Power Platform – taming the wild wild West

Most Microsoft customers would now be familiar with the Power Platform – Microsoft’s suite of low-code products for application development, automation, and business intelligence. If you are a Microsoft 365 customer, your existing licenses already give you some unique entitlements, allowing you to start harnessing the Power Platform features with little to no upfront expense.

But wait – if anyone in your organization can suddenly start creating apps and flows, how will you manage that? Unmanaged use of information technology in organizations is commonly known as ‘shadow IT’. While shadow IT can be a great breeding ground for innovation, personal and business productivity, it also comes with well-known risks that can have costly consequences. Just remember the burden of supporting a myriad of legacy Access applications from the early 2000s.

Questions any business manager should be asking themselves are:

• Will you have any visibility over the apps your employees create? Who will support them?
• How can you strike the right balance between supporting innovation and protecting your data?
• How can you maintain the desired quality standards?
• How can you prevent duplication of effort, encourage re-use and scaling?

Microsoft developed a toolkit to help their clients better manage the Power Platform. The Power Platform Centre of Excellence starter kit is, as the name suggests, a great starting point but keep in mind it is not a complete or turnkey solution.

There are several key considerations and actions I would recommend that my clients take:

Monitor and govern

The out-of-the-box, Power Platform admin console provides tools to manage and administer the platform at the technical level. Still, it’s quite limited and not designed to help you manage the platform from a business perspective. This is where the CoE toolkit, with the Power Platform Admin View, steps in. It provides a plethora of dashboards that give you a full view of all your environments, apps, flows, connectors, and chatbots, along with audit logs and telemetry that tells you who are your most active makers and users.

The CoE also establishes basic approval and archival business processes for apps and flows. The approval processes guide the makers into describing what they’re building and providing basic support details, such as defining business requirements, assessing business impact and risk, and defining access management. This is a good starting point if you want to maintain some order and supportability. Existing apps are easier to discover when they come with a description of their purpose, and basic support details are essential if you wish to share the app with a broader audience and support it into the future.

What about the unused assets that are taking up your capacity entitlements? Apps and flows that aren’t actively used probably aren’t beneficial for your organization and are only draining your capacity. The CoE introduces an archival process that identifies any such apps and flows based on telemetry and asks the owners to confirm they’re still in use. If they’re not in use, they are archived.

Secure your data

The Power Platform security model has multiple layers of control mechanisms that allow you to define who can use the capabilities and the data. Environments are one of the main ways you can define different security rules depending on business needs. Every tenant will have a default environment that is created automatically and cannot be deleted. Since every licensed user will have access to the default environment, it should be treated as a ‘Personal Productivity’ environment and appropriately configured to meet your security requirements. Additional environments can be created to provide an appropriate level of segregation, or they can be created to support specific business groups or applications. I also recommend that you restrict the creation of new environments to admins so that you maintain an overview of your environment estate and avoid unaccounted consumption of capacity entitlements.

The second important security control mechanisms on the Power Platform are the connectors. There are currently 300+ connectors available, which allow app makers and users to access your business data. Microsoft only recently introduced an option to block connectors, and we all breathed a sigh of relief. With connectors being the gateway to accessing your data, it’s paramount that you set up Data Loss Prevention (DLP) policies to control what can and can’t be used. I recommend my clients establish a minimum of two DLPs: A more restrictive business-use policy that is applied to all general and production environments, and a more permissive innovation-allowed policy that is applied to sandbox and development environments. Depending on the security posture of your organization you may need to define additional DLPs to control your environments and access to connectors.

Empower your app makers

Since the Power Platform is a low-code platform, anyone could be a citizen developer and create apps or flows with minimal training. It’s very easy to get started and design basic apps. There are a number of learning resources available from Microsoft, as well as from other sources. However, this requires the users themselves to be proactive and seek out these resources.

If you want to do more to nurture the adoption and support your citizen developers to go beyond the boundaries of personal productivity, I recommend you create a collaborative community where people can share their knowledge, tips, support each other, and re-use existing components within your organization. A Microsoft Teams site or a Yammer group is a great and quick way to create such a community. Actively supporting your app maker community will help you maintain momentum after the initial enthusiasm.

The nurture components of the CoE starter kit also provide helpful tools for supporting your community of app makers. Welcoming and regularly updating your app makers is a simple way to connect them to the community and keep them engaged. The CoE starter kit includes a flow that identifies new app makers and sends them a welcome email. Additionally, you can help your app makers get started by providing them with starter templates and a reusable component library.