Create input masks and entire applications, implement and automate processes, simplify and accelerate dialogues with the help of bots, and conjure up splendid reports - all of this and much more is the Power Platform. Whether you drive with low code / no-code approaches, are a user, a citizen developer or pro dev, the tools can be used in a variety of ways. A governance view is important for the use of the Power Platform so that it corresponds to your needs, your requirements and your rules. What is allowed at one company does not have to be allowed at the other company as well. Make the tools your tools and use the possibilities advisedly. In this session, Tomislav shows the various possibilities of governance settings in the Power Platform. Learn what is easy to switch, what can be done via the web interfaces, what options are given via APIs and what you should also look at when looking at governance.
13. rencore.com
Environments are containers that administrators use
to manage apps, flows, connections, and other assets
- along with permissions that allow users in the
organization to use the resources.
Power Platform – Main part: Environments
14. rencore.com
Power Platform Environments
Default -
Environment
Personal
productivity
Everyone is a
maker
Dev Test Prod
Dev Test Prod
Dev
Dedicated
Shared
1 team
(Microsoft 365 Group)
Environment
1 team
(Microsoft 365 Group)
Environment
ALM
16. rencore.com
• Production (This is intended to be used for permanent work in an organization.)
• Default (These are a special type of production environment. Each tenant has a default environment that's created
automatically.)
• Sandbox (These are non-production environments, which offer features like copy and reset. Sandbox environments are used
for development and testing, separate from production.)
• Trial (They expire after 30 days and are limited to one user or are subscription bases.)
• Developer (They're special environments intended only for use by the owner.)
• Microsoft Dataverse for Teams (Dataverse for Teams environments are automatically
created for the selected team when you create an app in Teams using the Power Apps app for the first time or install a Power
Apps app from the app catalog.)
Power Platform Environment Types
22. rencore.com
• Environments are tied to a geographic location that is configured at the
time the environment is created.
• Environments can be used to address different audiences and / or
different purposes such as development, testing and production.
• Data Loss Prevention (DLP) policies can be applied to individual
environments or the tenant.
• Each tenant has a standard environment in which all licensed Power Apps
and Power Automate users can create apps and flows.
• Non-standard environments can be created by licensed Power Apps,
Power Automate, and Dynamics users. The creation can only be restricted
to global administrators and service administrators via a tenant setting.
• An environment can have one or no Dataverse instances.
Power Platform Environments
35. rencore.com
• Power Platform for admins
• Power Apps for admins
• Power Automate for admins
• Power Apps for maker
• Power Automate management
• PowerShell
5 important connectors (all standard )
and PowerShell
36. rencore.com
• The Power Platform management connector
provides access to lifecycle management functions,
DLP policy management, and other administrative
functions from the BAP API for environments.
• API calls per connection - 100 calls in 60 seconds
Power Platform für Admins - Standard
38. rencore.com
• Power Apps management connector for
administrators
• API calls per connection - 1000 calls in 60 seconds
• Currently no triggers
Power Apps für Admins - Standard
40. rencore.com
• Power Apps management connector for
administrators
• API calls per connection - 1000 calls in 60 seconds
• Currently no triggers
Power Automate für Admins - Standard
42. rencore.com
• Power Apps management connector for developers
• API calls per connection - 100 calls in 60 seconds
• Currently no triggers
Power Apps für Entwickler - Standard
44. rencore.com
• Power Automate Management connector enables
interaction with the Power Automate Management
service.
• Example: Flows are created, edited and updated.
Administrators who want to perform operations with
administrator rights should invoke actions with the suffix
“As administrator”.
• Connections per account - 50
• Currently no triggers
Power Automate Management - Standard
46. rencore.com
• PowerShell for Power Apps und Power Automate
• 2 modules – Administrator und Maker
• Get-PowerAppEnvironment # All environments.
• Get-AdminDlpPolicy # All DLP policies
• # Get all flows
• $flows = Get-AdminFlow
• $powerApps = Get-AdminPowerApp
PowerShell
53. rencore.com
CoE Dashboard
Identify orphaned apps
Select Blank in the Owner drop-down list
on the rightmost filter pane to find
orphaned apps.
Orphaned apps, where the app owner has
left the organization, will still work for
users, but changes or bug fixes can only
be made by an owner. It's important,
therefore, to identify orphaned apps and
find a new owner for them, or work on a
retirement plan for those apps.
