Before setting up the CoE Starter Kit
The Center of Excellence (CoE) Starter Kit is a collection of components and tools that can help you get started with developing a strategy for adopting and supporting Microsoft Power Platform, with a focus on Power Apps and Power Automate. More information about individual components: CoE Starter Kit explained
This article prepares you to install the CoE Starter Kit and provides guidance on:
- The identity with which to install and run the solutions.
- The environment type to use for your solutions.
- All pre-requisites needed to use the CoE Starter Kit.
What identity should I install the CoE Starter Kit with?
The CoE Starter Kit requires access to your tenant's Power Platform environments. Therefore, the identity you set up for the CoE Starter Kit needs the following licenses and roles:
- Microsoft Power Platform service admin, global tenant admin, or Dynamics 365 service admin.
- Power Apps Per User license (non-trial) and Microsoft 365 license.
- Power Automate Per User license, or Per Flow licenses (non-trial).
- Power BI Premium per user or per capacity (if using Data Export for inventory)
- The identity must be email-enabled.
- If you'd like to collect telemetry information, such as app launches and unique users per app, you must be granted access to the Audit Log and work with a Global Admin who has access to Microsoft 365 audit log to complete the setup.
- If you'd like to share the Power BI report that's part of the CoE Starter Kit, this identity needs to have the Power BI Pro license.
These roles and licenses must be available to this user continuously; it's not sufficient for the admin access to be granted only temporarily via Privileged Identity Management (PIM). The CoE Starter Kit works by using admin connectors in cloud flows (such as Power Apps for Admins) to check for new and updated Power Platform resources and provide admin and governance tooling based on Power Platform resources in your tenant (for example, identify highly shared or unused resources). These connectors require an account that has Power Platform Admin access to retrieve the inventory of all environments - a role with lesser privileges wouldn't see all resources in the inventory. The flows using these connectors run on a schedule and on event-based triggers. If you use an identity that has time-based access via PIM to run these flows, not all the inventory would be retrieved.
Multi-factor authentication can be used for the account setting up the CoE Starter Kit, if MaxAgeMultiFactor is set to Until-Revoked instead of a fixed time. This ensures that Flow connections keep working, and is a based on the recommended settings for using MFA with Power Automate. Learn more: Conditional access and multi-factor authentication in Power Automate.
How will you communicate with your admins, makers, and users?
You should consider how you communicate with different groups of people before you start the setup.
In particular, consider the following personas:
- Admin persona
- Power Platform admins to communicate with each other.
- Power Platform makers to contact Power Platform admins.
- Maker persona
- Power Platform admins to contact Power Platform makers.
- Power Platform makers to communicate with each other.
- User persona
- Power Platform admins to contact Power Platform users.
We recommend using three Microsoft 365 groups, one for each persona. This group type is an email-enabled security group and can be associated with a Microsoft team for collaboration between the people in the group.
As part of the inventory of a tenants Power Platform resources, makers are added to the group you define for the Power Platform Maker persona. You can share apps and other resources relevant to makers with this group. In order for makers to be added to the group, the admin or service account setting up the inventory components needs to be an owner of these groups.
Some processes in the CoE Starter Kit send Power Automate Approvals and Adaptive Cards for Microsoft Teams. These cards can't be assigned to a group. You therefore also need an individual named admin that these communications can go to. In addition to the above groups, you'll therefore also need:
- Individual Admin
- Individual to receive chat bot chats
- Individual to receive approvals
What data source should I use for my Power Platform inventory?
At the heart of the CoE Starter Kit are processes that gather information about your Power Platform inventory to provide processes to manage, govern and nurture Power Platform adoption in your tenant.
The CoE Starter Kit offers two mechanisms to gather this data:
Data Export (preview): You can export Power Platform inventory and usage data directly into Azure Data Lake Storage using the Data Export feature in the Power Platform Admin Center. Because the data is provided by the admin center, this mechanism is high in performance. Data Export has to be configured in advance from the Power Platform Admin Center to use this option.
The CoE Starter Kit using data provided by Data Export for inventory is currently in experimental preview. We recommend you don't depend on it just yet and first test it in a dedicated test environment. Trying out this feature will help us validate that the feature meets your needs and that we're not introducing unintended side effects.
