Power Platform is ‘free’
Microsoft products have some Power Platform capabilities seeded in them. For example, most Microsoft Office plans come with some use-rights on Power Platform, which means that everyone with a license could create apps and workflows. This cannot be turned off.
Unfortunately, many organisations look at governance too late when things are like a Wild West AI generated image.
Apps and flows need to be managed
The default state of Microsoft tenants (and IT teams) is not set up for governance. There are loopholes. Here are a few examples of what can happen when these loopholes are left open.
- Data loss – Users can accidentally or intentionally create connections to any of over 1300 services, using their work or personal account credentials (eg, for each email recieved, save attachment to a personal Dropbox account)
- Sensitive data available to all – a semi-tech savvy user creates a HR onboarding app using Power Apps and a SharePoint list, but the list isn’t secured properly and new starter salary information is available for those that snoop around.
- Critical app in production – John created an app to fill a gap. It’s great, and is used by a team of 15 every day. But it has bugs and each time he changes it something else breaks. There is no developer environment, John is stuck.
- Workflows suddenly break – Alice created a bunch of super-useful Power Automate flows that manage her teams client onboarding. Alice left 4 months ago, but we can’t turn off her account because lots of things break. This is a security risk.
Why does this happen?
There are about 10-15 things that each IT team should know about Power Platform, and make informed decisions about what to do about each of them. Here are three examples:
- Implement Centre of Excellence Starter Kit Inventory & audit components – these components will gather information about all the apps and flows in your tenant, and how often they are used. This data is gold – it can inform what you need to focus on as an IT team and helps start the clean up process.
- Manage the Default environment – best practice is to lock down the Default environment so that only Microsoft products can be used in apps and flows (this is done by implementing Data Loss Prevention). A good idea is to rename the environment to clearly show it’s intent – we recommend calling it “Personal Productivity”.
- Manage product trial sign ups – users can instantly sign up for free trials across Power Platform and it’s a good idea to either disable these, or create a workflow where users can request a trial.
- Be intentional about who can create environments – by default, anyone can create any type of environment and this should be locked down. for example you can allow users to create Developer environments but not Production ones.
There are a few more to go through – contact us for a discussion and a free copy of our checklist.
A risk or a signal?
It’s important to remember that each interaction an end user has with Power Platform can be seen as a risk to be locked down or as a signal that there is interest to innovate. Lock it down is the default position of many IT teams, although this is changing. You can configure Power Platform for either posture, or somewhere in between.
Your next step
If you’re looking for help with App Inventory & Security Audit, we offer a competitively priced Governance Package. This includes CoE Install, a full interpretation of the results including recommendations and a one-day admin training session. Contact us using the form above for a discussion.