Governance Each of these tools has access to over 275 connectors, which means they can get into Common Data Service (CDS), Office 365, Azure, any Dynamics 365 environment, and many other services. Applications built with the Power Platform can also connect to any custom built customer connectors, and Microsoft recently added the ability to connect to the new AI Builder.
With such wide-ranging access comes certain challenges, especially when it comes to governance. Although the main sell for Power Platform is that it democratizes programming for a new generation of citizen developers, users could potentially have access to sensitive data. Therefore, it’s imperative that organizations that use Power Platform implement a strong data governance strategy to ensure the security of that data, and that these tools are being used appropriately and responsibly.
Keep reading to discover key best practices for formulating a foolproof Power Platform data governance strategy.
A tenant refers to the container in which all of your different environments sit; each of these environments also acts as a container for any apps or flows you build in Power Apps, as well for your CDS resources. You can have as many environments as you want within your tenant, provided you have sufficient storage space. For Dynamics 365 users, this concept is very similar to development, sandbox, and production environments, each of which is a different CDS environment.
This information is important because it reflects how your data is structured: Connectors and controls exist within an environment, which exists within a tenant. All of this needs to be secured with things like security roles and permissions to ensure that users have access only to the tools and environments they need and are restricted from the ones they don’t.
Best Practice: Establish a Team Strategy for Your Environment.
This is an important first step that should take place before you start building out your use of the Power Platform. If you work in a large organization, assign your administrators the Power Platform service admin role, which will grant them full access to Power Apps, Power Automate, and Power BI, and restrict the creation of net-new trial and production environments to those administrators.
Next, designate the default environment as a “personal productivity” environment for your business groups. Users can use this environment to build simple apps and flows to test out Power Platform’s capabilities without connecting to CDS or customer data. Be sure to give this default environment a distinctive name, so that users don’t mistake it for a non-default environment.
Best Practice: Set up Data Loss Prevention Policies.
Data loss prevention (DLP) policies are designed to enforce which of Microsoft’s 275+ connectors are allowed to access important business data. These connectors fall into one of two categories: Business Data Only (BDO) or No Business Data (NBD) allowed. BDO connectors have access to important client data and are used by trusted apps. In order to protect that client data, connectors in the BDO group can only be used with other BDO connectors in the same app or flow.
Once you’ve established a team strategy for your environment and set up DLP policies, the next step is to start monitoring activity across your tenant.
Best Practice: Leverage Out-of-the-Box Activity Logs and Analytics.
It’s important that you be able to see who’s using which apps and how they’re using them, both for the sake of user adoption and security. To that end, you can log into the Office 365 Security & Compliance Center to access full logs and audit records for Power Apps and Power Automate.
Related:- India Top 5 Most Famous Tourist Places
Thanks to the best practices in the two previous section, you now have a clear picture of all of the apps within your environment, and you’ve built a comprehensive DLP strategy that simultaneously encourages users to be creative and ensures good data governance. The next step is to use that knowledge to take action.
Best Practice: Establish and Automate Your Audit Process.
One of the amazing things about Power Automate is that you can use it to automate your audit and alert process. In Power Automate, you can create your own workflows using management connectors that either permit or restrict behavior based on your organization’s DLP policies. For example, you could use Power Automate to create an attestation process for assets in the default environment. There are a number of free audit workflow templates that you can use, courtesy of Microsoft, including the audit workflow in the Power Platform CoE Starter Kit.
Best Practice: Welcome New Makers and Identify Champions.
Whenever you detect that a new flow has been created, check to see whether that maker is part of the makers Active Directory group. If they aren’t, that means they’re a new maker, and you should send them a welcome email that lists company and public resources. You should also invite them to join your organization’s internal Yammer or Teams Club in order to share best practices. You can find a free welcome email template in the Power Platform CoE Starter Kit.
In addition to welcoming new makers, you’ll also want to identify Power Platform champions who can help empower new users within your existing user base. When identifying champions, look for individuals who:
When it comes to choosing Power Platform champions, keep in mind that people skills and managerial know-how are just as important technical expertise.