Try out the feature by enabling the Data Export feature in your tenant first. Proceed with the CoE Starter Kit configuration only when you see inventory data files in your storage account. The initial data export can take up to five days. Next, download the version of the CoE Starter Kit that integrates with Data Export and use the setup wizard to configure the feature in your tenant. Your feedback is critical to this process. Please post your feedback by raising an issue on GitHub.
Cloud flows: Cloud flows use Power Platform admin connectors to query and crawl your tenant and store inventory and usage data in Dataverse tables. This method is suitable for small to medium sized tenants but can cause performance issues in tenants where Power Platform inventory exceeds 10,000 objects (combined number of environments, apps, flows).
Frequently asked questions
How can I try out this feature?
First, enable the Data Export feature in your tenant. Proceed with the CoE Starter Kit configuration only when you see inventory data files in your storage account. The initial data export can take up to five days.
Download the version of the CoE Starter Kit that integrates with Data Export and use the setup wizard to configure the feature in your tenant. Your feedback is critical to this process. Post your feedback by raising an issue on GitHub.
Why is this feature in preview?
The Data Export feature itself is currently in public preview. Using Data Export for the CoE Starter Kit is a fundamental change to the underlying architecture of the CoE Starter Kit. To help balance improvement with the potential impact on your existing CoE kit deployment, we're introducing this feature as a preview feature. If you're an early adopter and think this feature could be useful to you, try it out and help test the feature. We recommend you don't depend on it yet and first try it out it in a dedicated test environment. Trying out this feature helps us validate that the feature meets your needs and that we're not introducing unintended side effects. Your feedback is critical to this process. Post your feedback by raising an issue on GitHub.
What are the requirement for using Data Export with the CoE Starter Kit?
To receive the data, you have to configure Data Export in the Power Platform Admin Center first. This feature requires a Global Admin for initial setup, and an Azure Storage account to store data. Before you can set up Data Export, you also have to enable tenant-level analytics. For the CoE Starter Kit capabilities, you'll also need a Power BI Premium per user or per capacity workspace.
What are the license requirements and costs for using Data Export with the CoE Starter Kit?
The identity setting up the CoE Starter Kit needs a Power Apps Per User and Power Automate Per User license, and either a Power BI Premium per user license or access to a Power BI Premium per capacity workspace. You'll also need an Azure Datalake Gen 2 Storage Account to receive data from the Data Export feature.
What permissions are required for the CoE Starter Kit to consume Data Export data?
The identity setting up the CoE Starter Kit needs Storage Data Reader permissions to the Azure Storage account that receives data from the Data Export feature. Learn more: Assign an Azure role for access to blob data
Why do you recommend moving from using cloud flows to retrieve inventory to using Data Export?
The cloud flows that sync inventory to Dataverse consume a high number of API calls, and can hit throttling and scale limits if you have a large number of Power Platform resources (environments, apps, flows) in your tenant. These cloud flows work best for small to medium sized tenants that have less than 10,000 apps and flows. The Data Export feature uses Power BI and Power Platform dataflows, which are powerful at transforming and handling large amounts of data. Once we've validated this feature works as intended, using Data Export with the CoE Starter Kit will increase performance and scale.
The CoE Starter Kit using Data Export for inventory is currently in experimental preview, we recommend you don't depend on it just yet and first test it in a dedicated test environment. Trying out this feature will help us validate that the feature meets your needs and that we're not introducing unintended side effects. Your feedback is critical to this process. Please post your feedback by raising an issue on GitHub.
Will the CoE Starter Kit still have inventory of resources not yet available in the Data Export feature?
Currently, the Data Export feature provides inventory on environments, apps and cloud flows. For resources not yet available via Data Export (desktop flows, chatbots, solutions, AI Builder models, Power Pages websites), the CoE Starter Kit continues to use cloud flows to retrieve the inventory.
How does the CoE Starter Kit consume data from the Data Export feature?
There's two mechanisms the CoE Starter Kit uses to consume data from the Data Export feature:
- Power BI dataflows are used to transform the data for Power BI. These dataflows prepare all the data provided by the Data Export feature ready for reporting. The Power BI dashboard is then based on the data prepared by the Power BI dataflows.
- Power Platform dataflows are used to transform the data and write a small amount of data back to existing Dataverse tables used by the CoE Starter Kit apps and flows. These dataflows merge and summarize data so only data needed by the admin and governance processes of the CoE Starter Kit is written back to the Dataverse. For example, instead of storing the entire usage data in Dataverse, only the last launched date of an app is stored in Dataverse.
