Control & Visibility for the Power Platform with Managed Environments

Mechanics Team
12 min readDec 7, 2022

Build app experiences and automate everyday tasks and processes in Power Platform with the Managed Environments capability for easier, proactive governance. Restrict how broadly apps and flows can be shared with capabilities like sharing limits, set up better guardrails through the built-in Solution checker, and test apps before they move into production with the maker-friendly DevOps capability, Pipelines for Power Platform.

Group Product Manager for Microsoft Power Platform, Evan Lew, joins Jeremy Chapman for a deep dive on updates to the Power Platform.

Custom onboarding, Sharing controls, & DevOps integration.

Create a positive feedback loop with your makers using Managed Environments.

Auto-block unsafe apps from getting to production.

Enforce Solution checker with Managed Environments in Power Platform.

Guardrails at each stage of production.

Help makers build safe, secure, and compliant apps with Pipelines for Power Platform.

Watch our video here.

QUICK LINKS:

00:00 — Introduction

02:47 — Default environment

04:14 — Admin experience

06:54 — Pipelines for Power Platform

08:15 — Maker experience

11:21 — Wrap up

Link References:

Download and use Power Platform hub templates at https://aka.ms/MakerSiteTemplate

Watch how to build Power Apps from a drawing at https://aka.ms/PowerPlatformAIMechanics

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Keep getting this insider knowledge, join us on social:

Video Transcript:

Jeremy Chapman (00:02):
Coming up as more and more people use Microsoft’s low-code Power Platform to build app experiences and automate everyday tasks and processes, we’ll take a closer look at the new Managed Environments capability for easier, proactive governance, including greater control with capabilities like sharing limits that restrict how broadly apps and flows can be shared, along with better guardrails through the built-in Solution checker and maker friendly DevOps capability, Pipelines for Power Platform, to test apps before they move into production. And joining me today for our deep dive is one of the engineering leaders on this topic, Evan Lew. Welcome to the show.

Evan Lew (00:37):
Thank you for having me on the show.

Jeremy Chapman (00:38):
Thanks so much for joining us today. And this has been a topic I’ve been looking forward to, given the momentum that we continue to see. You know, there’s several millions of Power Platform developers worldwide, and that’s just set to increase the more that we make app and flow authoring experiences more accessible. Now, Charles Lamanna, our Power Platform CVP, for example, recently demonstrated AI-infused app authoring with Express Design, which can generate an app just from a sketch on a piece of paper. And of course it might seem like all of this comes at a price for those of us who are in IT who fear random apps and processes accessing data and resources in the environment. So how are we looking to help here?

Evan Lew (01:16):
Well, we know if you’re in IT, it’s essential for you to have the right visibility and controls to govern all of your low-code apps, flows, and bots. We’ve been investing heavily in governance capabilities that let you centrally manage all that low-code creativity in your organization. And with the latest capabilities, it’s easier than ever to govern at scale.

Jeremy Chapman (01:35):
And this really differs, you know, from what IT has had to deal with over the years. And I’m thinking about things like low-code solutions, you know, Access or Excel or InfoPath based apps that might have been hidden from IT. And now with a centralized model, you know both makers and IT can use it and they aren’t having to grapple with multiple low-code environments that would have their own bespoke management tools.

Evan Lew (01:58):
You’re spot on. We offer a number of ways to give you centralized visibility and control over all your environments. So first, the CoE toolkit is a great way to get started. You get visibility through dashboards, and pre-built apps and flows to help you govern your assets and your makers. And then secondly, the Power Platform admin center gives you a single portal to manage all your environments and configure those platform settings. And with new tenant wide reports, you get that great bird’s eye view of low-code adoption across your organization. And it gets even better with the brand new Managed Environments capabilities that we recently announced. It simplifies and streamlines governance for all your environments, including the default environment. And Managed Environments is included with your standalone Power Apps and Power Automate licenses to give you more visibility, more control, with less effort.

Jeremy Chapman (02:46):
Now you mentioned the default environment, which at its core lowers the bar for makers to build the apps that they need. At the same time though, it’s often an area of concern for IT.

