their environment.

Solution

1. Sign in to your tenant environment's respective [Power Platform admin
center](https://learn.microsoft.com/en-us/power-platform/admin/powerapps-us-government#power-apps-us-government-service-urls).

2. In the upper-right corner of the Microsoft Power Platform site, select the Gear icon (Settings icon).

3. Select Power Platform settings.

4. Under Who can create production and sandbox environments, select Only specific admins.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-16, 800-53|AC-20, 800-53|AC-23, 800-53|CA-3, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|SA-8, 800-53|SA-9, 800-53|SC-7, 800-53|SC-28, 800-53|SC-31, 800-53|SI-3, 800-53|SI-4, 800-53|SI-10, 800-53|SI-15

Plugin: microsoft_azure

Control ID: 56a4ac78d08dc6f6c0abbf0a0315e991d8af983d7d064989538315123f3bd66e