M365 Governance Speedrun: Power Platform Governance

1. rencore.com Tomislav Karafilov Session 3 Power Platform Governance Make it your platform

2. rencore.com Tomislav Karafilov Microsoft Business Applications MVP deroso Solutions GmbH, Köln / Bremen @tkarafilov Communities: - MSCCCH (Microsoft Cloud & Collaboration Community Hannover) - Power Platform UserGroup Hannover - … Who am I?

3. rencore.com Power Platform Governance Make it your platform

4. rencore.com

5. rencore.com Governance Rules and procedures Definitions and goals Protection (Information protection) Governance → Guidance, guidelines

6. rencore.com Governance Customers Company Laws

7. rencore.com Governance Customers Company Laws Functions of a software Informations / data Documents Interfaces Employees Service provider Software vendor

8. rencore.com Governance Customers Company Laws Functions of a software Informations / data Documents Interfaces To be created by yourself! Corporate guidelines Employees Service provider Software vendor

9. rencore.com Governance Find relevant data Protect data Prevent data loss Control data

10. rencore.com Governance 1. Understand and plan 2. Implement 3. Check

11. rencore.com Power Platform Make it your platform

12. rencore.com Power Platform Power Apps Power Automate Power Virtual Agents Power BI Dataverse Connetors Azure Can be used in many places in Microsoft 365!

13. rencore.com Environments are containers that administrators use to manage apps, flows, connections, and other assets - along with permissions that allow users in the organization to use the resources. Power Platform – Main part: Environments

14. rencore.com Power Platform Environments Default - Environment Personal productivity Everyone is a maker Dev Test Prod Dev Test Prod Dev Dedicated Shared 1 team (Microsoft 365 Group) Environment 1 team (Microsoft 365 Group) Environment ALM

15. rencore.com Create new environment

16. rencore.com • Production (This is intended to be used for permanent work in an organization.) • Default (These are a special type of production environment. Each tenant has a default environment that's created automatically.) • Sandbox (These are non-production environments, which offer features like copy and reset. Sandbox environments are used for development and testing, separate from production.) • Trial (They expire after 30 days and are limited to one user or are subscription bases.) • Developer (They're special environments intended only for use by the owner.) • Microsoft Dataverse for Teams (Dataverse for Teams environments are automatically created for the selected team when you create an app in Teams using the Power Apps app for the first time or install a Power Apps app from the app catalog.) Power Platform Environment Types

22. rencore.com • Environments are tied to a geographic location that is configured at the time the environment is created. • Environments can be used to address different audiences and / or different purposes such as development, testing and production. • Data Loss Prevention (DLP) policies can be applied to individual environments or the tenant. • Each tenant has a standard environment in which all licensed Power Apps and Power Automate users can create apps and flows. • Non-standard environments can be created by licensed Power Apps, Power Automate, and Dynamics users. The creation can only be restricted to global administrators and service administrators via a tenant setting. • An environment can have one or no Dataverse instances. Power Platform Environments

23. rencore.com Environment Settings

25. rencore.com Environment Settings Product Business Users + permissions Audit and logs Templates Email Integration Data management Encryptioin Resources

27. rencore.com Environment Power Platform Environments DLP Policies Env. Settings Connectors

28. rencore.com Who can create an environment?

30. rencore.com Get-TenantSettings walkMeOptOut : False disableNPSCommentsReachout : False disableNewsletterSendout : False disableEnvironmentCreationByNonAdminUsers : False (*) disablePortalsCreationByNonAdminUsers : False (!) disableSurveyFeedback : False disableTrialEnvironmentCreationByNonAdminUsers : False (*) disableCapacityAllocationByEnvironmentAdmins : False disableSupportTicketsVisibleByAllUsers : False powerPlatform : @{search=; teamsIntegration=; powerApps=} search : @{disableDocsSearch=False; disableCommunitySearch=False; disableBingVideoSearch=False} teamsIntegration : @{shareWithColleaguesUserLimit=10000} powerApps : @{disableShareWithEveryone=False; enableGuestsToMake=False} $settings = @{ DisableEnvironmentCreationByNonAdminUsers = $true } Set-TenantSettings $settings PowerShell

