In my last post, we looked at an introduction to managed environments for Power Platform. In today’s post we’ll start to look further into limit sharing, and the features managed environments provide to allow greater scalability of Power Platform in your organisation whilst maintaining easy governance and control over the tools being used, and still empowering makers.
In this post, I’ll focus on limiting sharing of canvas apps in Managed Environments.
Configuring options
So, the first thing we can do which we touched on in yesterdays post is to set up Managed Environments.
In the Power Platform Admin Center which you can access at admin.powerplatform.microsoft.com, go to your environments and select the environment with Managed Environments enabled on it already. Then select ‘Edit Managed Environments’ in the menu bar.
Following that you’ll see the options for the managed environment appear, where we can select to either not limit sharing in this environment, or we can exclude sharing with security groups.
If we choose to not allow sharing of canvas apps with security groups, this also prevents the sharing of apps with all users, and we also get the option to decide how many users an app can actually be shared with at any one time. We can either then put no limit on this, or we can specify a number of users.
Surface custom organisation governance error content
So now we’re limiting the amount of users canvas apps can be shared with in our managed environment, makers and app owners will get an error message if they try to share with more people than we allow.
We can go a step further and customise this error message content so that specified governance content appears in these that makes sense in our organisation. You might include things like a like a link to a communications site which explains your organisations Power Platform strategy and approach to Managed Environments.
Let’s look at how to do this.
PowerShell for Power Apps
To customise the error message content we’ll need to use PowerShell so lets set this up first.
Start by running PowerShell as an administrator or in a VSCode window or something like that.
Then we can use the following commands to install PowerShell modules for working with Power Apps.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobberIf you don’t have admin rights on your account, you can use the parameter -Scope CurrentUser to install.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber -Scope CurrentUserTo connect to Power Apps you can use the following command which will allow sign in through a prompt
Add-PowerAppsAccountRun this command and then follow the on screen instructions to login. This also supports multi factor authentication.
Adding governance content and contact info for errors
So, now lets look at how we can customise that error message to give some governance content and someone’s contact details when we try to share with more people than we’re allowed to in a Managed Environment.
Use the following command, replacing the relevant values below to control error message content in your environment.
New-PowerAppDlpErrorSettings -TenantId 'TenantId' -ErrorSettings @{
ErrorMessageDetails = @{
enabled = $True
url = "https://contoso.org/governanceMaterial"
}
ContactDetails= @{
enabled = $True
email = "admin@contoso.com"
}
}You’ll need to replace the value for ‘TenantId’, the value for url within the ErrorMessageDetails object and the value for email within the ContactDetails object.
You can read more about the ability to change these options here – PowerShell support – Power Platform | Microsoft Learn
I hope this post helped you to implement limit sharing further in your organisation when using Managed Environments! Let me know how you like using these features and whether you’re using Managed Environments in your organisation yet.