Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

M365 Governance Speedrun: Power Platform Governance

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige

Hier ansehen

1 von 72 Anzeige

M365 Governance Speedrun: Power Platform Governance

Herunterladen, um offline zu lesen

Create input masks and entire applications, implement and automate processes, simplify and accelerate dialogues with the help of bots, and conjure up splendid reports - all of this and much more is the Power Platform. Whether you drive with low code / no-code approaches, are a user, a citizen developer or pro dev, the tools can be used in a variety of ways. A governance view is important for the use of the Power Platform so that it corresponds to your needs, your requirements and your rules. What is allowed at one company does not have to be allowed at the other company as well. Make the tools your tools and use the possibilities advisedly. In this session, Tomislav shows the various possibilities of governance settings in the Power Platform. Learn what is easy to switch, what can be done via the web interfaces, what options are given via APIs and what you should also look at when looking at governance.

Create input masks and entire applications, implement and automate processes, simplify and accelerate dialogues with the help of bots, and conjure up splendid reports - all of this and much more is the Power Platform. Whether you drive with low code / no-code approaches, are a user, a citizen developer or pro dev, the tools can be used in a variety of ways. A governance view is important for the use of the Power Platform so that it corresponds to your needs, your requirements and your rules. What is allowed at one company does not have to be allowed at the other company as well. Make the tools your tools and use the possibilities advisedly. In this session, Tomislav shows the various possibilities of governance settings in the Power Platform. Learn what is easy to switch, what can be done via the web interfaces, what options are given via APIs and what you should also look at when looking at governance.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Aktuellste (20)