33. rencore.com Gateways

34. rencore.com Managing / Monitoring Make it your platform

35. rencore.com • Power Platform for admins • Power Apps for admins • Power Automate for admins • Power Apps for maker • Power Automate management • PowerShell 5 important connectors (all standard ) and PowerShell

36. rencore.com • The Power Platform management connector provides access to lifecycle management functions, DLP policy management, and other administrative functions from the BAP API for environments. • API calls per connection - 100 calls in 60 seconds Power Platform für Admins - Standard

37. rencore.com Power Platform für Admins - Standard

38. rencore.com • Power Apps management connector for administrators • API calls per connection - 1000 calls in 60 seconds • Currently no triggers Power Apps für Admins - Standard

39. rencore.com Power Apps für Admins - Standard

40. rencore.com • Power Apps management connector for administrators • API calls per connection - 1000 calls in 60 seconds • Currently no triggers Power Automate für Admins - Standard

41. rencore.com Power Automate für Admins - Standard

42. rencore.com • Power Apps management connector for developers • API calls per connection - 100 calls in 60 seconds • Currently no triggers Power Apps für Entwickler - Standard

43. rencore.com Power Apps für Entwickler - Standard

44. rencore.com • Power Automate Management connector enables interaction with the Power Automate Management service. • Example: Flows are created, edited and updated. Administrators who want to perform operations with administrator rights should invoke actions with the suffix “As administrator”. • Connections per account - 50 • Currently no triggers Power Automate Management - Standard

45. rencore.com Power Automate Management - Standard

46. rencore.com • PowerShell for Power Apps und Power Automate • 2 modules – Administrator und Maker • Get-PowerAppEnvironment # All environments. • Get-AdminDlpPolicy # All DLP policies • # Get all flows • $flows = Get-AdminFlow • $powerApps = Get-AdminPowerApp PowerShell

47. rencore.com • https://protection.office.com/unifiedauditlog Office 365 Security & Compliance

48. rencore.com • Contains Power BI reports, Dataverse, Power Automate Flows, Power Apps, ... • Building Blocks: Core, governance, nurture components • Standalone add-ons: theming, application lifecycle, Innovation Backlog components • Documentation: https://docs.microsoft.com/en- us/power-platform/guidance/coe/starter-kit • On GitHub - https://github.com/microsoft/coe-starter-kit CoE Starter Kit – Center of Excellence

49. rencore.com CoE Dashboard

53. rencore.com CoE Dashboard Identify orphaned apps Select Blank in the Owner drop-down list on the rightmost filter pane to find orphaned apps. Orphaned apps, where the app owner has left the organization, will still work for users, but changes or bug fixes can only be made by an owner. It's important, therefore, to identify orphaned apps and find a new owner for them, or work on a retirement plan for those apps.

55. rencore.com • Govern environment creation • Monitoring Dataverse in Teams Capacity and Usage • Managing Data Loss Prevention policies • Teams Admin Center Controls (Block Apps) • Admin and Governance Best Practices • CoE Starter Kit - Center of Excellence (https://powerapps.microsoft.com/en-us/blog/now- available-coe-starter-kit-in-dataverse-for-teams-and-other- improvements/) Microsoft Dataverse for Teams

56. rencore.com DLP PowerShell Admin and Maker connectors PowerShell Scripts on GitHub https://github.com/tomka75/PowerAdventKalender2020 Demo

57. rencore.com News Make it your platform

58. rencore.com Ignite

59. rencore.com • Power Apps and Power Automate • Usage reports • Maker activity reports • Inventory reporting Power Platform Governance - Tenant-wide analysis

60. rencore.com Power Platform Governance - Tenant Isolation https://docs.microsoft.com/en-us/power-platform/guidance/adoption/tenant-isolation

61. rencore.com Power Platform Governance - endpoint filtering for connectors https://docs.microsoft.com/en-us/power-platform-release-plan/2021wave1/power-platform- governance-administration/data-loss-prevention-through-connector-endpoint-filtering

62. rencore.com Power Platform Governance - Connector Action Control https://docs.microsoft.com/en-us/power-platform-release-plan/2021wave1/power- platform-governance-administration/data-loss-prevention-through-connector-action-control