Evan Lew (02:56):
Right. The default environment is a great starting point for makers throughout the organization to build simple apps and flows to automate their day-to-day work. And we’ve seen it ignite productivity and innovation in many organizations. And it’s what your employees will use if you don’t have an established environment strategy for your makers to use instead. Now your strategy should be based on the apps and flows that your makers are building and the data that they are accessing. So for example, you should set universal data policies in your default environment to establish which data sources can and cannot be used when building personal productivity apps and flows. And for any business-critical apps, you can establish an application lifecycle management focus. Now by using dedicated environments, you can safely authorize connections to specific systems of record. And by using the new Managed Environments capability, you can also help guide your makers to build higher quality, low-code assets. Now, Managed Environments offers you unique capabilities like setting up a custom onboarding experience for your makers, deeper environment-level visibility, sharing controls to limit exposure, and maker friendly DevOps integration, and more. And all of this helps create that positive feedback loop with your makers. And importantly, in just one click, we make it easy for you to take your existing default and standard environments and upgrade them to Managed Environments, really at any time.

Jeremy Chapman (04:14):
And this really is a win-win for both makers, as well as IT. So can you walk us through the admin experience for setting up Managed Environments?

Evan Lew (04:21):
For sure. It’s a win-win for admins that get better insight and feedback into how the environment is used, and makers get guardrails to build more safely and productively. So here we are in the Power Platform admin center, setting up a managed environment. And if you’re concerned about uncertified apps getting overexposed, you can use “sharing limits” to restrict how broadly apps can be shared. So I can restrict sharing to only security groups, or I can limit how many individuals an app can be shared with. So for example, this is a development environment, and I want to limit sharing to really no more than two people. Now for apps that you do want shared more broadly, Managed Environments allows you to enforce Solution checker to run as part of the deployment process to automatically block, for example, unsafe apps from getting to production. Now, Solution checker includes rules in several areas like security, for example, if the app has a component that performs arbitrary code execution, performance, like excessive data refreshes, which can degrade performance, or reliability, like if the app uses a deprecated API, and accessibility to ensure labels and controls are accessible. By the way, Solution checker itself is not new, but with Managed Environments, as an admin, you can now enforce these checks. And you can get detailed results with an automated email just like this one here.

(05:37):
Now, when you set up Managed Environments, you can choose the level of enforcement you need — none, warn, or block. And so for example, I can set the test environment to warn only, which means makers can keep iterating on their apps without getting blocked and fix the issues that they get warned about. And then for production, I can choose to block deployments whenever the checker finds a high severity issue. Additionally, as an admin, you can deliver the welcome experience for new makers in the Power Apps Studio with training content that’s specific to the admin guardrails you apply to the environment.

Jeremy Chapman (06:08):
And this is really a great example, as you mentioned, of providing that feedback loop where you’re actively offering proactive guidance as makers build out their apps.

Evan Lew (06:16):
It really is. And with a Power Platform hub templates, we can now help you set up a SharePoint or Teams site that makers can link out to for more detailed guidelines, rules of engagement, and even success stories. So here’s an example with a bunch of resources for makers, including DevOps guidance for apps that need broader distribution. And all this is available as a SharePoint or a Teams site template you can download and use yourself at aka.ms/MakerSiteTemplate.

Jeremy Chapman (06:43):
And all this really follows best practices, especially for developers. And you know, when you’re testing an app, you’re using a sandbox and that’s ensuring quality is there before you move that into production.

Evan Lew (06:52):
Right. And you can set up guardrails at each stage. We recently released Pipelines for Power Platform that provides a series of automated steps to move an app between development, test, and production stages. And it greatly reduces the complexity of automating the DevOps process for citizen makers who aren’t going to use traditional DevOps tools like GitHub. This means even in the low-code world, as an admin, you can moderate or control what goes to production without impeding maker creativity or innovation.

Jeremy Chapman (07:20):
In this way, you know, makers can really get the help they need to build safe, secure, and compliant apps right from the beginning. So I want to make this real for people, you know, and and show how all of this comes together. And I’ve started here by visiting your maker site and I can see the process laid out along with guidance on who should be involved at each stage. And now I can reach out to my IT team and get the process started.