Can I migrate from using cloud flows to retrieve inventory to using Data Export?
Yes, migrating from cloud flows to Data Export will be a seamless process - use the Setup Wizard to change your data source for the CoE Starter Kit to Data Export and continue configuring the inventory components using the Setup Wizard. However, we suggest you don't upgrade just yet and instead try this feature out in a test environment first.
What will happen to my existing data when I upgrade?
The CoE Starter Kits inventory is based on unique identifiers (GUIDs). App, flow, environment metadata is stored in Dataverse tables, and each app, flow and environment has a unique identifier that is used as the key to the row in the table. This GUID is the same if the inventory is retrieved with cloud flows and if the inventory is retrieved with Data Export. If you switch from using cloud flows to using Data Export, the dataflows recognize existing rows via their GUID and update those rows, and add new records if the GUID doesn't yet exist. There won't be a duplication of rows.
What will happen to custom columns that I've created as part of customizations, if they aren't part of data from datalake?
The Power BI dashboard has been updated to depend on the Azure storage account instead of Dataverse tables - if you're using your custom columns in the Power BI dashboard, you'll have to bring them into the new Power BI dashboard and append them to the new dataset. If you're only using the custom columns in apps and flows, there's no change required - as these columns aren't updated by the dataflow, data in them persists.
Will I see any data changes between what is coming from Data Export and what already exists?
Data integrity between moving from cloud flows to retrieve inventory to using Data Export to retrieve inventory is kept via the unique identifiers (GUIDs) of each resource (environment, app, flow). The dataflows recognize existing rows via their GUID and update those rows, and add new records if the GUID doesn't yet exist. There won't be a duplication of rows.
Will all apps and flows in the CoE Starter Kit continue to work (for example, inactivity notifications, compliance process, identifying orphaned resources)?
Yes, there will be no change in functionality.
I want to try out this feature, but have more questions or have found a bug
If you have more questions about the CoE Starter Kit using Data Export, raise a question on GitHub. If you've tried out the CoE Starter Kit using Data Export and found a bug, please raise an issue on GitHub.
- Unpublished cloud flows (flows imported in a managed solution that have never been turned on) and cloud flows triggered from canvas apps with no actions other than a response aren't returned through the Data Export feature. They aren't part of the inventory.
- Component Libraries aren't returned through the Data Export feature. They aren't part of the inventory.
- Apps and flows in the legacy environment are assigned to the default environment. That's because the legacy and default environment have the same GUID.
Plan your upgrade strategy
A new version of the CoE Starter Kit is released monthly, usually in the first full week of each month. This release cadence is important to know so you can review, organize, plan, and test the latest version. We recommend upgrading the CoE Starter Kit solution at least every three months. With the fast pace of change for Microsoft Power Platform, leaving updates longer than three months could result in unexpected issues when you do update.
We recommend testing upgrades in a dedicated test environment, before upgrading your production environment. Focus your test efforts on the features of the CoE Starter Kit that you use. Verify that components you use still work, any new features added to those components meet your requirements.
In your test environment, set the ProductionEnvironment variable to no - this means no emails will be sent to makers and end users as you test features.
Learn more: Updating the Center of Excellence (CoE) Starter Kit
Create your environments
We recommend creating two environments to install the CoE Starter Kit solution - one for testing, and one for production use. Learn more: Updating the CoE Starter Kit
Create two production environments to install the CoE Starter Kit solutions:
- Create an environment with a database.
- Choose English as the default language.
- Don't add sample apps and datasets.
- Don't restrict environment access with a security group, because some parts of the CoE Starter Kit use approval actions and require makers to be able to interact with the environment.
- After importing the solution and completing the setup steps, set the ProductionEnvironment variable to no in your test environment. This means you can test the coE Starter Kit processes without impacting makers and end users.
Using Data Export as a mechanism to retrieve inventory and telemetry is currently in preview - we recommend you test this in a dedicated test environment before using this feature in production.
