Skip to content

How to Protect Your Organization After Running PowerPWN

AvishaiEZen edited this page Oct 7, 2024 · 1 revision

Harden your Power Platform tenant

Find all overshared credentials, apps and automations

Use powerpwn dump -v <TenantId> with a guest account to find every resource they have access to.

Restrict the "Everyone" special group

Disclaimer:

Note that guests could gain access to credentials, apps and automations through direct or indirect (groups) sharing, not just the "Everyone" special group.

As a Power Platform administrator, you can also use the following PowerShell scripts. Thank you to Microsoft Security Response Center (MSRC) for providing these scripts.

Edit: these cmdlets are not available yet, use powerpwn instead. Waiting for an update from MSRC and leaving them here for clarity.

Find existing connections and apps

Find connections shared with the "Everyone" special group:

Get-EveryoneConnections -EnvironmentName <EnvironmentGuid>
# Found 8 connections........WARNING: Connection: <ConnectionGuid> (shared_sql) in Environment: <EnvironmentGuid> is shared with the whole tenant

Find apps shared with the "Everyone" special group:

Get-EveryoneApps -EnvironmentName <EnvironmentGuid>
# Processing environment <EnvironmentGuid>                                                                                                                            # Found 3 apps 
# WARNING: App: <AppGuid> (<AppName>) in Environment: <EnvironmentGuid> is shared with the whole tenant

Prevent new connections and apps from being shared with "Everyone"

Use the following PowerShell scripts as a Power Platform administrator. Thank you to Microsoft Security Response Center (MSRC) for providing these scripts.

Revoke user's ability to share with the "Everyone" special group:

$tenantSettings = Get-TenantSettings
$tenantSettings.powerPlatform.powerApps.disableShareWithEveryone = $true
Set-TenantSettings $tenantSettings

Harden your EntraID tenant

EntraID allows you to restrict who can invite guests and which directory properties those guests would have access to. We suggest limiting guest invite permissions to administrative roles. While limiting access to directory properties won't help the threat vectors that powerpwn illuminates, it might be a good idea anyway.

image