Scenario: Security Review Before Go-Live¶
Not every solution needs a full security review. But every solution needs the right one.
TL;DR
The go-live security review follows a risk-based three-mode model (SHIELD Inspect): Safe Zone (standard patterns, pre-approved), Pattern Approval (non-standard but low-risk), Full Review (complex, sensitive, or high-risk). Match the review mode to the solution's BOLT delivery tier and DIALOGE complexity. The goal is not to slow delivery — it is to make the right review fast and the right escalation clear.
Applies To
Audience: Security Architect · CoE Lead · Solution Maker · Delivery Manager Situation: Preparing a Power Platform solution for production release Frameworks: SHIELD · DIALOGE · BOLT
The Situation¶
A solution is ready — or nearly ready — for production. Before it goes live, it needs to be assessed for security, compliance, and architectural soundness. The challenge is matching the depth of review to the risk of the solution.
Over-reviewing every solution creates bottlenecks that push makers to avoid the process. Under-reviewing complex solutions creates compliance findings and incidents. This scenario defines the risk-based approach that gets both right.
The Sequence¶
Step 1 — Determine the delivery tier (BOLT)¶
The solution's BOLT delivery tier is the starting point for every go-live review. Tier determines complexity, ownership, and what governance applies.
| Tier | Typical Solutions | Go-Live Review |
|---|---|---|
| Tier 1 | Personal productivity, no sensitive data | No formal review required |
| Tier 2 | Business-led, standard connectors, internal data | Safe Zone or Pattern Approval |
| Tier 3 | Fusion team, complex integrations, regulated data | Pattern Approval or Full Review |
| Tier 4 | Enterprise strategic, full SDLC | Full Review mandatory |
If the tier is unclear, escalate to the Fusion Team Lead or CoE Lead before proceeding. Tier ambiguity at go-live usually means the solution has exceeded its original scope.
Step 2 — Assess solution complexity (DIALOGE)¶
DIALOGE maps the building blocks of the solution. Run through each pillar and note which are present — this determines what domains the security review must cover.
| DIALOGE Pillar | Present? | Security Domain |
|---|---|---|
| D — Data (Dataverse / external) | Data classification, RLS/CLS | |
| I — Integration (APIs, connectors) | Connector approval, credential management | |
| A — AI (Copilot, AI Builder) | AI governance, data residency | |
| L — Logic (flows, business rules) | Run-as credentials, error handling | |
| O — Operations (monitoring) | Logging, alerting configured | |
| G — Go-Live (ALM, deployment) | Deployment pipeline, solution history | |
| E — Experience (canvas app, portal) | Authentication, sharing model |
→ DIALOGE Overview · DIALOGE: Go-Live
Step 3 — Apply the three-mode review model (SHIELD: Inspect)¶
With tier and complexity established, select the review mode. SHIELD Inspect defines the three modes:
Mode 1 — Safe Zone Solution uses only pre-approved patterns: standard connectors, no regulated data, Tier 1 or Tier 2, standard authentication. No formal review required — maker self-certifies against the Safe Zone checklist.
Mode 2 — Pattern Approval Solution deviates from standard patterns in low-risk ways (a connector not on the pre-approved list, a non-standard authentication pattern, moderate data sensitivity). Reviewed by the CoE Lead or Security Architect against the Pattern Library. Decision in 2–3 business days.
Mode 3 — Full Review Solution involves regulated data (financial, HR, health), complex integrations, AI with personal data, Tier 3 or Tier 4 complexity, or external users. Full architecture and security review required. Security Architect + CISO sign-off. Timeline agreed case by case.
Step 4 — Verify controls are in place (SHIELD: Enforce + Harden)¶
Regardless of review mode, confirm the following controls before go-live:
- [ ] DLP policies applied to the target environment
- [ ] Solution connections use service accounts, not personal credentials
- [ ] Sensitive data fields have column-level security applied
- [ ] Sharing is restricted to named groups, not "everyone"
- [ ] Monitoring and alerting is configured
- [ ] Solution is in source control (Tier 3/4 mandatory, Tier 2 recommended)
→ SHIELD: Enforce · SHIELD: Harden · Go-Live Security Checklist
Step 5 — Complete the deployment (DIALOGE: Go-Live + SCALE-OPS: Lifecycle)¶
With review complete, deploy through the approved pipeline. For Tier 3 and 4 this means a managed deployment pipeline, not manual export/import.
→ DIALOGE: Go-Live · SCALE-OPS: Lifecycle
Common Mistakes¶
| Mistake | Consequence | How to Avoid |
|---|---|---|
| Same review process for all solutions | Bottleneck for simple solutions, insufficient for complex ones | Match review mode to tier and complexity |
| Connections running under maker's personal account | Solution breaks when maker leaves | Mandate service accounts for Tier 2+ |
| Security review at the end of development | Findings require significant rework | Involve Security Architect from Tier 3 design stage |
| No solution history in source control | Cannot audit changes or roll back | Enforce source control from Tier 2+ |