Evan Lew (07:41):
Which is important because if you’re building a critical app that you want to distribute broadly, you want to be able to do that responsibly. So I set up your pipeline with everything that you need, and your dev environment is configured to only connect to test database and not production. Then for the production database that you’ll use in your test and production environments, the connector provides several options to configure access levels for data reads, updates, inserts, deletes, and query execution. We want to give you freedom to build and innovate, but with a few guardrails in place to protect company data and yourself just in case something doesn’t work out as planned.

Jeremy Chapman (08:15):
Great. So let’s have a look at the experience. Now, if you recall the event registration app that Charles Lamanna built directly from an app sketch, which you can check out at aka.ms/PowerPlatformAIMechanics. Well here I have the same app right in Power Apps Studio and I want to share that app with a few more people on my team to help out. Now because of the policy that you set, Evan, before, it’s going to let me share with two colleagues but not a third colleague. And you can see that I’m blocked from sharing it broadly. Now for this app, I also need to connect it to a backend database running on SQL. So first I’m going to try to connect it to our production server, then to the table I want, and you’ll see that that gets blocked. And that’s by design, because you’ve set the policy for the dev environment to connect to the development database only.

(09:00):
So I’m going to connect to that one, I’m going to connect to my table again, and this time you’ll see I’m not blocked. And this all makes sense because in my case, I’ll only need access to the production database to properly test my app and also release it to production. So now I’m going to deploy it into the test environment. And as you mentioned, this environment lets me connect to the production instance of the SQL server that I want. And the neat thing here is that the pipeline’s actually set up to reconnect to the production SQL database when I land in the test environment, so I can test it using real data.

Evan Lew (09:31):
And now that you’re in the test environment, you can share that app with more people so they can help test it.

Jeremy Chapman (09:36):
Okay, so let’s try that out, because you’ll remember last time I was limited to just the two people I was working with. And now from the sharing dialogue you can see that I’ve got five people at it already, and I’ll add a sixth person to help test. Now for the sake of time, let’s say that everyone’s tried out my app and it’s working really well, and it’s ready for the big time and to deploy it more broadly into production. So I’m back in the pipeline view, and I’ll go ahead and deploy it into the production environment. And that’s just going to run for a moment.

Evan Lew (10:03):
So for the production environment, we’ve set the pipeline up to require IT sign-off before it’s deployed. So I’ve received here an email request for deployment approval and I can go ahead and approve it. And that’s it. Your app is headed to production.

Jeremy Chapman (10:16):
And what you probably picked up on along the way, is that without explaining the DevOps, or CICD process, or training people on how to use pro dev tools like GitHub or Azure DevOps, as a maker, I was gently guided on a simple low-code version of the DevOps process to make sure that my app really met the quality bar across security, performance, reliability, and also accessibility aspects.

Evan Lew (10:38):
Right. And now that the app is in production, you can monitor how things are going, and of course Managed Environments helps with this as well. From the Managed Environment’s activation screen, here we can choose whether this app should be tracked in the digest emails or show in the insights reporting dashboard. The digest highlights the most used apps and flows, as well as what’s not being used and also flags where licensing attention is needed. The new license reporting makes it easier for you to know which active users require license assignment before you can enable Managed Environments. Then, if I head over to the insights dashboard in the Power Platform admin center, you’ll find up-to-date insights about all the relevant Managed Environments. And of course because it’s in the admin center, everything’s just a few clicks away.

Jeremy Chapman (11:19):
And this is really a ton of great visibility. Now we’ve walked through a lot that you can do with Managed Environments and Pipelines. So for our admins who are watching right now and looking to try this out, what do you recommend?

Evan Lew (11:29):
So Managed Environments is available today. Thousands of organizations are already using Managed Environments for more visibility and control. Many are using it in the default environment, or like in our example, in dedicated dev tests and production environments. So you can go to the Power Platform admin center and try it out.

Jeremy Chapman (11:46):
Thanks so much, Evan, for joining us today and also sharing all the updates for Managed Environments and Pipelines. Of course, keep checking back on Microsoft Mechanics for all latest tech updates, subscribe to our channel if you haven’t already. And as always, thank you for watching.

--

--