Power Platform | Provide governance at scale

At MS Ignite, Microsoft announced new capabilities for Managed Environments today. Many customers have recently enhanced their low-code strategy by adding responsible AI capabilities, but there are also many questions about how AI can work with Power Platform and Governance team. The goal is to simplify their daily tasks and reduce the effort, while maintaining the highest company security and compliance standards and using AI responsibly.

Admins can now use environment groups and specific rules to standardize essential settings and configurations for governance at a new level of scale. Makers can access a personal developer environment that complies with these rules. These environments can be seamlessly integrated with Pipelines for Power Platform, which simplifies the use of ALM tools. Additionally, the latest advisor capabilities offer admin teams useful insights gathered from different environments. This gives them more control over the development and deployment process, and also makes onboarding easier.

To outline the capabilities and drive business value discussions, I am sharing today this new visual that summarizes the current feature set as of November 2023 used in my briefing sessions.

Visual of Managed Environments capabilities breakdown

CIOs know that IT teams have ongoing and upfront costs for providing SaaS solutions that help their business teams and themselves perform daily tasks. These costs are not only related to premium licenses and immediate charges. Developing and maintaining their own professional services package for SaaS operation in fact can be expensive in terms of time, effort and money.

A conversation based on entitlement could alter the perception of the premium licenses mentioned above, as they all grant the right to use and activate Managed Environments. Some of the monthly per-user license fees are used to provide such maintenance tools that offer more visibility, more control and less effort.

The new features enable customers to simplify their governance at scale, access various settings and services, and reduce their IT labor costs. By using Power Platform’s AI-generated insights to automate daily routines, and by applying different rules to groups of environments to ensure security and compliance standards, customers can save time and avoid tedious tasks.

A breakdown visualization of Govern, Protect and Manage the Power Platform

Managed Environments is one of the many features and tools that help govern, protect and manage the Power Platform. However, some SaaS security teams may not be aware of the full range of capabilities available, because they are not all managed within the Power Platform Admin Center. Therefore, Power Platform admin teams should make use of the extensive toolset that comes with the premium- or subscription-based licenses to keep the SaaS offer in optimal condition. This is especially important for ensuring Cybersecurity, as some of the protection mechanisms are enabled and managed by Microsoft, while others require your own configuration and management according to your company’s operational preferences.

It´s about time to streamline your governance at scale. Until then,…

Power Platform | Hyperscale to your business workload

In March 2021, I wrote an article comparing Dataverse and Azure SQL for data management. I followed up with more articles on how to use Dataverse to develop business applications. Now, I want to share some insights on how developers can get started with Dataverse and leverage its features.

Dataverse has received several updates in the past few weeks, which might have gone unnoticed among the many features that Power Platform offers. One of these updates is the seamless connectivity to data stored in different Dataverse environments. This is a significant feature for application developers who want to access data from multiple sources and regions.

Application developers come in various „flavors“, ranging from those who use MS Excel as their main tool to create their applications. MS Excel provides an easy way to collaborate on data, share access, aggregate, analyze, or enhance datasets with Power Pivots, Power Query, and formulas. However, it is not suitable for large datasets that exceed 1M+ rows, co-authoring with multiple users simultaneously, storing files and other media types, and complying with Governance and Data Leak Protection standards in relation to GDPR.

Some developers prefer to use Microsoft SharePoint and Lists. They are familiar with creating workflows on top of data rows, working with a set of data easily through browser experience, supporting images and other data types, and searching across large datasets. However, when they design business applications and want to scale them up, they may encounter some challenges. They may need experts to manage the site configuration and list administration. They may also face limitations on large sets of data above 30M+ rows and lists containing multiple lookup columns. Moreover, SharePoint may not be suitable for complex relational data and large transactions.

If you want to (hyper)scale your business workloads in the Era of AI, you need to leverage Copilot companions that can help you extract quick information and insights from your data. As a software application developer, you also need to learn about modern and robust data ecosystems that can scale easily with your company’s demand, without creating a complex and problematic monolithic database.

Dataverse service breakdown visual

This is the time, where you should breakdown the value and capabilities of using the Dataverse service as your (hyper)scale data engine for building your Copilot enabled user interface and next generation business application. One element of this being the feature currently in preview for creating elastic tables. So what´s elastic tables?

Elastic tables: A type of table in Dataverse that can handle large volumes of data in real-time, powered by Azure Cosmos DB. They have flexible schema, horizontal scaling, and time-to-live features.

Use cases: Elastic tables are suitable for scenarios that require high throughput, unstructured or semi-structured data, or frequent data model changes. They are not suitable for scenarios that require multi-record transactions, strong consistency, or filters on related tables.