55. rencore.com
• Govern environment creation
• Monitoring Dataverse in Teams Capacity and Usage
• Managing Data Loss Prevention policies
• Teams Admin Center Controls (Block Apps)
• Admin and Governance Best Practices
• CoE Starter Kit - Center of Excellence
(https://powerapps.microsoft.com/en-us/blog/now-
available-coe-starter-kit-in-dataverse-for-teams-and-other-
improvements/)
Microsoft Dataverse for Teams
61. rencore.com
Power Platform Governance - endpoint filtering
for connectors
https://docs.microsoft.com/en-us/power-platform-release-plan/2021wave1/power-platform-
governance-administration/data-loss-prevention-through-connector-endpoint-filtering
62. rencore.com
Power Platform Governance - Connector Action
Control
https://docs.microsoft.com/en-us/power-platform-release-plan/2021wave1/power-
platform-governance-administration/data-loss-prevention-through-connector-action-control
63. rencore.com
Finally, coming soon, Microsoft Information Protection sensitivity labels will
provide a simple way for your users to classify critical content in Microsoft
Power Platform without compromising productivity or the ability to
collaborate.
Update June 29, 2021, by Julie Strauss
https://cloudblogs.microsoft.com/powerplatform/2021/06/29/new-power-platform-
features-reinforce-end-to-end-security-management-monitoring-and-compliance/
65. rencore.com
• Work together: Central place for settings / logos / …
• Use of components in Power Apps
• Use of Power Automate Flows to automate tasks
• Document and share informations!
Remember: Maintain processing directory according
to GDPR for Power Apps and Power Automate Flows
when working with personal data!!!
Power Platform Governance / Best Practices /
How do we want to work?
67. rencore.com
• Strategy and Vision
• Business Value
• Admin and Governance
• Support
• Nurture and Citizen Makers
• Automation
• Fusion Teams
Power CAT Adoption Maturity Model -
Details capabilities
https://powerapps.microsoft.com/en-us/blog/power-cat-adoption-maturity-model-
repeatable-patterns-for-successful-power-platform-adoption/
68. rencore.com
Level 100 Level 200 Level 300 Level 400 Level 500
• Environment
s are
creatable by
all
• No Data Loss
Prevention
policies
(DLP)
• Power Platform
Service Admin role
assigned to
specific
administrators
• Default
environment
covered by DLP
controls
• Tenant Isolation
configured
• CoE Starter Kit –
Core Module ado
pted to gain
tenant-wide
insights of
existing usage
• Defined environment, DLP,
and request management
strategies
• Monitoring of app usage and
adoption
• Monitoring of new
connectors, to update DLP
policies
• License, capacity and
consumption
monitoring informs decision
making
• Tiered approach to
productivity
environments based on maker
maturity
• Custom environments are
used for specific use cases
and ALM scenarios
• Overshared, unused and
orphaned resources are
identified and appropriate
actions are taken
• Reactive governance to
automatically gather business
and compliance information
• CoE Starter Kit – Governance
Module adopted to gain
compliance insights and
archive resources
• Telemetry helps identify
business-critical apps
• Power Platform Operations
team looks after tenant hygiene
• Maker responsibilities are clearly
defined and understood and
automatically communicated
• Further automation takes
place through chatbots
embedded in Teams –
through clear risk
profiles, tasks are auto-
approved or routed
through multi-step
approval processes (e.g.
line manager,
information security
department,
environment or tenant
admin)
• Practices that worked
in their organization are
shared externally at
Microsoft
or community events
Power CAT Adoption Maturity Model –
Admin and Governance
70. rencore.com
• Think about YOUR governance and write thoughts
down!
• There are more setting options, keep an eye on
them!
• Also think about the development (share
components and ALM) and the usability for the end
users!
Take away
71. rencore.com
• Reading start: Governance considerations (Dezember 16, 2020)
https://docs.microsoft.com/en-us/power-platform/admin/governance-considerations
• Power CAT Adoption Maturity Model: Repeatable patterns for successful Power Platform
adoption(April 28, 2021) https://powerapps.microsoft.com/en-us/blog/power-cat-
adoption-maturity-model-repeatable-patterns-for-successful-power-platform-adoption/
• Administering a low-code development platform - Power Apps and Power Automate
Enterprise Deployment (May 2020) https://aka.ms/powerappsadminwhitepaper
• Microsoft Power Platform path on Microsoft Learn https://aka.ms/PowerUp
• New Power Platform features reinforce end-to-end security, management, monitoring,
and compliance https://cloudblogs.microsoft.com/powerplatform/2021/06/29/new-
power-platform-features-reinforce-end-to-end-security-management-monitoring-and-
compliance/
Links