Plan your deployment


Your deployment of the Power Platform with Microsoft Dataverse will go more smoothly with some initial preliminary planning. Microsoft Power Platform adoption best practices provides guidance designed to help you create and implement the business and technology strategies necessary for your organization to succeed with Microsoft Power Platform.

Administrative roles

There are several administrative roles available to assign to users when you manage your subscription in the Microsoft Online Services environment. Administrative roles define administrative responsibilities related to subscription management activities, for example, billing administration, password administration, and user management administration.

From a Power Platform standpoint, there are two Microsoft Power Platform–related service admin roles you can assign to provide a high level of admin management:

  • Dynamics 365 admin

  • Microsoft Power Platform admin

To help you administer environments and settings, you can assign users the Microsoft Power Platform admin role to manage Microsoft Power Platform at the tenant level. These admin roles can be assigned from the Microsoft 365 admin center.

Adding an environment to your subscription

Environments are containers that administrators can use to manage apps, flows, connections, and other assets, along with permissions to allow organization members to use the resources. You can add different environments to a tenant.

Each environment is created under an Azure Active Directory (Azure AD) tenant, and its resources can only be accessed by users within that tenant. An environment is also bound to a geographic location, like the United States. When you create an app in an environment, that app is routed only to datacenters in that geographic location. Any items that you create in that environment (including chatbots, connections, gateways, flows using Microsoft Power Automate, and more) are also bound to their environment's location.

Every environment can have zero or one Microsoft Dataverse database, which provides storage for your apps and chatbots. Whether you can create a database for your environment depends on the license you purchase for Power Apps and your permissions within that environment.

When you create an app in an environment, that app is only permitted to connect to the data sources that are also deployed in that same environment, including connections, gateways, flows, and Dataverse databases. For example, consider a scenario where you've created two environments named Test and Dev, and created a Dataverse database in each of the environments. If you create an app in the Test environment, it will only be permitted to connect to the Test database; it won't be able to connect to the 'Dev' database.

Environments have two built-in roles that provide access to permissions within an environment:

  • Environment Admin - Can perform all administrative actions on an environment, including the following:

    • Add or remove a user or group from either the Environment Admin or Environment Maker role.

    • Provision a Dataverse database for the environment.

    • View and manage all resources created within the environment.

    • Set data loss prevention policies.

  • Environment Maker - Can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Power Automate.

Non-Production/Sandbox environments

A Sandbox environment is any non-production environment. Since they're isolated from production environments, a Sandbox environment is the place to safely develop and test application changes with low risk.

Some of the major advantages a non-Production/Sandbox environment offer are:

  • Evaluate new functions before they're introduced to your Production environment: a Sandbox environment can be updated before Production so you can test all your functionality before applying the update to Production.

  • Access control: a sandbox environment can be placed in Administrative Mode to allow only users with System Administrators or System Customizer security roles to access the environment.

  • Copy and Restore: you can copy the customizations and data from a Production environment into a Sandbox environment

  • Training: after a full copy from production into a sandbox environment, you get an amazing training environment. Users will be able to experience the full capabilities of their Production solution without being afraid of adding or deleting test data during training that could disrupt the data quality maintained in Production.

  • Test new apps: a sandbox environment is a great place to install solutions and apps to be tested and considered for Production. After testing an app, the users can be trained in Sandbox ahead of the app deployment day into Production.

You can learn more about working with Sandboxed environments here: Sandbox environment.

Production environments

These environments are intended to be used for permanent work in an organization. It can be created and owned by an administrator or anyone with a Power Apps license, provided there's 1-GB available database capacity. These environments are also created for each existing Dataverse database when it's upgraded to version 9.0 or later. Production environments are what you should use for any environments on which you depend.

Switching an environment

It's important to spend time planning and designing your implementation, but you'll always have the opportunity to switch the environment type from Production to Sandbox, and from Sandbox to Production if needed.

For example, if you took a backup of a Production environment before installing a Solution and you noticed that solution is giving you some issues after the installation, or perhaps you're even unable to remove the solution, you can restore from your backup; however, you can't restore backups into a Production environment, the environment will have to be switched to Sandbox first, then you can proceed restoring from the backup, and then switch to Production again. This limitation has been placed in order to avoid accidental overwrites of your Production environment.

Dataverse for Teams

Microsoft Dataverse for Teams delivers a built-in, low-code data platform for Microsoft Teams. It provides relational data storage, rich data types, enterprise-grade governance, and one-click solution deployment. A Dataverse for Teams environment is automatically created for the selected team when you create an app or bot in Microsoft Teams for the first time or install a Power Apps app from the app catalog for the first time. The Dataverse for Teams environment is used to store, manage, and share team-specific data, apps, and flows.

Each team can have one environment, and all data, apps, bots, and flows created with the Power Apps app inside a team are available from that team's Dataverse for Teams database.

Security in Dataverse for Teams aligns to how security is handled in Teams, with a focus on Owners, Members, and Guests.

You can learn more about Dataverse for Teams environments here: Dataverse for Teams.

Environment details

You can see specific details related to your environments by selecting an individual environment in the Power Platform admin center. See some of the details of your environments by selecting an environment. Select See all to see more environment details.

Environment details as viewed from the admin center.

Select Edit to review and edit environment details.

More environment details from the admin center.

Environment Strategies

Developing an environment strategy means configuring environments and other layers of data security in a way that supports productive development in your organization, while securing and organizing resources. A strategy to manage environment provisioning and access, and controlling resources within them, is important to:

  • Secure data and access.

  • Understand how to use the default environment correctly.

  • Manage the correct number of environments to avoid sprawl and conserve capacity.

  • Facilitate application lifecycle management (ALM).

  • Organize resources in logical partitions.

  • Support operations (and helpdesk) in identifying apps that are in production by having them in dedicated environments.

  • Ensure data is being stored and transmitted in acceptable geographic regions (for performance and compliance reasons).

  • Ensure isolation of applications being developed.

You can learn more about establishing an environment strategy here: Establishing an environment strategy.