Edit

Share via

Establishing tenant hygiene with the CoE Starter Kit

  • Article

The natural expansion of Microsoft Power Platform can sometimes conflict with an organization's established strategies, such as their environment strategy. This challenge can make it difficult for Center of Excellence (CoE) teams to fully understand the purpose and usage of the various apps, environments, cloud flows, and bots.

To address this challenge, this article offers best practices for administration and governance. There are examples of tooling available in the CoE Starter Kit and out-of-the-box capabilities to help CoE teams effectively manage and optimize their Power Platform solutions.

Managing existing environments

As you gain visibility into your tenant's Power Platform environments, you might discover environments that were previously unknown to you. Having a well-defined environment strategy is crucial for sustained and governed adoption of Power Platform. Communicating this strategy clearly to your organization is even more important in ensuring that makers are developing solutions in the appropriate environment.

The CoE Starter Kit's Power BI dashboard includes an Environment Overview page, which helps you understand which environments exist in your tenant, who created them, and how many apps and flows are created in each environment. This information helps you clean up empty environments or ones no longer required. You can work with environment creators on establishing a suitable environment strategy for their team.

Environments overview.

The CoE Starter Kit's governance component includes Developer Compliance Center. This component establishes control over environments by requiring environment owners to provide a business justification for maintaining their environment. This control helps ensure all environments in your tenant are aligned with your organization's overall strategy and goals. The control increases visibility on the use of an environment.

Screenshot showing the Developer Compliance Center - Environment details.

For more information, see:

Managing new environment creation and environment requests

One of the key best practices for managing Power Platform environments is to implement controls and processes that restrict who can create new environments. The CoE Starter Kit includes a reference example for an environment and DLP request management process to effectively manage future environment and DLP requests. By understanding and utilizing this solution, your CoE team is well-positioned to manage and govern the environments in your tenant.

Note

Regularly check for new Power Platform connectors added to your tenant to ensure they align with your organization's DLP and governance policies.

For more information, see:

Managing the default environment

Every tenant in Power Platform has a default environment, containing organic growth of apps and cloud flows. The default environment can't be deleted, but it can be renamed to better reflect its intended purpose.

One of the first steps in managing the default environment is identifying the business value, the risk of existing apps and flows, and unused apps and flows. The app and flow insights help you decide if solutions should be moved to production environments or have higher levels of support.

Tip

onsider quarantining apps that aren't compliant and creating a process to clean up orphaned resources, such as apps and flows without an owner.

The Default environment page in the CoE Starter Kit's Compliance and adoption dashboard gives you valuable insights on the adoption in your default environment. For example, you can identify top connectors, the top most launched apps, and top makers.

Screenshot that shows the default environment tech debt insights.

The Compliance page in the CoE Starter Kit's Compliance and adoption dashboard can help you identify apps and flows with no owners, noncompliant apps, and suspended flows. This dashboard enables you to create an action plan to bring apps and flows back into compliance.

Screenshot that shows the Power Platform Compliance and Governance overview dashboard.

For more information, see:

Managing Dataverse for Teams environments

Dataverse for Teams is a powerful low-code data platform that enables the creation of custom apps and bots directly within Microsoft Teams.

Dataverse for Teams automatically provisions new environments for each team within an organization, once an app or bot is created or installed from the app catalog. This provisioning allows teams to easily access and manage their own data, while providing a level of isolation and security to protect data from other teams.

Power Platform includes a built-in mechanism for automatically cleaning up Dataverse for Teams environments that are inactive for 90 days. Beyond the automatic clean-up, you can keep track of existing environments and their purpose, data types, connectors, and other information associated with each environment.

The Microsoft Teams environments page in the CoE Starter Kits dashboard provides you with an overview of your existing Teams environments, apps and flows in those environments, and the last launched date of apps.

Screenshot of a Microsoft Teams Environments overview.

The Governance components of the CoE Starter Kit help you capture business justifications for Dataverse for Teams environments. By checking for new Dataverse for Teams environments daily, organizations can ensure they're aware of all environments in use. The environments can then be reviewed to check if they align with the organization's compliance and governance policies.

Screenshot of the Developer Compliance Center - Environment details.

For more information, see:

Securing your environments

With over 900 connectors available to your organization, it's critical to establish a Data Loss Prevention (DLP) strategy to control connector availability. However, you might be unaware of the impact that changing a DLP policy has on your existing apps and flows.

The DLP editor (impact analysis) tool is available for use before making changes to existing policies or creating new DLP policies. This tool reveals the impact of changes on existing apps and cloud flows and helps you make informed decisions.

Screenshot of the DLP Editor.

Once your DLP strategy is in place, use the DLP request management process in the CoE Starter Kit for makers to request and evaluate available DLP policies.

Screenshot of the environment and DLP request management process.

For more information, see:

Managing apps and cloud flows

There are common scenarios to consider for managing apps and cloud flows in your organization.

Managing existing apps and cloud flows

Usage

Identifying the apps and cloud flows that are heavily used within your organization is crucial in order to ensure that they are in compliance with your organizational policies.

The Power BI dashboard in the CoE Starter Kit offers a comprehensive view of the most used apps and flows in your organization, providing valuable information that can help you make informed decisions.

The dashboard can provide a quick overview of the most popular apps, the number of users, usage patterns, and any other relevant information.

CoE Starter Kit - Power BI dashboard

The Power BI dashboard in the CoE Starter Kit provides visual representations of usage patterns, the number of users, and other data to help you identify compliance issues and ensure your apps and cloud flows are used effectively.

These visualizations help you understand how your organization is using the Power Platform as you identify areas that need attention. By providing clear and actionable insights, the dashboard can help you ensure that your Power Platform solutions are secure, compliant, and aligned with your organizational policies.

