Free Security Tools

Gain Visibility into Security Risks and Issues on
Power Platform

Don’t ignore risks and vulnerabilities introduced by citizen development. Use our free security tools to understand this rapidly growing attack surface and your company’s exposure better. 

Header Security Tools

QUICK NAVIGATION:   POWER PLATFORM DISCOVERY   |   POWER BI ANALYZER   |   FAQs   |   CONTACT US

Attack Surface Assessment Tool for Power Platform

With citizen developers’ widespread adoption of Microsoft Power Platform, security teams are challenged to evaluate the risks and vulnerabilities this shadow engineering creates.

To assess your risk exposure, Nokod developed a lightweight, open-source assessment tool that you can easily run locally/on-premise. Its purpose is to provide a quick and informative view of your Power Platform environments, both development and production.  The results will help you understand the scope and scale of your attack surface and highlight prominent security issues.

The assessment tool is available on GitHub. 

Power Platform Assessment Report Example

Receive a report with stats on your environments, components, connectors, and insights into vulnerabilities

NEED HELP WITH THE TOOL?

Power BI Analyzer

Power BI Online Search

Attackers can easily find countless Power BI reports published on the web with the help of search engines.

This project contains two tools for detecting unused data sources in your Power BI (Microsoft Fabric) reports. These tools analyze the reports’ data models and identify columns not used in visualizations. Unwanted access to this data can pose a security risk, and it is essential to identify and remove unused columns to reduce the risk of data breaches.

On June 19, 2024, Nokod Security published a warning about the easy exploitation of a data leakage vulnerability in the Microsoft Power BI service. This vulnerability potentially affects tens of thousands of organizations and allows anonymous Internet viewers to access sensitive data, including employee and business data, PHI, and PII. For details about the exploit, visit our blog

Power BI Analyzer offers two simple, open-source tools for organizations to assess their exposure to this vulnerability. It is available on GitHub.

TOOL 1 - INTERNAL, OVER-SHARED REPORTS

This tool includes a Python module that interacts with the Power BI API. It sends requests to get the list of all reports shared with the entire organization and analyzes them to detect unused data sources.

TOOL 2 - REPORTS PUBLISHED TO THE WEB

This tool includes a Python module that processes a CSV file with a list of all the URLs of reports published to the web in your company and analyzes the reports to detect unused data sources.

NEED HELP WITH POWER BI ANALYZER?

  • Watch below short installation guides
  • Have a look at our FAQs
  • Reach us at [email protected]

Frequently Asked Questions

We designed these tools with security teams in mind. They are challenged by shadow engineering and are outnumbered by the amount of newly created apps. Using our tools will give them a first evaluation of the attack surface’s size. 

Of course, platform administrators and owners who are concerned about security can also benefit from running the tools. 

Yes, all enterprises can use them.

To keep the screens swift, please note that organizations with more than ten environments will receive scans of their top ten environments.

 

Other tools, especially those by Microsoft, are often used with CoE (Center of Excellence) to assess an organization’s adoption level. They do not have a security focus like Nokod’s tools. 

There is also a technical difference, as other tools require establishing a new environment. In other words, those tools run “inside” the Power Platform. Nokod’s tools are lightweight, do not require a separate Power Platform environment, and ask for read-only permission only.  

You need the following prerequisites: 

  • You must have Python installed.
  • To run the Power Platform Discovery, you must be an Admin of at least one environment.
  • To run the PowerBI Analyzer, you must have Fabric Admin or Global Admin access.

    You need the following prerequisites: 

    • You must have Python installed.
    • To run the Power Platform Discovery, you must be an Admin of at least one environment.
    • To run the PowerBI Analyzer, you must have Fabric Admin or Global Admin access.

      You need the following prerequisites: 

      • You must have Python installed.
      • To run the Power Platform Discovery, you must be an Admin of at least one environment.
      • To run the PowerBI Analyzer, you must have Fabric Admin or Global Admin access.

Our answers. Hold on tight. Coming soon!

Talk with our Power Platform Security Experts.

Discuss your findings and concerns with us! 
We hope you found our evaluation tools helpful. Feel free to contact us and get further evaluations, benchmarks, and remediation tips.

We are also happy to show you how Nokod Security can benefit you, your team, and your organization. Experience how to effectively secure your Power Platform apps, automations, and reports. 

Nokod's Security Solution allows you to:

Discover all your organization’s  applications, automations, and reports on Power Platform.

Automatically detect security issues and vulnerabilities.

Empower citizen developers and security teams to deal with threats right away. 

Place citizen development under your policies to reveal governance and compliance issues.

Make using Power Platform more secure.
Let's meet.

Scroll to Top