Anzeige

M365 Governance Speedrun: Power Platform Governance

  1. 1. rencore.com Tomislav Karafilov Session 3 Power Platform Governance Make it your platform
  2. 2. rencore.com Tomislav Karafilov Microsoft Business Applications MVP deroso Solutions GmbH, Köln / Bremen @tkarafilov Communities: - MSCCCH (Microsoft Cloud & Collaboration Community Hannover) - Power Platform UserGroup Hannover - … Who am I?
  3. 3. rencore.com Power Platform Governance Make it your platform
  4. 4. rencore.com
  5. 5. rencore.com Governance Rules and procedures Definitions and goals Protection (Information protection) Governance → Guidance, guidelines
  6. 6. rencore.com Governance Customers Company Laws
  7. 7. rencore.com Governance Customers Company Laws Functions of a software Informations / data Documents Interfaces Employees Service provider Software vendor
  8. 8. rencore.com Governance Customers Company Laws Functions of a software Informations / data Documents Interfaces To be created by yourself! Corporate guidelines Employees Service provider Software vendor
  9. 9. rencore.com Governance Find relevant data Protect data Prevent data loss Control data
  10. 10. rencore.com Governance 1. Understand and plan 2. Implement 3. Check
  11. 11. rencore.com Power Platform Make it your platform
  12. 12. rencore.com Power Platform Power Apps Power Automate Power Virtual Agents Power BI Dataverse Connetors Azure Can be used in many places in Microsoft 365!
  13. 13. rencore.com Environments are containers that administrators use to manage apps, flows, connections, and other assets - along with permissions that allow users in the organization to use the resources. Power Platform – Main part: Environments
  14. 14. rencore.com Power Platform Environments Default - Environment Personal productivity Everyone is a maker Dev Test Prod Dev Test Prod Dev Dedicated Shared 1 team (Microsoft 365 Group) Environment 1 team (Microsoft 365 Group) Environment ALM
  15. 15. rencore.com Create new environment
  16. 16. rencore.com • Production (This is intended to be used for permanent work in an organization.) • Default (These are a special type of production environment. Each tenant has a default environment that's created automatically.) • Sandbox (These are non-production environments, which offer features like copy and reset. Sandbox environments are used for development and testing, separate from production.) • Trial (They expire after 30 days and are limited to one user or are subscription bases.) • Developer (They're special environments intended only for use by the owner.) • Microsoft Dataverse for Teams (Dataverse for Teams environments are automatically created for the selected team when you create an app in Teams using the Power Apps app for the first time or install a Power Apps app from the app catalog.) Power Platform Environment Types
  17. 17. rencore.com Create new environment
  18. 18. rencore.com Create new environment
  19. 19. rencore.com Create new environment
  20. 20. rencore.com Create new environment
  21. 21. rencore.com Create new environment
  22. 22. rencore.com • Environments are tied to a geographic location that is configured at the time the environment is created. • Environments can be used to address different audiences and / or different purposes such as development, testing and production. • Data Loss Prevention (DLP) policies can be applied to individual environments or the tenant. • Each tenant has a standard environment in which all licensed Power Apps and Power Automate users can create apps and flows. • Non-standard environments can be created by licensed Power Apps, Power Automate, and Dynamics users. The creation can only be restricted to global administrators and service administrators via a tenant setting. • An environment can have one or no Dataverse instances. Power Platform Environments
  23. 23. rencore.com Environment Settings
  24. 24. rencore.com Environment Settings
  25. 25. rencore.com Environment Settings Product Business Users + permissions Audit and logs Templates Email Integration Data management Encryptioin Resources
  26. 26. rencore.com Environment Settings
  27. 27. rencore.com Environment Power Platform Environments DLP Policies Env. Settings Connectors
  28. 28. rencore.com Who can create an environment?
  29. 29. rencore.com Who can create an environment?
  30. 30. rencore.com Get-TenantSettings walkMeOptOut : False disableNPSCommentsReachout : False disableNewsletterSendout : False disableEnvironmentCreationByNonAdminUsers : False (*) disablePortalsCreationByNonAdminUsers : False (!) disableSurveyFeedback : False disableTrialEnvironmentCreationByNonAdminUsers : False (*) disableCapacityAllocationByEnvironmentAdmins : False disableSupportTicketsVisibleByAllUsers : False powerPlatform : @{search=; teamsIntegration=; powerApps=} search : @{disableDocsSearch=False; disableCommunitySearch=False; disableBingVideoSearch=False} teamsIntegration : @{shareWithColleaguesUserLimit=10000} powerApps : @{disableShareWithEveryone=False; enableGuestsToMake=False} $settings = @{ DisableEnvironmentCreationByNonAdminUsers = $true } Set-TenantSettings $settings PowerShell
  31. 31. rencore.com Who can create an environment?
  32. 32. rencore.com Who can create an environment?
  33. 33. rencore.com Gateways
  34. 34. rencore.com Managing / Monitoring Make it your platform
  35. 35. rencore.com • Power Platform for admins • Power Apps for admins • Power Automate for admins • Power Apps for maker • Power Automate management • PowerShell 5 important connectors (all standard ) and PowerShell
  36. 36. rencore.com • The Power Platform management connector provides access to lifecycle management functions, DLP policy management, and other administrative functions from the BAP API for environments. • API calls per connection - 100 calls in 60 seconds Power Platform für Admins - Standard
  37. 37. rencore.com Power Platform für Admins - Standard
  38. 38. rencore.com • Power Apps management connector for administrators • API calls per connection - 1000 calls in 60 seconds • Currently no triggers Power Apps für Admins - Standard
  39. 39. rencore.com Power Apps für Admins - Standard
  40. 40. rencore.com • Power Apps management connector for administrators • API calls per connection - 1000 calls in 60 seconds • Currently no triggers Power Automate für Admins - Standard
  41. 41. rencore.com Power Automate für Admins - Standard
  42. 42. rencore.com • Power Apps management connector for developers • API calls per connection - 100 calls in 60 seconds • Currently no triggers Power Apps für Entwickler - Standard
  43. 43. rencore.com Power Apps für Entwickler - Standard
  44. 44. rencore.com • Power Automate Management connector enables interaction with the Power Automate Management service. • Example: Flows are created, edited and updated. Administrators who want to perform operations with administrator rights should invoke actions with the suffix “As administrator”. • Connections per account - 50 • Currently no triggers Power Automate Management - Standard
  45. 45. rencore.com Power Automate Management - Standard
