Improve the governance on Power Platform environments – Admin

No time to read now? How about listening to the article? Try it out in the player below!

In the last post, we had an overall of the components (Environments, Apps, Flows, etc.) we have on our organization. Now, let’s look into what Apps the CoE Starter Kit provides to administer it.

Admin – Command Center

A canvas app is used by admins as a starting point to launch other apps in the CoE Starter Kit and review content relevant to admins like:

  • Launch CoE Starter Kit apps and other bookmarks.
  • Review the service health by checking sync flows that have recently failed.
  • Update environment variables used in the CoE Starter Kit.
  • View Microsoft 365 Message Center news related to Microsoft Power Platform.
  • Download the latest CoE Starter Kit version and raise support tickets with the team.
  • Launch Microsoft Learn learning paths to learn more about Microsoft Power Platform.
  • Launch the latest posts of the Power Apps, Power Automate, Power BI and Power Virtual Agent blogs.
  • Configure email subject and body text for emails sent through the CoE Starter Kit.
Admin Command Center View
Figure 1 – Admin Command Center View

You can also manage and change the environment settings by using only one App. Besides that, this App provides bookmarks to open support tickets or learn about the platform.

Admin – App & Flow Permission Center

This App allows the administrators to manage the access of the Apps. They can choose to see all the Apps by organization or owner and check there are orphaned Apps.

CoE - Adding permission to the users to access the App
Figure 2 – Adding permission to the users to access the App

DLP (Data Loss Prevention Editor) V2

DLP Editor v2 is a canvas app that reads and updates data loss prevention (DLP) policies while showing a list of apps and flows impacted by the policy configurations.

  • Make changes to DLP policies.
  • See what impact each change will have.
  • Mitigate the risk by contacting makers.
Data Loss Protection Editor V2
Figure 3 – Data Loss Prevention Editor V2

You can create data loss prevention (DLP) policies that can act as guardrails to help prevent users from unintentionally exposing organizational data. DLP policies can be scoped at the environment level or tenant level. For tenant-level policies, you can define the scope to be all environments, selected environments, or all environments except ones you specifically exclude. Environment-level policies can be defined for one environment at a time.

DLP policies enforce rules for which connectors can be used together by classifying connectors as either Business or Non-Business. If you put a connector in the Business group, it can only be used with other connectors from that group in any given app or flow. Also, you might want to block the usage of specific connectors altogether by classifying them as Blocked.

Managing Environments

On the CoE Starter kit, two canvas apps are designed to easily submit requests for Power Platform Environments and manage these requests.

Sometimes the Makers need a new environment to start the creation of the new App, so they can submit requests using the app Environment Request.

CoE - New Environment Creation Request
Figure 4 – New Environment Creation Request

Once the Makers finish the request, they will start the following flow to get approvals from the Power Platform administrators.

CoE - Approval flow to create new environments
Figure 5 – Approval flow to create new environments

Note: The flow may be customized according to the organization’s needs.

You can notice the administrator only need to approve the request to create the environment. We don’t need any human action or code to do that.

Once the new request is submitted, the administrator’s group will receive an alert by e-mail to check the new request. The admin team can approve or reject it.

CoE - Environment Request
Figure 6 – Environment Request
CoE - Details about the environment requested
Figure 7 – Details from the environment requested

Here we can see detail about the environment, users, securities groups, and connectors that will be part of the environment.


  • Ensure you create and set up security group to the environment.
  • Ensure to add DLP (Data Loss Prevention) for all environments and connectors. It’s crucial to keep the data secure.

Both apps may be extended to request/approve information like:

  • What tables and fields will be part of the App?
  • Are there sensitive or confidential data on this App?

It helps you manage access to data and comply with existing privacy regulations (GDPR, LGPD, CCPA, POPI). Do you remember the question on the first post, “What data are being used?”? Here we can start to manage it πŸ™‚

App Catalog

This App gives you an overview of some apps of your organization. Here you can:

  • See what connectors the app uses
  • Launch App
  • Look at review and leave one
  • Request access
  • Contact Maker
App Catalog View
Figure 8 – App Catalog View

To show the Apps on this catalog, the admin needs to set Yes on the field “In App Catalog” in the table called Apps. Also, you can implement an audit process where you’ll decide what Apps should be visible in this area.

Audit Process View - Enable App on catalog
Figure 9 – Audit Process View – Enable App on catalog

The CoE Start Kit has audit process samples that you may change according to the organization’s needs.

Maker – Command Center

This screen is an excellent place that gathers a lot of assets since Apps, Power Platform New, and courses to create amazing Apps.

CoE - Maker Command Center View
Figure 10 – Maker Command Center View

I believe this App can be extended to add the organization process and policies documents, so the Marker can understand how they can create Apps following the documentation available. So, if you have implemented the CoE, here may be the place to share content with your Makers.


It’s an excellent Starter kit that provides many apps and processes to manage your environment. You can start implementing the component’s access administration and improving data security. Also, it gives the flexibility to change the standards processes according to organization needs. The apps will allow:

  • Control the requests to create or access environments.
  • Promote a approval flow.
  • Manage permission of Apps and Flows.
  • To be compliance with privacy regulations regarding the confidential and sensitive data access.

So, if you really want to admin your organization, here are the right apps!

Next, Let’s talk about the governance components.

Stay tuned! πŸ˜‰

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: