If you’re lucky, at least one dedicated admin will be there to manage the Power Platform. Many companies might not have a dedicated admin at the beginning of their Power Platform journey. Power Platform admins might be working on other projects and managing the platform.
A few years back, there were no dedicated Power Platform admin roles. The good thing is it’s now changing.
You might ask, why do you need a dedicated admin role to manage the platform?
In a company, there could be 10s. 100s or even 1000s of people making solutions.
The admin is trying to help all these people develop solutions securely.
Also, admin is the glue between all other departments, such as the organization’s Security, Legal, privacy, and business teams.
Developer Environments:
Admin in most of the organization’s tenants, developer environments, and assignments will be turned off, which means only specific admins will create environments. This means that they will have less work to manage environments securely.
More environments = more work for the admins.
This is to stop the sprawling of many environments that get created.
Then, there are other settings available for the tenant.
A green icon appears at the bottom of Tenant settings, indicating that this setting applies to Managed environments.
We will talk more about Managed environment features in future posts.
Managed environments are premium governance features of Power Platform.
This blog post aims to talk about the challenges of governance on a large scale.
If you are starting with Power Platform, this post may not be important for you.
Are you still keen to read 🙂
Let us understand how people are developing solutions in the real world.
How people build solutions
Let’s take an example.
Alex is one of the company’s existing makers, and most people visit the maker portal (make.powerapps.com) to develop solutions using Power Platform.
Alex might have watched a video on YouTube or heard someone else say it is a great low-code tool.
Maker is someone who is developing solutions and solving business problems using Power Platform.
Whenever someone logs into the Maker portal, they’re automatically redirected to the default environment, and 99% of them don’t realize they’re in it.
Then, they start clicking on all the available links. That’s how any business user does it and develops those applications.
Once they build an app, they can start sharing it with everyone. Nothing is stopping them. This is a major challenge for admins.
People like Alex—let’s say we have 100 People now. All 100 people will develop solutions in the default environment and then share them with some larger groups or the whole organization.
Imagine you have 1000 People and 10,000 People doing the same thing.
That would be heaps of the solutions within the default environment.
Don’t get me wrong. It is good for people to develop solutions. The only concern here is they are doing it without knowing they are all in one environment.
There is also another challenge with this approach:
On the other side, many of the solutions that people are building will not be shared with the people, which means many of them will be unused.
Moreover, potentially, those unused apps and flows will die.
And as an admin, you’re the only person managing all this stuff.
Once you get more active users, because you want everyone in the business to be involved, try to build solutions and solve the problems within the company.
To summarize, below are the challenges with Default Environment
- Everyone in the org can build solutions.
- Unused Apps and Flows.
- Can’t delete the environment
- Did I miss anything? (Please add it to the comments)
Microsoft’s product team understood these challenges and suggested some of the best practices.
Best Practices
- Rename the Default environment to personal productivity.
That means you are telling people to use the Default environment only for personal solutions. Do not build solutions for your department or company.
Many people don’t realize that they have multiple environments. As soon as they land in the default environment, they click these buttons and start building solutions.
Renaming the default environment to Personal Productivity is still a good practice, but it doesn’t stop people from building solutions.
The other best practice would be restricting the connectors within the default environment.
- Minimum number of connectors
You can minimize the number of connectors available in the Default Environment.
You could choose only the standard connectors, giving you more control.
This would reduce the number of solutions created to a certain extent, but it would not solve the problem.
- Cleanup the orphaned solutions
You need to clean up some of the flows or the solutions that are not being used.
Either using automation or creating a process.
This needs to be an ongoing process to keep the environment tidy.
- Reactive monitoring of solutions
All these best practices are somewhat reactive to what’s happening.
So what is react to governance?
Reactive Governance
Once makers build applications, they can share them with large groups and everyone in the organization.
And makers might not follow the guidelines. Deploy those solutions without any quality checks.
As an admin, you use tools like the starter kit, review those solutions, and then ask the makers for more information.
