The growth of reporting, business applications and process automation has grown hugely in recent times and using services like the Power Platform has contributed to this growth. We are now in times where building and publishing an app can take days rather than weeks or months, and the benefits this brings to an organisation can be massive for digital transformation.
In previous Insight articles we have spoken of the benefits that the Power Platform brings but as it grows in use how do you put in place controls to manage and support an organisation? This is where planning and implementing Governance controls becomes an important part of your journey.
With this article we will focus on the Power Apps and Power Automate services as they work closely together, but Power BI is just as important and will be impacted on your decisions early on.
Licensing
It’s worth touching on the considerations with licensing and how Microsoft expect you to use these. Every user who has a standard Office 365 licence will have included access to both Power Automate and Power Apps. With this being on by default it means anyone in the organisation can build an app or workflow for either themselves or their team.
Microsoft have designed these services to include personal productivity and there are many examples of users creating alerts, notifications or document controls to help them manage work. Licensing is also there to ensure anyone engaging in a workflow or using an app is a licensed user so there is a requirement to ensure your colleagues have the correct licence applied when filling in an app.
Environments
For many organisations a problem can occur where individuals are creating processes and apps for personal productivity but then business requirements appear for engaging departments or the whole organisation. This is where separating out usage of the Power Platform to different Environments makes sense as the administrators of Office 365 can differentiate between the role of an app or workflow to personal or business.
There is always a standard environment created for every organisation which will appear with ‘(default)’ next to the name and is visible in the top right of the design screens. We always recommend renaming this to ‘Personal’ so that colleagues can build without constraint for themselves in a default personal environment.
For apps or workflows that start to become business critical we recommend separating these into production and in some scenarios development environments. How many you have is dependent on various factors like using geo-location of your data, but we suggest setting up one as a minimum. Then any business use of the services that may need supporting can be separated from the individual processes.
Data Loss Prevention
When it comes to data loss prevention this is wrongly expected to be covered in the Security or Compliance admin centres. But what these don’t cover is if a process reads data from one location and posts it to another including somewhere like Twitter. The good news is that this is covered in the Power Platform Admin centre as a policy.
Our recommendation is to consider creating a new policy allowing and restricting which Microsoft and third-party services can be used within your organisation. A different Policy may apply to personal usage compared to business usage as there may be justification for some users to be able read or post to Twitter.
Further Configuration
There are other considerations we would recommend including naming conventions, when and how to use service accounts for workflow connections along with sharing control of business processes. Our key point to share is that the sooner you consider and plan this in the easier it will be to implement although it’s never too late to apply good practise and governance.
If you would like to know more about how we can help you plan and implement good governance in the Power Platform then get in contact and have a discussion.