top of page
Writer's pictureSofia Ng

How to build Power Platform Governance

Updated: Oct 19, 2023


Introduction

Microsoft’s power platform has proven to be an amazing tool for many businesses worldwide for collecting, processing, and visualising data as well as allowing more and more ‘citizen developers’ to emerge. In this post I will explain a little about governance and why you should embrace governance (including simple steps to implement basic governance on your Power Platform environment).


Without a clear strategy for how your organisation will use the Power Platform, and without established guidelines of what different groups within your organisation may or may not do with it the organisation runs the risk of data compromise as well as potential reliance on applications which may not have support or a maintenance plan. What is governance, and Why Does it Matter? Governance has historically been seen as a senior leadership responsibility, something which day-to-day business is not actively engaged with. Governance is the system by which an organisation is controlled and operates as well as the mechanisms by which it and its members are held to account. When applied to IT specifically it is a thought framework that aims to ensure that a companies Information technology systems provide value and to limit the risks of operating in a modern IT system. It is critical that IT governance operates in step with a company’s strategic goals and supports the business. In essence, IT governance provides the structure for aligning the IT strategy with the business strategy.


Key Objectives

  1. Deliver Value to Stakeholders

  2. Set IT strategy

  3. Manage Risks

  4. Measure Performance

Shadow IT

While organisations may have IT departments and processes for acquiring software and hardware in many organisations the IT department may not be the only department acquiring these products and services. This is where shadow IT can make an appearance. Shadow IT is a concept where an organisation’s members use technology, services, or systems without knowledge or approval from the IT department. This phenomenon tends to stem from users opting to ‘get around’ what they perceive as a slow or restrictive IT department to get their needs met. Microsoft Access proliferated across the business landscape as savvy business users found a way to automate and simplify their processes in the past. Businesses have since started removing the ability to create these sorts of applications by various means, such as removing the ability to install MS Access, etc. However, as Office 365 and the Power Platform becomes more and more commonplace those people who previously would have turned to MS Access are now turning to products such as Power Automate, Power Apps, etc.


While some may want to simply disable the ability for users to create these shadow applications a Centre of Excellence (CoE) and a clear strategy supporting business involvement can help mitigate risk. The CoE can help highlight App makers and allow users to create safely.


What tools make up the Power Platform

Power BI, Power Apps, Power Automate, and Power Virtual Agents


How to Enable Governance on the Power Platform

Microsoft supplies a Power Platform Center of Excellence (CoE) Starter Kit which aims to provide tools for companies to begin to create a centre of excellence and manage the risk of Power Platform – an important part of governance.


Underpinning the CoE kit is a Dataverse data model and workflows which collect information across the environments in a tenant. On top of the Dataverse data model sits multiple apps and Power BI views which allow users to interact with the data and view the status of your tenant. The kit also includes templates and suggested patterns that can be adjusted to fit the specific needs of your company.


Providing standards, consistency, and governance to the organization, a Centre of Excellence can be a powerful way for an organization to align around business goals rather than individual department metrics.


Find out what environments exist

While understanding changes to the environment is important it is also important to get an understanding of the existing tenant to get insights into how the Power Platform is currently being used across the tenant. Key things to look out for is how many, who created them, and what types of environments currently exist in the tenant.


If an environment has Dataverse the permission is controlled through the Dataverse security model which uses role-based security (This is only in play if the environment has a Dataverse database). If the environment does not have a Dataverse database the permissions are based on environment role assignments.


There are different types of environments

  • Trial – expires after 30 days

  • Developer - Only a single user account with a community plan has access. Access cannot be shared

  • Default - Every tenant has one default environment, should not be used to host production applications

  • Sandbox - Used for development and testing, separated from production

  • Production - Non-expiring full environment

Note: It is recommended to restrict trial environment creation to only Microsoft 365 (formerly Office 365) global admins, Dynamics 365 admins, and Power Platform administrators.


A very important part of securing the Power Platform is implementing DLP (Data Loss Prevention) policies. These policies are designed to enforce which Microsoft connectors are allowed to access business data. The connectors fall into one of two categories: BDO, Business Data Only, or NBD, No Business Data allowed. DLP policies can be scoped at the environment level or tenant level, meaning that organisations can craft sensible policies that strike a balance between protection and productivity. Policies are created in the Power Platform admin centre and affect Power Platform canvas apps and Power Automate flows.


Monitoring

While creating policies and processes which limit and report on creation and usage of the Power Platform is important it is equally important to configure monitoring.


Included in the Power BI environment overview:

  • Total number of environments, including those created this month

  • Total number of environment makers

  • Total number of custom connectors

  • Total number of Apps, App makers, and Apps created this month

  • Total number of Flows, Flow makers, and Flows created this month A similar model/layout is followed for each detailed page, such as Power Apps, Flows, etc.

In addition to simple monitoring, the Centre of Excellence toolkit comes with tools such as App auditing which can be enabled and configured to perform functions such as collecting information around purpose, the impact of downtime, and business justification from the app maker.


Closing

While there are several things to consider when setting out to protect Power Platform the activities discussed above can be broken down into three simple high-level steps.

  • Establish a strategy for your environment

  • Set up and configure data loss prevention policies

  • Build a Centre of Excellence using the Power Platforms CoE Starter Kit

Depending on your business 365 and Power Platform adoption we can help establish or consult on how Power Platform governance can help control and secure your Power Platform implementation, allowing your business to take advantage of the speed, agility, and automation offered by the Power Platform while securing your data.


Contact us here


References


bottom of page