Validate data loss prevention (DLP) policies
The DLP policy applied to your CoE Starter Kit environment needs to allow the following connectors to be used together in the business group:
- HTTP with Azure AD
- Microsoft Dataverse
- Microsoft Dataverse (legacy)
- Microsoft Teams
- Office 365 Groups
- Office 365 Outlook
- Office 365 Users
- Power Apps for Admins
- Power Apps for Makers
- Power Automate for Admins
- Power Automate Management
- Power Platform for Admins
- Power Query Dataflows
The CoE Starter Kit collects information about who owns a resource, such as an app or a flow. If the resource is owned by an interactive user, the Office 365 Users connector is used to get those details. If the resource is owned by a service principal (application user), the HTTP with Azure AD connector is used to make a call to Microsoft Graph to get the name of the application user to correctly mark ownership of resources and avoid resources being marked as orphaned (without an owner).
The HTTP and HTTP with Azure AD connectors connect to https://graph.microsoft.com for commercial tenants; if your tenant is in GCC, GCC High or DoD, check your service root endpoint for Microsoft Graph.
You can't set up DLP endpoint filtering for these connectors, as dynamic endpoint evaluation isn't supported by DLP Policies.
If you're using the audit log solution, the custom connector used to connect to the Microsoft 365 audit log also must be allowed in your business group. Configure the https://manage.office.com/ endpoint in the business group of your tenant-level policy. Learn more: Configure custom connector endpoints in tenant-level policies.
Check that no other DLP policies apply to this environment. Learn more: Combined effect of multiple DLP policies
If you're using the ALM Accelerator for Power Platform components, the environment must have a DLP policy that allows Dataverse (legacy), Power Apps for Makers, HTTP with Azure AD, and the ALM Accelerator Custom DevOps connector to be used together. Those connectors must be in the business data–only bucket of the DLP policy for this environment.
Download the solution
Download the CoE Starter Kit solution and Power BI dashboard files to your device. The entire content package can be downloaded directly at aka.ms/CoEStarterKitDownload.
The content package contains various files that support different features of the CoE Starter Kit. The setup instructions walk you through when to use each file, and below table will give you an overview of the purpose of each file:
|admintaskanalysis_core_1_2_managed.zip||Power Platform admin task planner components|
|CenterofExcellenceALMAccelerator_x.x.yyyymmdd.x_managed.zip||ALM Accelerator for Power Platform solution file. Required during setup of the ALM Accelerator for Power Platform components.|
|CenterofExcellenceAuditComponents_x.xx_managed.zip||Governance components solution file. Required during setup of the Governance components. Has a dependency on Core components being installed first.|
|CenterofExcellenceAuditLogs_x.xx_managed.zip||Audit Log components solution file. Required during setup of the Audit Log components. Has a dependency on Core components being installed first.|
|CenterofExcellenceCoreComponents_x.xx_managed.zip||Core components solution file. Required during setup of the Core components in a Production environment.|
|CenterofExcellenceInnovationBacklog_x.xx_managed.zip||Innovation Backlog components solution file. Required during setup of the Innovation Backlog components.|
|CenterofExcellenceNurtureComponents_x.xx_managed.zip||Nurture components solution file. Required during setup of the Nurture components. Has a dependency on Core components being installed first.|
|MakerAssessmentStarterData.xlsx||Provides a set of starter questions and answers for the Maker assessment app. Required during configuration of the Maker Assessment app.|
|Power Platform Administration Planning.pbit||Power Platform admin task planner Power BI template file. Required during configuration of the Power Platform admin task planner components.|
|PowerPlatformGovernance_CoEDashboard_MMMYYYY.pbit||CoE Governance and Compliance Dashboard Power BI template file. Required during configuration of the Power BI dashboard|
|Production_CoEDashboard_MMMYYYY.pbit||CoE Dashboard Power BI template file. Required during configuration of the Power BI dashboard|
|Pulse_CoEDashboard.pbit||Pulse survey Power BI template file. Required during configuration of Pulse survey components.|
|Sample-task-data.xlsx||Provides a set of tasks for the Power Platform admin task planner components app. configuration of the Power Platform admin task planner components.|
|ToolIcons.zip||Provides a set of starter icons for the Innovation Backlog. Required during configuration of the Innovation Backlog|
What's next: After installing the CoE Starter Kit
We recommend upgrading the CoE Starter Kit solution at least every three months. With the fast pace of change for Microsoft Power Platform, leaving updates longer than three months could result in unexpected issues when you do update.
If you've already installed the CoE Starter Kit, check our instructions for
- Updating the CoE Starter Kit with a new release
- Extending the CoE Starter Kit
Submit and view feedback for