In this post, I’m going to discuss a couple of tips around environment configuration and governance. This isn’t going to guide you through creation of an environment, but will explain one or two of the options you can utilise once you have environments in place within your tenant and how we can set these appropriately based on needs.
Power Platform Settings
So, before we actually get to the environment level, we can look at some Power Platform settings for our entire tenant. The settings we are able to control that apply to the whole organisation cover governance issues. We are able to control who is able to create production and sandbox environments, as well as who can create trial environments. To do this, you need to be a Global admin, or a Power Platform or Dynamics 365 admin. Then using the account with your hightened privileges, you will find these settings by going to the Power Platform Admin Centre and by selecting the settings icon in the top right, then ‘Power Platform Settings’.
In this area, you can also enable tenant-level analytics on your Power Platform environments.
The next thing we can take a look at is at the environment level and specifically look at what details we can change about our environment, which actually includes a couple of options to around access to our environment.
Here we are able to rename our environment, but we can also do something slightly more interesting. We can change the URL of our environment and customise this. This will change the URL we see when we open model-driven apps for example, or Dynamics applications, as well as of course the URL we see when we open the environment in Power Apps!
Further in this pane, we have an area where we can describe the purpose of the environment. These tend to be fields that get missed out because they’re not required for use in my experience, however when working collaboratively or if someone else in the organisation will one day work on Power Platform, which is a definite, you should ensure you have noted the purpose of the environment so people know why it is there and what it is used and implemented for.
Finally, we can add a security group to our environment. This is a highly recommended feature to use against your environment, especially if it is a production environment with live data!
By adding a security group, you restrict environment access to the members of that group. You should keep in mind that members you add will still need a security role with permissions so they can access the data you want them to have access to.
Users of Dynamics?
Does your organisation implement Dynamics 365? If this is the case, you’ll have some maintenance work to do around Dynamics regularly! Microsoft regularly publish updates to Dynamics 365 apps which can include patches for issues, as well as new releases. You can see whether or not your Dynamics applications need updating from within the Dynamics 365 apps section of your environment in the Power Platform admin centre.
It is important to keep your Dynamics apps up to date. By not doing this, you could find yourself encountering issues when your version of Dynamics becomes far behind the latest one released. You could find yourself having to go through multiple update docs to find the changes made which could affect any implemented customisations. So… the tip is… keep Dynamics up-to-date!
When it comes to data governance, I’m going to discuss this at the organisation level… because that’s how it works! In the Power Platform admin centre, we can create Data Loss Prevention policies. This allows us to configure how we want to allow custom connectors to be used in our organisation which could potentially allow data to leave our organisation in a way we don’t want it to… or it could just be that we don’t want data loss to occur through the use of Power Platform tools.
To create DLP policies, we will go to the Data policies tab under policies in the Power Platform admin centre, where we will create a new policy. We will then want to add the environments to the policy that we want to apply the policy to. Now we can configure custom connectors available in our organisation.
We are able to simply block a connector from being used in an environment, or we can select ‘configure connector’ and ‘connector actions’ and then we can turn on and off the actions we want the connector to make available to our app makers and developers who have access to develop in the environment. Finally we can determine whether we want new connector actions to be set to allowed or blocked from deployment.
So… I hope these few tips help to get you started with simple configuration and governance over your Power Platform tenant and environments… the next big tip is to implement the Centre of Excellence starter kit… but I’ll talk about that in a future post. 🙂