- Why have you shared with everyone?
- Can we use a different environment for different processes?
- You should have followed these things.
- And did you check our existing guidelines?
As an admin, you react to everything that has happened before.
It’s easy to react if you have few makers within your organization or even 100 of them.
But let’s say you have thousands of them, building many solutions. There is a limit to reactive governance.
That’s one of our significant challenges, especially if you have a large user base.
In a nutshell, Rective governance is:
First Makers:
Shared solutions with large groups and Everyone
Not following the guidelines for High impact solutions
Deployed solutions without quality checks
Then Admin:
Review solutions and ask makers for more Info
Provide the guidelines and process that need to be followed
If something breaks, check the quality of solutions and help in remediation
Also, you need to understand the path of the platform’s admins.
How did they become admins in the first place?
Everyone’s Path to administration is different
In my case, I studied Electrical and Electronics, then started working on.Net and SharePoint.
I was introduced to the power platform early in 2018, and now I know a bit about it.
However, most admins come to the power platform from different backgrounds.
Some admins end up with the Power Platform because they manage other platforms, such as SharePoint. They’ll end up supporting or managing the Power Platform.
Also, in the early stages of a company, people start using a platform without noticing they are using a power platform.
When I say without noticing, most of the SharePoint and M 365 have a baseline license, so they could build solutions using those licenses.
You may not see much growth, or many other teams will build solutions.
The growth would pick up slowly after a few years. If you started in 2018, for example, and it’s been five to six years, you will see more growth in Power Platform.
How to manage the growth of these applications?
Or
How do we even know there are applications within the platform?
Challenges with Starter Kit
There was no CoE starter kit before 2019. You need to run PowerShell scripts to get the platform inventory.
The Microsoft team released the kit in 2019, and everyone can see what exactly is in the tenant.
There was always a surprise when they installed a starter kit.
Before the starter kit, it was always like they lacked visibility.
While managing the starter kit, consider a few things that will help you manage it better.
The visibility of all the Platform components helped many companies to plan and adopt the Power Platform accordingly.
The starter kit also improved quite a lot over the years.
If I’m not wrong, it’s been over five years, and many features have been added.
One of the standard apps in the starter kit is the Power Platform admin view app. It’s one of my go-to apps for the admins to understand the applications built by makers.
When I tried installing the May 2019 version, it got only 100 objects within the code solution. In 2024, they got over 400.
That means it’s pretty much the starter kit grown more than four times.
The other day, I was trying to automate the enrollment request process, and we were trying to add environments to the DLP. I struggled to automate the process, and my teammate said there was already a flow that added enjoyment to DLP. So why not use that? It is always quite challenging to keep up with the changes.
With the Microsoft team releasing the new features in the starter kit, you need a dedicated person to manage the changes and everything else that happens. It’s pretty challenging.
In short, below are the challenges:
- Reactive governance
- Upgrade and maintain tool kit every three months
- Keep up with the changes to the tool kit
Platform Growth
In the future, with AI and copilot, everything happening will allow people to create many of those solutions, apps, and flows with prompts. Can you imagine how much growth is going to happen?
I might be guessing (who knows the future??)
Whatever we have seen in the last five years could happen in the next one or two years. This slider can be moved towards the extreme side.
I don’t know, but it depends on adoption. It’s always better to look ahead.
With all these challenges in the default environment, you might be better off planning using Environment routing features.
Summary
In this post, we have discussed the challenge with the Default environment at a large scale.
Even with best practices from Microsoft, managing the default environment is challenging.
The starter kit does help us understand what we have in the tenant, but it is still a reactive governance approach. Managing solutions is a big challenge, especially with hundreds or thousands of makers developing solutions to solve their problems.
Environment routing aims to solve governance challenges on a scale.
Note: Environment routing is part of the managed environment feature, which means it is premium.
In the next part, I will show how to start with Environemnt routing, groups and rules.
Are you using Managed environment features? Please let me know if you have any comments or feedback.