With this feature becoming available through Dataverse service for low-code application developers, you can imagine the service being even closer to Azure. Well in fact, it´s build on top of Azure services – so it´s now surprise that this capability has been requested and now becomes available.

But it´s the costs to it ! That´s the main argument my CIO still wants to run our data backend on Azure SQL and Azure Cosmos DB individually.

Azure SQL supports huge data sets, billions of rows with several related tables, views, filters, aggregations and other complex data analysis. It also provides a robust disaster recovery toolset around elastic SQL pools, backup of data sets and restoring in case of data corruption. However, it also requires specialized and skilled teams to build the security model around it, handling the end-to-end client experience. And of course, it would not be suitable for handling files or non-relational data types, such as log files.

Since Dataverse DB and file capacity entitlements are included in the premium Power Platform Power Apps and Power Automate license offers, they are not a direct runtime cost that you can use for comparison. However, if you had to build and maintain your own Azure infrastructure for all the features and capabilities shown in the breakdown visual, do you think you could save a lot of money and use the benefits of a hyperscale platform?

For instance, you can use the new Dataverse long term data retention feature (in preview) to manage the two stages of the data lifecycle: hot or cold data storage. This native platform feature lets you keep historical application data in Dataverse for a long time, which helps you meet audit, legal, and regulatory requirements, save database space, and avoid spending on custom solutions. What would be the costs of building this based on your Azure SQL, Cosmos DB and other services infrastructure? You think you can build it for less than USD 20$ or USD 15$ per user/month?

Take an even closer look at the storage costs of long-term retention provided in this example and perform a simple calculation based on the data capacity you can find in your tenant-wide capacity report via the Power Platform Admin Center or simply consider the rule of thumb of

With an average compression of at lease 50%, a savings of 50% compared to when the data was in the active state.

Understanding long term retention storage costs, MS Learn

In other words, a clever data retention strategy could even provide you budget for a reinvestment in premium licenses. Beside the fact of using a (hyper)scale service for your business workloads. Until then, …

Power Platform | Trick-or-treating w/ Power Automate

How did you celebrate Halloween, Power Platform community? I spent mine exploring Power Automate and learning how Flows can run in the context of Power Apps and Dynamics 365 applications, well at least in the morning. To verify my understanding, I referred to the latest version of the licensing guide and the MS learn articles on Support for service principal owned flows. I also checked out the FAQ on Power Automate licensing.

You might wonder why it is important to spend time on this issue, since many flows can be assigned a Power Automate premium or Process license individually. However, if a flow is related to an app, you may be able to run it with your Dynamics 365- or Power Apps license. Sometimes, this requires some manual work. This task should not be left to the Power Platform admin team alone. In fact, the flow creator, who knows best why and how the flow is used, is probably the person who can quickly decide whether it should be associated with an app or not.

Example of Associated Apps dialog, filtering for specific Power Apps solution

However, you don’t want to leave those users to figure things out on their own by just giving them some knowledge articles like above. You want to provide them with some guidance and make it a quick and easy activity for them, so they can do it without stress or time pressure.

Example of an error message received when user try to associate their flow with an app

The visual above shows why you should not abandon your user. It is similar to how you would not want your children to go to strangers‘ houses in your neighborhood, even if they are having fun on Halloween night. You would probably offer them some guidance, right?!

Visual of scenarios not enforced vs. those where a manual action is needed

Based on the knowledge articles I studied, the above visual is the best representation I could create so far. On the left hand side, you can see the examples where no action is required. These are the cases where the script I described in my previous article has identified that the flows are not at risk of suspension. On the right hand side, you can see the scenarios where you or your user need to take action. In some cases, the owner/creator of the flow may not be able to perform this activity, as it involves purchasing additional licenses that may not be available in your current pool. Therefore, as a Power Platform admin, you have the responsibility to consult your license purchasing team and resolve the issue.

Please note that above visual is subject to change. New information may be added to the articles mentioned as they are updated. For instance, I wondered why a Service Principal flow that runs in the context of a D365 app is covered by the license (since it obviously uses premium connectivity to be in the context of the D365 app), while a Service Principal flow that runs in the context of a Power Apps app with premium features requires a Power Automate Process license. Doesn’t that seem odd?

Let me know via the comments or DM and as always – hope you had a great Halloween (for those celebrating). Until then,…

Update Nov. 9th: After investigating the canvas apps using the same Dataverse tables (Common Data Source) issue in terms of during association process showing an error message – a fix is rolling out that should resolve that issue. We always knew Dataverse has a special relationship with canvas Power Apps.

Updated – Visual of scenarios not enforced vs. those where a manual action is needed

Above visual reflects this fix becoming available. Until then,…