As organizations increasingly rely on Microsoft Power Platform, IT teams must ensure effective governance and management to improve adoption rates, enhance security, and reduce sprawl.
While digital tools are available to help IT administrators manage and govern their Power Platform workspaces, it’s crucial to understand which solutions work best for each organization to achieve optimal outcomes.
In this blog post, we’ll explore Microsoft’s native tools for Power Platform management and governance and look into how you can further enhance these capabilities to maximize the platform’s potential.
Microsoft offers three primary tools for managing and governing Power Platform: Admin Center, CoE Starter Kit, and Managed Environments.
Each tool offers different capabilities that may be suitable depending on the organization’s size and requirements. For example, some tools may be more scalable, providing better coverage for larger organizations. Others may offer customizable capabilities, providing organizations with better options to address their unique requirements.
Here’s a closer look into each of them:
1. Power Platform Admin Center
The Power Platform Admin Center offered by Microsoft hosts the most essential functions and capabilities for Power Platform admins and makers. It’s a centralized portal for admins to manage environments and settings across Power Apps, Power Automate, Power Pages, and Power Virtual Agents, which then provides makers with access and functions they need to work in Power Platform.
The Admin Center is scalable, so even organizations with a large user base can use it to manage their operations effectively.
While no additional licensing is needed, specific users need admin permissions to configure the Admin Center settings.
2. Center of Excellence (CoE) Starter Kit
With a focus on Power Apps, Power Automate, and Power Virtual Agents, Microsoft’s Center of Excellence (CoE) Starter Kit is a set of tools and components aimed at guiding organizations to develop a strategy to get started with Power Platform.
The CoE provides admins with templates and formulas to accomplish specific Power Platform management goals. The templates are designed to provide an effective solution for basic governance tasks such as getting an inventory for Power Platform elements and setting up inactivity notification processes for orphaned apps and flows. However, they may not necessarily offer the exact functionalities organizations require, which means admins still need to make adjustments to execute custom tasks.
While it mainly leverages the administrative functions of Microsoft’s Power Platform Admin Center, the CoE Starter Kit requires manual effort to maintain and update, which will consume additional time, effort, and resources for IT teams. Additional licenses may also be required for supplementary governance and compliance capabilities.
Managed Environments offers a range of features that enable administrators to manage Power Platform at scale efficiently. These capabilities are readily available within Power Platform Admin Center and can be utilized independently, or with the CoE Starter Kit to provide more control and insights.
Like Microsoft’s Admin Center, Managed Environments is scalable for organizations with a large user base. But unlike the Admin Center, it requires additional standalone licenses for every app, flow, bot, and website in every environment where it is activated.
Used together, Microsoft native tools provide the primary capabilities you may need to manage your Power Platform environments. However, these tools’ capabilities have limitations in terms of security and governance. In particular, the lack of a central place to set configurations for all management and governance admin tasks executed in all three tools poses a significant challenge.
Scale Your Power Platform Management with Centralized Administration
To streamline your Power Platform management, AvePoint EnPower makes it easy for administrators to scale admin tasks by integrating with other tools in the AvePoint Control Suite, such as Cloud Governance, to support secure delegated administration and provide advanced security, monitoring, and governance capabilities no matter your organization’s size or unique requirements.
Security
With business-critical data fed into the platform, one of the most critical Power Platform management responsibilities is safeguarding and keeping sensitive information secure.
Sharing controls and Data Loss Prevention (DLP) policies are crucial in making this happen. DLP policies dictate what can be done with the connector access to the Power Platform, which controls how data is handled and transmitted within the Power Platform environment.
What you can do with Microsoft:
In the Power Platform Admin Center, admins can create and deploy DLP policies to an environment. The CoE Starter Kit then has a canvas app called the DLP Editor that allows customization of the DLP policies and shows a list of the canvas apps and cloud flows impacted by your DLP configurations. Managed Environments, on the other hand, has sharing limitation controls but lacks granular sharing controls.
The Challenge:
Restrictions may make it challenging for organizations to implement granular security policies to protect their data fully.
What AvePoint offers:
AvePoint EnPower helps organizations better manage DLP policies by going beyond creating them and controlling connector access in Power Platform. With AvePoint EnPower, admins can specify controls on what a maker can do and use within the connector and flow actions in environments, implementing more granular controls beyond the DLP at the flow action and user levels.
This means admins can control connections made into the Power Platform workspaces and configure how these connections are used to ensure no connection is misused.
Monitoring allows administrators to track usage trends, detect potential security threats, and optimize platform performance. With the right monitoring capabilities, you can ensure your systems run smoothly while reducing the risks associated with Power Platform usage.
