Security is a big concern among organizations around the globe. For this reason, Microsoft provides all sorts of security measures that companies adopt to protect their services.
I was recently deploying a Power Automate solution for a customer when I came across a particular situation. The Cloud flow needed to get some information from an in-house API secured using an IP address allow list.
The issue
I’ve created an Instant cloud flow with an HTTP request to perform the task and, upon execution, I’ve got the expected Unauthorized error message.
After getting this, I’ve resorted to the Microsoft Docs documentation regarding the limits and configurations to get the list of IP addresses of the environment’s region. With the help of PowerShell, we added all the IP addresses of Europe but the cloud flow kept failing. We also tried adding IP addresses from other regions without any luck. Later, I’ve remembered that Power Automate is a low-code version of Logic Apps, maybe is using an IP address from this service?
I didn’t want to keep trying all the IP addresses from Power Automate or Logic Apps. I needed to find which IP address my flow was using, so then I could find which region list I needed to include in the allow list.
The solution
After some research, I’ve found a third-party discovery service called ipfy API which gives you the IP address from which the request is calling, Perfect! 
Using the same HTTP action, I’ve sent a request to this service using this URI:
https://api.ipify.org/?format=jsonAnd gotcha!
If you try to find this IP address from the Power Automate documentation, you won’t find it in any region. This is when I’ve tried the list of Azure IP Ranges and Service Tags of the Public Cloud. You can use this link to get this in a JSON Format.
The IP address appears in this list as seen in the following image:
After adding the list of addresses from this region, the in-house API responded successfully 
I hope you find this information helpful when configuring security when using Power Automate.
Never stop learning!
SSL encryption is now called TLS
One of the most important pieces of information in an SSL certificate is the website's public key. The public key makes encryption and authentication possible. A user's device views the public key and uses it to establish secure encryption keys with the web server. Meanwhile the web server also has a private key that is kept secret; the private key decrypts data encrypted with the public key.
Certificate authorities (CA) are responsible for issuing SSL certificates.
What is SSL?
SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.
A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."
How does SSL/TLS work?
- In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. This means that anyone who tries to intercept this data will only see a garbled mix of characters that is nearly impossible to decrypt.
- SSL initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really who they claim to be.
- SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.
There have been several iterations of SSL, each more secure than the last. In 1999 SSL was updated to become TLS.
Originally, data on the Web was transmitted in plaintext that anyone could read if they intercepted the message. For example, if a consumer visited a shopping website, placed an order, and entered their credit card number on the website, that credit card number would travel across the Internet unconcealed.
SSL was created to correct this problem and protect user privacy. By encrypting any data that goes between a user and a web server, SSL ensures that anyone who intercepts the data can only see a scrambled mess of characters. The consumer's credit card number is now safe, only visible to the shopping website where they entered it.
SSL also stops certain kinds of cyber attacks: It authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data. It also prevents attackers from tampering with data in transit, like a tamper-proof seal on a medicine container.
No comments:
Post a Comment