Security & Trust
Built so your security teams can say “yes”
Power Platform ToolBox ships with a pragmatic, transparent security posture so information security reviewers can quickly evaluate risk, understand data flows, and approve usage inside their organization.
Architecture in plain language
PPTB is a cross-platform desktop shell that securely downloads community-built tools from GitHub releases, validates file integrity, and runs them locally within the user's operating system. No customer data is routed through PPTB servers—administrators retain full control over credentials and environments.
- Data storage
- No persistent customer data is stored on PPTB infrastructure. Settings live locally on the user's device.
- Authentication
- Uses Microsoft Entra ID (Azure AD) OAuth flows via the official MSAL libraries for sign-in to Microsoft cloud services.
- Distribution
- Installers are signed and distributed from GitHub, allowing organizations to mirror or validate packages internally.
Security controls at a glance
- ✅ Least privilege: Tools request credentials only when needed, and nothing is stored without user consent.
- ✅ Signed releases: We rely on GitHub release signing plus community validation to detect tampering before distribution.
- ✅ Transparent code: The entire stack is open-source so internal security teams can audit, fork, or build custom policies.
- ✅ Network awareness: The desktop client only communicates with GitHub APIs, Microsoft identity endpoints, and the organization's own Dataverse/Power Platform services.
- ✅ Dependency hygiene: Automated Dependabot alerts and manual reviews keep OSS libraries patched.
For security reviewers
Artifacts we provide
- • Software bill of materials (SBOM) upon request
- • Threat model outline with data-flow diagrams
- • Secure coding checklist aligned to OWASP
- • Release notes documenting security fixes
What we ask from you
- • Validate the GitHub org and release signatures
- • Distribute installers via your approved channels
- • Enforce endpoint protection policies for the client
- • Share findings so we can harden the platform
Review our existing security documentation in the repository atdocs/security.
Need deeper details?
We gladly partner with enterprise security, compliance, and procurement teams. Reach out for white-glove reviews, questionnaire support, or architecture walkthroughs.