63. rencore.com Finally, coming soon, Microsoft Information Protection sensitivity labels will provide a simple way for your users to classify critical content in Microsoft Power Platform without compromising productivity or the ability to collaborate. Update June 29, 2021, by Julie Strauss https://cloudblogs.microsoft.com/powerplatform/2021/06/29/new-power-platform- features-reinforce-end-to-end-security-management-monitoring-and-compliance/

64. rencore.com Next steps Make it your platform

65. rencore.com • Work together: Central place for settings / logos / … • Use of components in Power Apps • Use of Power Automate Flows to automate tasks • Document and share informations! Remember: Maintain processing directory according to GDPR for Power Apps and Power Automate Flows when working with personal data!!! Power Platform Governance / Best Practices / How do we want to work?

66. rencore.com • Level 100 – Initial • Level 200 – Repeatable • Level 300 – Defined • Level 400 – Capable • Level 500 – Efficient Power CAT Adoption Maturity Model https://powerapps.microsoft.com/en-us/blog/power-cat-adoption-maturity-model- repeatable-patterns-for-successful-power-platform-adoption/

67. rencore.com • Strategy and Vision • Business Value • Admin and Governance • Support • Nurture and Citizen Makers • Automation • Fusion Teams Power CAT Adoption Maturity Model - Details capabilities https://powerapps.microsoft.com/en-us/blog/power-cat-adoption-maturity-model- repeatable-patterns-for-successful-power-platform-adoption/

68. rencore.com Level 100 Level 200 Level 300 Level 400 Level 500 • Environment s are creatable by all • No Data Loss Prevention policies (DLP) • Power Platform Service Admin role assigned to specific administrators • Default environment covered by DLP controls • Tenant Isolation configured • CoE Starter Kit – Core Module ado pted to gain tenant-wide insights of existing usage • Defined environment, DLP, and request management strategies • Monitoring of app usage and adoption • Monitoring of new connectors, to update DLP policies • License, capacity and consumption monitoring informs decision making • Tiered approach to productivity environments based on maker maturity • Custom environments are used for specific use cases and ALM scenarios • Overshared, unused and orphaned resources are identified and appropriate actions are taken • Reactive governance to automatically gather business and compliance information • CoE Starter Kit – Governance Module adopted to gain compliance insights and archive resources • Telemetry helps identify business-critical apps • Power Platform Operations team looks after tenant hygiene • Maker responsibilities are clearly defined and understood and automatically communicated • Further automation takes place through chatbots embedded in Teams – through clear risk profiles, tasks are auto- approved or routed through multi-step approval processes (e.g. line manager, information security department, environment or tenant admin) • Practices that worked in their organization are shared externally at Microsoft or community events Power CAT Adoption Maturity Model – Admin and Governance

69. rencore.com Take away Make it your platform

70. rencore.com • Think about YOUR governance and write thoughts down! • There are more setting options, keep an eye on them! • Also think about the development (share components and ALM) and the usability for the end users! Take away

71. rencore.com • Reading start: Governance considerations (Dezember 16, 2020) https://docs.microsoft.com/en-us/power-platform/admin/governance-considerations • Power CAT Adoption Maturity Model: Repeatable patterns for successful Power Platform adoption(April 28, 2021) https://powerapps.microsoft.com/en-us/blog/power-cat- adoption-maturity-model-repeatable-patterns-for-successful-power-platform-adoption/ • Administering a low-code development platform - Power Apps and Power Automate Enterprise Deployment (May 2020) https://aka.ms/powerappsadminwhitepaper • Microsoft Power Platform path on Microsoft Learn https://aka.ms/PowerUp • New Power Platform features reinforce end-to-end security, management, monitoring, and compliance https://cloudblogs.microsoft.com/powerplatform/2021/06/29/new- power-platform-features-reinforce-end-to-end-security-management-monitoring-and- compliance/ Links

M365 Governance Speedrun: Power Platform Governance

Du liest eine Vorschau.

Hier ansehen

M365 Governance Speedrun: Power Platform Governance

Weitere Verwandte Inhalte

Aktuellste (20)

Empfohlen (20)

M365 Governance Speedrun: Power Platform Governance