  46. 46. rencore.com • PowerShell for Power Apps und Power Automate • 2 modules – Administrator und Maker • Get-PowerAppEnvironment # All environments. • Get-AdminDlpPolicy # All DLP policies • # Get all flows • $flows = Get-AdminFlow • $powerApps = Get-AdminPowerApp PowerShell
  47. 47. rencore.com • https://protection.office.com/unifiedauditlog Office 365 Security & Compliance
  48. 48. rencore.com • Contains Power BI reports, Dataverse, Power Automate Flows, Power Apps, ... • Building Blocks: Core, governance, nurture components • Standalone add-ons: theming, application lifecycle, Innovation Backlog components • Documentation: https://docs.microsoft.com/en- us/power-platform/guidance/coe/starter-kit • On GitHub - https://github.com/microsoft/coe-starter-kit CoE Starter Kit – Center of Excellence
  49. 49. rencore.com CoE Dashboard
  50. 50. rencore.com CoE Dashboard
  51. 51. rencore.com CoE Dashboard
  52. 52. rencore.com CoE Dashboard
  53. 53. rencore.com CoE Dashboard Identify orphaned apps Select Blank in the Owner drop-down list on the rightmost filter pane to find orphaned apps. Orphaned apps, where the app owner has left the organization, will still work for users, but changes or bug fixes can only be made by an owner. It's important, therefore, to identify orphaned apps and find a new owner for them, or work on a retirement plan for those apps.
  54. 54. rencore.com CoE Dashboard
  55. 55. rencore.com • Govern environment creation • Monitoring Dataverse in Teams Capacity and Usage • Managing Data Loss Prevention policies • Teams Admin Center Controls (Block Apps) • Admin and Governance Best Practices • CoE Starter Kit - Center of Excellence (https://powerapps.microsoft.com/en-us/blog/now- available-coe-starter-kit-in-dataverse-for-teams-and-other- improvements/) Microsoft Dataverse for Teams
  56. 56. rencore.com DLP PowerShell Admin and Maker connectors PowerShell Scripts on GitHub https://github.com/tomka75/PowerAdventKalender2020 Demo
  57. 57. rencore.com News Make it your platform
  58. 58. rencore.com Ignite
  59. 59. rencore.com • Power Apps and Power Automate • Usage reports • Maker activity reports • Inventory reporting Power Platform Governance - Tenant-wide analysis
  60. 60. rencore.com Power Platform Governance - Tenant Isolation https://docs.microsoft.com/en-us/power-platform/guidance/adoption/tenant-isolation
  61. 61. rencore.com Power Platform Governance - endpoint filtering for connectors https://docs.microsoft.com/en-us/power-platform-release-plan/2021wave1/power-platform- governance-administration/data-loss-prevention-through-connector-endpoint-filtering
  62. 62. rencore.com Power Platform Governance - Connector Action Control https://docs.microsoft.com/en-us/power-platform-release-plan/2021wave1/power- platform-governance-administration/data-loss-prevention-through-connector-action-control
  63. 63. rencore.com Finally, coming soon, Microsoft Information Protection sensitivity labels will provide a simple way for your users to classify critical content in Microsoft Power Platform without compromising productivity or the ability to collaborate. Update June 29, 2021, by Julie Strauss https://cloudblogs.microsoft.com/powerplatform/2021/06/29/new-power-platform- features-reinforce-end-to-end-security-management-monitoring-and-compliance/
  64. 64. rencore.com Next steps Make it your platform
  65. 65. rencore.com • Work together: Central place for settings / logos / … • Use of components in Power Apps • Use of Power Automate Flows to automate tasks • Document and share informations! Remember: Maintain processing directory according to GDPR for Power Apps and Power Automate Flows when working with personal data!!! Power Platform Governance / Best Practices / How do we want to work?
  66. 66. rencore.com • Level 100 – Initial • Level 200 – Repeatable • Level 300 – Defined • Level 400 – Capable • Level 500 – Efficient Power CAT Adoption Maturity Model https://powerapps.microsoft.com/en-us/blog/power-cat-adoption-maturity-model- repeatable-patterns-for-successful-power-platform-adoption/
  67. 67. rencore.com • Strategy and Vision • Business Value • Admin and Governance • Support • Nurture and Citizen Makers • Automation • Fusion Teams Power CAT Adoption Maturity Model - Details capabilities https://powerapps.microsoft.com/en-us/blog/power-cat-adoption-maturity-model- repeatable-patterns-for-successful-power-platform-adoption/
  68. 68. rencore.com Level 100 Level 200 Level 300 Level 400 Level 500 • Environment s are creatable by all • No Data Loss Prevention policies (DLP) • Power Platform Service Admin role assigned to specific administrators • Default environment covered by DLP controls • Tenant Isolation configured • CoE Starter Kit – Core Module ado pted to gain tenant-wide insights of existing usage • Defined environment, DLP, and request management strategies • Monitoring of app usage and adoption • Monitoring of new connectors, to update DLP policies • License, capacity and consumption monitoring informs decision making • Tiered approach to productivity environments based on maker maturity • Custom environments are used for specific use cases and ALM scenarios • Overshared, unused and orphaned resources are identified and appropriate actions are taken • Reactive governance to automatically gather business and compliance information • CoE Starter Kit – Governance Module adopted to gain compliance insights and archive resources • Telemetry helps identify business-critical apps • Power Platform Operations team looks after tenant hygiene • Maker responsibilities are clearly defined and understood and automatically communicated • Further automation takes place through chatbots embedded in Teams – through clear risk profiles, tasks are auto- approved or routed through multi-step approval processes (e.g. line manager, information security department, environment or tenant admin) • Practices that worked in their organization are shared externally at Microsoft or community events Power CAT Adoption Maturity Model – Admin and Governance
  69. 69. rencore.com Take away Make it your platform
  70. 70. rencore.com • Think about YOUR governance and write thoughts down! • There are more setting options, keep an eye on them! • Also think about the development (share components and ALM) and the usability for the end users! Take away
  71. 71. rencore.com • Reading start: Governance considerations (Dezember 16, 2020) https://docs.microsoft.com/en-us/power-platform/admin/governance-considerations • Power CAT Adoption Maturity Model: Repeatable patterns for successful Power Platform adoption(April 28, 2021) https://powerapps.microsoft.com/en-us/blog/power-cat- adoption-maturity-model-repeatable-patterns-for-successful-power-platform-adoption/ • Administering a low-code development platform - Power Apps and Power Automate Enterprise Deployment (May 2020) https://aka.ms/powerappsadminwhitepaper • Microsoft Power Platform path on Microsoft Learn https://aka.ms/PowerUp • New Power Platform features reinforce end-to-end security, management, monitoring, and compliance https://cloudblogs.microsoft.com/powerplatform/2021/06/29/new- power-platform-features-reinforce-end-to-end-security-management-monitoring-and- compliance/ Links

×