Improve the governance on Power Platform environments – Govern

No time to read now? How about listening to the article? Try it out in the player below!

In my previous post, we could understand the admin components of the CoE Starter Kit. Once you become familiar with the existing components and organizations, you may use the governance components.

Basically, the governance components are composed of Flows and Apps. In this article, I’ll describe the items I think are more important to understand the process.

Flows

There are some flows to check all the organization to:

Get Apps and flows that could be archived and cleaned up.
Send notification to owers requesting approvals to archived and clean up the App or Flow.
Execute the archiving and cleaning since the owner approve it.

The Kit has the default rules that we can change according to our needs. For instance: by default, the apps and flows that haven’t been modified or launched in the last six months should be archived or cleaned up, but for some organizations, this time can sound long. Therefore you can customize the flow to consider only three months. This is an easy situation, and you can introduce more complexity if you want. Let’s check out more details about the flows!

Archive and Clean Up v2 – Start Approval for Apps and Flows

Checks for apps and flows that haven’t been modified or launched in the last six months (this time span is configurable) and asks the app owner (via flow approvals) whether the App can be deleted. The owner will be notified by:

Flow Approvals UX

CoE - Flow Approval Received Message — Figure 1 – Flow Approval Received Message

E-mail

So, the owner will have many ways to approve or reject the App archiving. Keep in mind this rule is only a suggestion by CoE Starter Kit. You can implement any archiving rule for your organization.

Admin | Archive and Clean Up v2 (Check Approval)

On a scheduled interval, checks for approval responses created by the Start Approval flows described above and, if newly approved, marks the approved date so that the Archive and Clean Up v2 (Clean Up and Delete) flow (described below) can delete it after the user has time to archive.

If approved in the past but before deletion, it sends a reminder to archive the App or flow before deletion.

Admin | Archive and Clean Up v2 (Clean Up and Delete)

Runs daily and does two clean up tasks for the workflow.

Deletes timed out requests. Deletes, from the Archive Approval table, all non-approved requests that were created over a month ago.
Deletes the flows and apps that were approved for deletion more than 3 weeks ago (configurable).

Note: This flow will not delete the apps and flows by default. This is to ensure you explicitly are ready for that to occur. To begin deletion of flows and apps, update the Auto Delete On Archive environment variable to Yes.

Request Orphaned Objects Reassigned (Parent)

Daily, this collects all the orphaned objects in the tenant and attempts to associate them with the manager of the former owner. It then sends a teams bot note to each impacted manager and lets them know that there are objects to clean, and then concurrently calls the child flow for each manager.
For those orphaned objects which cannot resolve to a previous manager, it sends the list to the admin email so that admins know which orphaned objects will need to be cleaned manually.

CoE - Notification Orphaned Objects (Parent) — Figure 3 – Notification Orphaned Objects (Parent)

Request Orphaned Objects Reassigned (Child)

This flow is triggered daily for every manager with objects owned by former employees who have left the company. It shows all the cloud flows and canvas apps owned by the employees that left the company and let the manager decide what they want to do:

Email themselves the list
Take ownership of them all
Delete them all
Assign them all to someone else
See each one individually

CoE - Notification Orphaned Objects (Child) — Figure 4 – Notification Orphaned Objects (Child)

Apps

Now let’s look into the Apps from CoE Kit. It helps the managers and administrators:

Identify what Apps and Flows should be archived and/or cleaned up.
Approve and Reject Cleanup items from other users.
Start a new auditing process to gather all the information from the Apps and Flows to stay in compliance.

Cleanup Old Objects App

As makers are asked to respond if objects are still useful with the Archival flows above, they will sometimes ignore them. In that case, a flow above will send their manager this email.

CoE - Power Platform objects stale - Email message — Figure 5 – Power Platform objects stale – Email message

The manager can click on the link in the mail and be brought to this App for cleaning. They can choose which employee to work on first.

CoE - Cleanup Old Objects App admin view - User selection — Figure 6 – Cleanup Old Objects App admin view – User selection

And then, for each employee, go and either reject the deletion or send a reminder notification.

CoE - Cleanup Old Objects App admin view - User apps — Figure 7 – Cleanup Old Objects App admin view – User apps

They can send the person to the App to do the clean up too, where they will be able to approve/reject deletion for all their objects.

CoE - Cleanup Old Objects App admin view - Send notification — Figure 8 – Cleanup Old Objects App admin view – Send notification

When the users open the Archive Request Clean App, they can see what apps were being requested to be archived and cleaned up.

CoE - Cleanup Old Objects App view — Figure 9 – Cleanup Old Objects App users view

Approval objects will be deleted in 3 weeks, and reject items will exempt the user from asking for 4 weeks. It’s a rule that would be customized according to your need. Also, if you need to request more information from the users, you can customize the App to get it.

App and Flow Archive and Clean Up View

This App gives the admin a view of all objects currently being considered for archival and deletion. Admin can filter to the apps which have been rejected with a note, for example, to review:

And if the reason is sound, they can choose to exempt the object from future runs and consideration for archival and deletion.

CoE - App and Flow Archive and Clean Up view detail — Figure 8 – App and Flow Archive and Clean Up view detail

Developer Compliance Center

This App is used in the auditing process as a tool for users to check whether their App, flow, chatbot, or custom connector is compliant and to submit information to the CoE admins as business justification to stay in compliance.

Once the App is selected, you can add more details to submit the App to compliance.

CoE - Developer Compliance Center App overview — Figure 9 – App overview

This is another App that may be customized. Each organization has a process and different needs to approve their Apps. So, investigate the default process and, if needed, add or remove fields and steps to make your compliance process aligned with the organization.

Conclusion

This solution brings us a great starter to help us to define how we can implement a governance area and how we can do all the objects from the Power Platform to be in compliance, requesting information like:

Business justification, impact, and category
Access management
Dependencies and Data Classification

With that, one more question from the first post is answered: “What do these Apps and Flows do?”.

Furthermore, all the components may be customized. So, If your organization already has a governance process, you just need to change the Apps and Flows to get the additional information, of course, if required, to meet your current process. But, if your organization doesn’t have and doesn’t have an idea how to start, this solution will help a lot.

Next, let’s talk about the Innovation Backlog components and ALM Accelerator for Makers components!

Bye! 😉

Improve the governance on Power Platform environments – Govern

Flows