Managing and Governing the Power Platform at Scale
- Slides: 32
Managing and Governing the Power Platform at Scale Julie Strauss, Principal PM Director Admin, Pro Developer and ISV Experiences for the Power Platform
Microsoft Power Platform The low-code platform that spans Office 365, Azure, Dynamics 365, and standalone applications Innovation anywhere. Unlocks value everywhere. Power BI Business analytics Data connectors Power Apps Power Automate Power Virtual Agents Application development Process automation Intelligent virtual agents Portals AI Builder Common Data Service
Microsoft Power Platform momentum >3 M >700% >300% Monthly active developers on the Power Platform Power Apps growth in production apps in the last year Power Apps growth in monthly active users in the last year >25 M 97% >25 B Data models hosted in the Power BI service of Fortune 500 companies using Power BI Power Automate steps run each day
Power Platform is designed for everyone End users Pro developers IT Professionals
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Setup data loss prevention policies ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Apply the layers of security ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Announcing One Unified Admin Center
Demo
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Setup data loss prevention policies ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Apply the layers of security ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Layers of Security
Se cur e The Layers of Security Cross Tenant level Environment level Resource level Common Data Service Native integration to Azure Active Directory provides build in support for conditional access to the Power Platform for all users in AAD Environments, also know as management containers – have two built-in security roles that provide access to permissions within an environment Resource level permissions allows for control of user privileges to create resources like apps, flows, custom connectors etc. … Common Data Service, offers a wealth of rich business logic including a powerful security model, where role-based security can group together a collection of privileges and allows for record and field level security
Setting up and managing Environments
Environment key facts Environments are tied to a geographic location that is configured at the time the environment is created Environments can be used to target different audiences and/or for different purposes such as dev, test and production Every tenant has a Default environment where all licensed Power Apps and Power Automate users can create apps & Power Automates Non-default environments offer more control around permissions Non-default environment creation can be restricted to only global and service admins from the Power Platform admin center: https: //aka. ms/ppac Se cur e
Managing access to external data sources: Data Loss Prevention Policies
Secure Your Data with Data Loss Prevention (DLP)) Data loss prevention policies (DLP) enforce rules for which connectors can be used when building apps and flows connecting to data not hosted in the Common Data Service Connectors are classified as either Business or None Business Data A connector in the Business group can only be used with other connectors from that group in the same app or Power Automate Tenant admins can define policies that apply to all environments New: Introducing the ability to fully block usage of 3 rd party connectors (standard and premium) as well as Microsoft owned premium connectors Se cur e
Demo Environment Creation and Management
Environment and data loss prevention setup Dev Test Prod Finance Create a policy spanning all environments that blocks all unsupported non-Microsoft connectors and classifies all Microsoft connectors as ‘Business Data’ #3: Create dedicated environments with less restrictive policies for certain application environments 2. Create a policy for the default environment (and other training environments) that further restricts which Microsoft connectors are classified as ‘Business Data’ #2: Restrict ‘business data’ connectors (e. g. only Office 365 connectors are business data) 3. Create additional policies or exclude those environment from policies #1 and #2 above that permit certain connectors or connector combinations to be used for specific environments 1) Block selected non-Microsoft non -standard connectors (e. g. Dropbox, social media) Training Microsoft Confidential: Content is shared under NDA with Microsoft CAB members cur e 1. Dev Test Prod Marketing Se
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Apply the layers of security ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Setup data loss prevention policies ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Mo nit Gain Insight in the Power Platform Admin Center Power Apps Analytics CDS Analytics Power Automate Analytics Providing analytics of adoption, usage, and health across these services or
Ale Office 365 Activity Logging integrated with Office Security and Compliance center for comprehensive logging across Microsoft services The audit records are stored in Office 365 Security and Compliance center Office provides an API to query this data, which is currently used by many SIEM vendors to use the Activity Logging data for reporting rt
Cross Tenant Usage Dashboard Build using the Co. E Starter Kit backed by telemetry from the O 365 Activity Logging capabilities
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Apply the layers of security ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Setup data loss prevention policies ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Ale Establish and automate your audit process Power Apps for Admins Microsoft. Power Apps. Power. Shell Flow Management Power Platform for Admins Power Apps. Admin Power. Shell • Create workflows using management connectors to permit or restrict behavior • Co. E starter kit comes with its own audit workflow: • Apps are identified by a flow based on criteria such as the app is shared with > 20 Users or at least 1 group and the business justification details have not been provided • Developer Compliance Center where the maker can provide a justification • Admin business process workflow for approval rt
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Apply the layers of security ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Setup data loss prevention policies ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Power Apps Build Tools ALM Powered by Azure Dev. Ops Initiate Build Release Getting started, faster Build and Test Automation Automated, Predictive, Repeatable Create Repo Export Unmanaged Unpack Solution Check in to source Provision Environment Deploy Dependencies Pack Source Code from Repo Import Solution Initial Build Pipeline instantiates pristine Development Environment daily, exports solutions and unpack to Source Control Run Unit Test Run Power Apps Checker Export Solution Unpack to Repo Run Unit Test Pack Solution Build Pipeline Automates manual steps. No more upload to Solution checker and manually export solution, unpack and push to repo Powered by Azure Dev. Ops and Git Run Solution Checker Run Integration Test Import as unmanaged Increment Version Automated Release Pipeline removes manual steps. Weekly, daily or hourly releases becomes the new standard Export Managed
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Apply the layers of security ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Setup data loss prevention policies ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Evangelism and Training Evangelism Community development Training & support App in a Day workshops Hackathons with real business scenarios Tech talks / best practices Show and Tell Share success stories Create internal community of champions Yammer / Teams channel Internal portal / Share. Point site Monthly newsletters Individual recognition Internal training resources Learning tracks – beginner, intermediate, advanced admin Regular office hours Download here now https: //aka. ms/COEStarter. Kit Powerful resources to support your nurture motion § All up view of what’s being created § Ability to discover your champions § Templates for nurture outreach and education
Governance – Practically Applied Secure Monitor Alert ü Define and execute on your environment strategy ü Review out-of-box analytics ü Automate management & policies using mgn connectors ü Apply the layers of security ü Configure audit logs to monitor usage ü Detect anomalies on audit events to trigger alerts ü Setup data loss prevention policies ü Extract telemetry for ad-hoc reporting ü Trigger compliance detail request and flows for auditing support Deploy and Manage Learn ALM best practices Script management automation with cmdlets Automate full ALM using Azure Dev. Ops Nurture and educate Establish a Center of Excellence Educate new makers Foster best practices
Roadmap
Roadmap Investments Data Loss Prevention Enhancements Admin and governance Analytics Admin Center Unification & GCC Parity Fully automatable ALM
Data Loss Prevention (DLP) Roadmap Strong Fundamentals Powerful Controls MIP Ready Intuitive Experience Ability to block connectors HTTP Connector parity MIP Alignment with Office DLP UX integration in PPAC Tenant Isolation – Allow list DLP change assessment at launch time Standalone MIP within Power Platform Impact analysis of DLP Endpoint filtering control CDS connector under DLP purview MIP Alignment with SQL Connector action control Audit logs of DLP changes Implicit sharing control Email header support User identity support in DLP Custom connector parity Tenant Isolation – UX control Content label protection and compliance scanning in CDS Connection endpoint audit to identify risks Policy hierarchy & templates Policy scoping & hygiene Policy interaction summary Policy telemetry Default DLP alignment of new connectors Apr 2020 Oct 2020 Stretch Oct 2020+
Call to Action free community plan https: //aka. ms/COEStarter. Kit - Admin in a Day: https: //aka. ms/admininaday New Power Platform Admin White Paper Microsoft Confidential: Content is shared under NDA with Microsoft CAB members