Perspicuity Insights

Getting started with Governance in the Microsoft Power Platform

Written by Jodie Lawrance | May 23, 2022 9:57:01 AM

The Power Platform offers transformative benefits for organisations. It empowers employees to create custom solutions quickly, enhancing productivity and innovation. With its low-code approach, even non-technical staff can develop apps, automate workflows, and analyse data, reducing reliance on IT departments. This democratisation of technology fosters a culture of continuous improvement and agility, enabling businesses to respond swiftly to changing market demands. Additionally, the Power Platform integrates seamlessly with existing systems, ensuring a smooth and efficient digital transformation journey.  

We are now in times where building and publishing an app can take days rather than weeks or months, and the benefits this brings to an organisation can be massive for digital transformation.  

In previous Insight articles, we have spoken of the benefits that the Power Platform brings, but as it grows in use, how do you put in place controls to manage and support the Power Platform to not only protect but support and enable this growth? This is where planning and implementing governance becomes a critical part of your digital transformation journey.  

In this article, we will focus on the Power Apps and Power Automate services as they work closely together, but Power BI and other Power Platform components are just as important and will be impacted by your decisions early on.  

Licensing

It’s worth touching on the considerations with licensing and how Microsoft expects you to use these. Every user who has a standard Office 365 licence will have included access to both Power Automate and Power Apps. With this being on by default, it means anyone in the organisation can build an app or workflow for either themselves or their team.  

Microsoft has designed these services to enhance personal productivity, and there are many examples of users creating alerts, notifications, or document controls to help them manage their own workload. Licensing is also there to ensure anyone engaging in an automate or using an app is a licensed user, so there is a requirement to ensure your colleagues have the correct licence applied when interacting with an app.   

Environments

For many organisations, a common challenge arises when individuals create processes and apps for personal productivity, only to later find that these tools need to be scaled for departmental or organisational use. This is where the strategic use of different environments within the Power Platform becomes essential.  

By separating usage into distinct environments, Office 365 administrators can clearly differentiate between apps and workflows intended for personal use and those designed for business purposes. Each organisation comes with a standard environment, labelled with ‘(default)’ next to its name, visible in the top right corner of the design screens.  

To streamline this process, we recommend renaming the default environment to ‘Personal’. This allows colleagues to build and experiment freely within a personal space, without constraints, ensuring that personal productivity tools remain separate from business-critical applications. This approach not only enhances organisation but also ensures that personal and business needs are met efficiently and effectively.  

For apps or workflows that start to become business-critical, we recommend separating these into production and, in some scenarios, development environments. The number of environments you have depends on various factors, such as the geo-location of your data, but we suggest setting up at least one as a minimum. This way, any business use of the services that may need support can be separated from individual processes.  

Data Loss Prevention  

When it comes to data loss prevention (DLP), many organisations mistakenly assume that this is solely managed within the Security or Compliance admin centres. However, these centres do not cover scenarios where a process reads data from one location and posts it to another, including third-party apps.   

The good news is that the Power Platform Admin Centre addresses this through specific DLP policies. These policies are designed to control and monitor how data is shared and transferred within your organisation, ensuring that sensitive information remains secure even when integrated with external applications.  

By leveraging the Power Platform Admin Centre for DLP, organisations can create robust policies that prevent unauthorised data movement, thereby safeguarding their data integrity and compliance. This proactive approach helps mitigate risks associated with data breaches and ensures that all data interactions are secure and compliant with organisational standards.  

Perspicuity can help with Power Platform governance by providing comprehensive support and guidance to ensure effective management and control of the platform, as well as running training or art-of-the-possible workshops.