What you can do with Microsoft:
While Power Platform Admin Center and Managed Environments offer limited analytics and usage insights for apps, Dataverse, and flows, the CoE Starter Kit can provide admins with reports, history, and monitoring capabilities. But there’s a catch: there’s a need to process audit logs constantly, which can lead to data inaccuracy, especially for large tenants, if the audit logs are not processed by the CoE flows.
The Challenge:
First-party tools have basic insights and analytics capabilities, but only the overview is provided. Further, you can only access this information in the Power BI dashboard, with no option to drill down into details. There are also limitations in producing accurate reports, especially for organizations with larger tenants, due to timeout and throttling issues with using audit logs for large resources.
What AvePoint offers:
AvePoint EnPower offers a comprehensive range of monitoring and reporting tools fully scalable and automated for tenants, large or small, covering most Power Platform elements such as environment, apps, flows, Power BI, and connectors.
AvePoint EnPower also provides more data filters so admins can drill into details for more granular reports. CoE Starter Kit allows admins to see reports, but AvePoint EnPower enables them to take immediate action directly from the Reportsdashboard.
You can also gain better insights into patterns and usage of your users in your Power Platform adoption through ranking reports. These reports are supported by multiple dimensions, such as connections, users, activities, and launches, to provide an accurate picture of what is working and what needs to be done to improve user adoption.
Alerts, actions, and governance
Beyond establishing rules to guide users, you must proactively manage your Power Platform environment and look for risks that may impact your organization’s security.
What you can do with Microsoft:
Admin Center and Managed Environments both have limited governance features. They have no alerting and bulk management capabilities and are focused only on data-sharing controls and insights. The CoE Starter Kit offers better Power Platform governance capabilities, but it comes with certain limitations:
CoE Starter Kit supports tenant overview and flow and app dashboards, which helps admins have an inventory of your organization’s apps, flows, and environments. However, these are limited within the Power BI dashboard and do not allow admins to take action from the dashboard. There may also be timeout concerns for Power BI when dealing with large tenants.
Audit process, governance, and lifecycle actions are also available but require GitHub integration.
Re-certification capabilities are limited and lack the ability to surface orphaned apps, making it challenging for admins to look for obsolete Power Platform objects.
The Challenge:
Organizations have an overview of their apps, flows, and environments, but without the capability to take direct action, it’s hard for admins to remediate issues quickly. With a noncentralized dashboard, finding a single source of truth for everything happening in a Power Platform environment can also be challenging. Without insights on orphaned apps and limited lifecycle management capabilities, your Power Platform elements can quickly add to data sprawl.
What AvePoint offers:
AvePoint EnPower, integrated with Cloud Governance, enables a holistic governance approach – covering all bases in inventory, lifecycle management, tenant management, alerts, actions, and more.
The AvePoint Control Suite can support audit and fully customizable re-certification processes, automating workflows to efficiently manage Power Platform elements at the tenant and user levels.
From the comprehensive and detailed Power Platform dashboard, where you can see your inventory and insights, admins can quickly take action to remediate any issues. For example, if an app is orphaned, admins are automatically alerted and can take action immediately, like deleting said app or reassigning another owner directly from the dashboard.
AvePoint EnPower also provides a single pane of glass experience to view and manage Power Platform objects from multiple tenants in one user interface and allows Role-Based Access Controls (RBAC) to support secure delegated administration without needing custom work or additional integrations. This makes it easy for larger organizations to deploy the solution and scale according to their needs.
Uplevel Your Power Platform Administration with AvePoint
While you can use first-party Microsoft tools to address basic requirements, you can achieve better security, gain more control, and access relevant insights with AvePoint’s Power Platform solutions.
With AvePoint, obtain insights and understand trends while creating a lifecycle management process for your Power Platform assets. You can support your organization in taking full advantage of Power Platform tools without fear of data risks.
“AvePoint’s support for Power Platform has helped us empower employees to safely build solutions that will enhance their work. As an organization, this allows us to continue taking smart risks because we know robust governance solutions will put the right guardrails in place, and data protection will ensure none of our data or workflows are lost.”
-Mike Fettner, Principal Office 365 Engineering, Regeneron
Ready to maximize Power Platform’s potential with better management and governance capabilities? Explore AvePoint’s Power Platform solution today:
Sherian Batallones is a Content Marketing Specialist at AvePoint, covering AvePoint and Microsoft solutions, including SaaS management, governance, backup, and data management. She believes organizations can scale their cloud management, collaboration, and security by finding the right digital transformation technology and partner.