CoE Starter Kit - inactivity notifications

The inactivity notification process in the CoE Starter Kit automatically detects inactive apps, including their inactive duration. The kit sends notifications to the app owner, asking them to confirm if the app is still needed or can be safely deleted. This process helps organizations manage their Power Platform apps more efficiently by identifying and removing unused or redundant apps. The CoE team can configure the inactivity threshold.

Screenshot of the inactivity notification mail sent to an app owner.

For more information, see:

Compliance

Evaluating the risk exposure of apps and cloud flows is an important step in managing the Power Platform effectively. By identifying high-risk apps, your CoE team can define processes for mitigating the risks. For example, you can migrate high-risk apps or provide more support for high-value apps.

Since most organizations have hundreds, if not thousands, of apps and cloud flows, manually reaching out to owners to establish risk isn't a scalable option. The CoE Starter Kit can assist your CoE team to automate the capturing of compliance information to identify high-risk apps, saving your team time and resources.

The Admin compliance detail request is a powerful cloud flow that can help your CoE team establish compliance with organizational policies by iterating over the inventory of apps and bots.

This flow allows your team to set compliance thresholds and automatically checks apps and bots against these thresholds. If an app or bot is found to be noncompliant, the flow prompts the owner to submit a business justification and additional information about the application.

Your CoE team can quickly and efficiently identify and address compliance issues while providing a clear and transparent process for app and bot owners.

Screenshot of compliance email sent to an app owner.

For more information, see:

Managing future apps and cloud flows

Implementing the CoE Starter Kit's inactivity notification and compliance processes is an essential step in effectively managing compliance for your Power Platform solutions.

To get maximum value from these tools and ensure compliance, consider these actions:

  1. Exclude development and production environments from compliance and inactivity notifications.
  2. Quarantine apps that aren't compliant.

For more information, see:

Managing apps and cloud flows when the owner leaves the organization

When an employee owns an app or flow within Power Platform and leaves the organization, they might leave built components behind, known as orphaned resources. These resources can pose a security risk if they're not properly managed or maintained. To address this issue, the CoE Starter Kit includes a process to identify and clean up orphaned resources.

This clean-up process is designed to run daily checks for any resources owned by former employees. The checks ensure the resources are either reassigned to a new owner or removed from the tenant if they're no longer needed. This component can help keep your Power Platform solutions secure and compliant, even when employee turnover occurs.

Screenshot of the orphaned resources adaptive card sent to a line manager.

For more information, see:

Highly used apps

Highly used apps in your organization often have a compelling story behind their success. Stories might share how the apps were created, challenges they overcame, and value they provide to the business. Discovering and sharing these stories can be a great way to drive further adoption and provide confidence to other makers in your organization.

The CoE Starter Kit's Power BI dashboard can help you identify highly used apps and your most active makers. These makers can help you create powerful success stories or start an internal community program. These makers can be great decision makers as you refine your Power Platform strategy.

Screnshot showing the Power Automate Cloud Flows dashboard with app and maker statistics.

Collaborate and share knowledge

The Power Platform Community Site Template provides useful templates for promoting success stories, events, hackathons, and other relevant information. This powerful tool can encourage collaboration and knowledge sharing within your organization. The tool can also help enable the adoption of best practices and standards for Power Platform development.

Active makers

Identifying the most active makers in your organization can provide valuable insights and resources for your organization's Power Platform community. These makers are likely to be highly engaged and knowledgeable about the platform and can be valuable allies in helping to drive adoption and improve the quality of your organization's solutions.

You can engage the active makers in your organization:

  • Hackathons and training delivery: Active makers can participate in hackathons, training sessions, and other community events to share their knowledge and experiences.
  • CoE Advisors: Active makers can join your CoE as advisors, providing input and guidance on future policies, events, and other initiatives.
  • Promoting Success stories: Active makers can share their success stories and experiences to help drive adoption and inspire others in the organization.
  • Opt-in for skills match: The skills match feature is designed to help makers build a community of makers. Active makers can connect with the organization and community to support their onboarding and upskilling.

By identifying and applying the expertise and enthusiasm of your organization's most active makers, you can build a more engaged and effective Power Platform community.

For more information, see:

Communicating governance to your makers

Communicating governance to your makers is an important aspect of managing Power Platform effectively. Governance policies and guidelines help ensure that solutions are secure, compliant, and aligned with organizational goals. However, if makers don't understand or are unaware of these policies, they can't create solutions that meet organizational goals.

Strategies for effectively communicating governance to your makers:

  • Clearly communicate the purpose and benefits of governance policies:

    Explain how governance policies protect organizational data and ensure compliance with regulations.

  • Make governance policies and guidelines easily accessible:

    Place the policies and guidelines in a central location, such as the Power Platform community site template that's easily accessible to all makers.

  • Provide training and support:

    Offer training sessions and resources to help makers understand and comply with governance policies.

  • Encourage open communication:

    Create a culture of open communication where makers can ask questions and raise concerns about governance policies.

  • Incorporate governance into the development process:

    For example, you can require a compliance review before deploying a solution.

For more information, see:

Administration of the platform

The Power Platform Administration planning tool is a comprehensive resource that provides guidance and best practices for Power Platform administration.

This tool helps organizations of all sizes and levels of experience optimize their administrative efforts and improve an organization's existing support.

The planning tool can optimize environments, security, data loss prevention, monitoring and reporting. You can be more effective in creating a solid foundation of administration and governance for Power Platform within your organization.

Screenshot showing the Task breakdown - proactive & reactive balance section of the dashboard.

For more information, see: