Session I gave at Ignite The Tour Paris November 13, 2019. Learning path session POWA50.

3. Microsoft Power Platform
One low-code platform that spans Office 365, Dynamics 365, and standalone applications
Analyze. Act. Automate. Assist.

4. Who is here today?

5. Who here has a Microsoft 365 background?

6. What about a Dynamics 365 background?

7. Last, but not least, what about Azure?

8. Why are we here today?

10. Our philosophy
1. Empower anyone to be a
maker, a #PowerAddict
• Enable an open ecosystem
for building
• But an ecosystem that does
not escalate privilege

11. Our philosophy… includes governance!
1. Empower anyone to be a
maker, a #PowerAddict
• Enable an open ecosystem
for building
• But an ecosystem that does
not escalate privilege
2. But also empower admins
with full visibility and the
tools they need to balance
business productivity with
governance
1. Incent the right behavior
2. Implement strategy early
3. Treat exceptions as exceptions

12. Agenda
1. Establish an environment strategy
2. Setup data loss prevention policies
3. Leverage out-of-box activity logs &
analytics
4. Install the Center of Excellence
starter kit
5. Welcome new makers and identify
champions
6. Establish and automate your audit
processes

13. Securing your tenant

14. Who is building solutions with the Power Apps?
2. Pro-dev / IT productivity
Enables high productivity app development
Reduces time to develop and deploy
Centrally managed and rolled out
Lower barrier of entry for app development
Power users in business units close to the problem
building solutions for their teams
Often with IT oversight or in an approved sandbox
1. Citizen developer enablement
Some organizations start with a centralized IT apps and then grow into organic development
Far more start with organic solutions in business units and grow into a centralized IT Center of
Excellence (CoE)

15. Environments
Environments are containers that administrators can use to manage apps, flows,
connections, and other assets; along with permissions to allow organization users
to use the resourcesAzure AD Tenant
Environments
1. Product
discovery
2. Know your
Environments
3. 5+1
security layers
4. Setup DLP
policies
5. Configure
audit logs
6. Review
Analytics
7. Automate
your reports
8, Automate
your polices
9. Proactive
engagement
10. CoE
toolkit

16. Environment key facts
• Every tenant has a Default environment
where all licensed PowerApps and Flow
users can create apps & flows
• Non-default environments offer more
control around permissions
• Non-default environment creation can
be restricted to only global and service
admins from the Power Platform admin
center: https://aka.ms/ppac
• Environments are tied to a geographic location that is configured at the time the environment
is created
• Environments can be used to target different audiences and/or for different purposes such as
dev, test and production

17. Establish an environment strategy

18. Chevron: Automating Environment creation

19. Data loss prevention key facts

20. Setup data loss prevention (DLP) policies
Training
#1
Training
#2 Contoso
Europe
Dev
Test
Prod
Contoso
USA
Dev
Test
Prod

21. Setup data loss prevention (DLP) policies
Training
#1
Training
#2 Contoso
Europe
Dev
Test
Prod
Contoso
USA
Dev
Test
Prod

22. Setup data loss prevention (DLP) policies
Training
#1
Training
#2 Contoso
Europe
Dev
Test
Prod
Contoso
USA
Dev
Test
Prod

23. Demo

24. Monitor your tenant’s
activity

25. 1. PowerApps and Flow logs available at https://protection.office.com
Logs & analytics – see what’s happening
Microsoft Flow PowerApps
• Created flow
• Edited flow
• Deleted flow
• Edited permissions
• Deleted permissions
• Started a paid trial
• Renewed a paid trial
• Created app
• Edited/save app (draft)
• Published app
• Deleted app
• Restored an app from app
version
• Launched app
• Marking app as featured
• Marking app as hero
• Edited app permissions
• Deleted app permissions

26. 1. Power Apps and Power Automate logs available at
https://protection.office.com
2. Admin analytics
 Tenant and environment level analytics
 Available from Power Platform admin center
 Access is available for environment admins
 Data is stored for 28 days
 Data is refreshed daily
Logs & analytics – see what’s happening
Capacity Management
Common Data Service
Microsoft Flow
PowerApps
https://aka.ms/ppac

27. 1. Power Apps and Power Automate logs available at
https://protection.office.com
2. Admin analytics
 Tenant and environment level analytics
 Available from Power Platform admin center
 Access is available for environment admins
 Data is stored for 28 days
 Data is refreshed daily
3. Maker analytics (Canvas app and flow level analytics)
 Available from make.powerapps.com and flow.microsoft.com
 Access is available to app & flow owners (admins can grant themselves access)
 Data is stored for 30 days
 Data is refreshed daily
Logs & analytics – see what’s happening
Capacity Management
Common Data Service
Microsoft Flow
PowerApps
https://aka.ms/ppac

28. Center of Excellence Toolkit
https://aka.ms/COEStarterKit
Step Scenario Toolkit Component
Secure DLP Editor 1. Canvas App - DLP Editor
Monitor Flow templates to collect data into CDS
Power BI Dashboards
2. CDS Entities​: Environments, Apps, Flows…
3. Flow - Sync resources template
4. Flow - Sync audit logs
5. Power BI Dashboard
6. Custom Connector for Office 365 Audit Logs
Alert &
Action
Maker and Admin notification via Flow
templates (Compliance request)
Admin Model Driven App facilitates app
audit process
7. Canvas App - Developer Compliance Center
8. Flow - Compliance detail request
9. Model Driven App - Business Process Flow for
Auditing resources
Nurture App catalog
Welcome email, Internal community
channel links
10. Canvas App - App Catalog
11. Flow - Welcome Email

29. Alert & act on that activity

30. Leverage management connectors & PowerShell as
powerful reporting tools + tools for action
aka.ms/powerappspowershell
PowerApps for Admins
PowerApps for App Makers
Power Platform for Admins
Flow Management

31. Welcome new makers and identify champions
https://aka.ms/powerwelcomeemail

32. Welcome new makers and identify champions
https://aka.ms/powerwelcomeemail
https://aka.ms/newmakerdigest

33. Establish and automate your audit process
Canvas app, flow creation aka.ms/restrictappcreators
Specific connector usage
aka.ms/restrictflowconnector
aka.ms/restrictappconnector
Newly added connectors aka.ms/newconnectornotification
1. Create your own workflows using the management connectors that
permit or restrict behavior based on your organization’s policies
(e.g. create an attestation process for assets in the default env)

34. Demo

35. Establish and automate your audit process
1. Create your own workflows using the management connectors that
permit or restrict behavior based on your organization’s policies
(e.g. create an attestation process for assets in the default env)
2. CoE starter kit comes with its own audit workflow:
• Apps are identified by a flow based on criteria such as the app is
shared with > 20 Users or at least 1 group and the business
justification details have not been provided.
• Developer Compliance Center where the maker can provide a
justification
• Admin business process workflow for approval

36. But don’t just take my word for it….
250k
5BillionCUSTOMERS A YEAR
EMPLOYEES WORLDWIDE
120 COUNTRIES
160 k in France
150
Production
apps
2500+
PowerApps
Yammer
Members
150+ IT
PowerApps
experts by
EoY 2019
https://powerapps.microsoft.com/blog/digital-
transformation-sncf-french-national-railway-company/

37. Recap
 Establish an environment strategy
 Setup data loss prevention policies
 Leverage out-of-box activity logs &
analytics
 Install the Center of Excellence
starter kit
 Welcome new makers and identify
champions
 Establish and automate your audit
processes