Power Platform | Copilot Risk Assessment Pt. 4

Welcome back to my small series, I hope you enjoyed previous article. Today, let´s switch gears and tool and check out on environments in the EU using the same prompts in Copilot experience for Power Automate cloud flows and analyze the results and where they might offer valuable insights when writing an internal risk assessment documentation. Are you ready?

Copilot in EU Power Automate Studio – after flow being created

As you can see in the image above, I have enabled both Generative AI features in the EU environments that I am using. This allows you to replicate the same tests. I tried to challenge Copilot again, like I did before, but instead of using my prompt to access information from Microsoft Graph – as Copilot for Microsoft 365 would do – Copilot only helped me with creating and editing a flow.

After creating the flow, I asked Copilot again to help me with some Power Automate licensing information. As you can see from the image above, it was able to assist me with that. However, since the Copilot experience does not provide any information on the sources, I cannot tell if this information comes from Power Automate docs or Bing Search, which is using content from learn.microsoft.com.

One more challenge to see if context outside of Power Automate can be used where Bing Search could be involved. But again, a negative response for that.

Copilot in EU Power Automate Studio – performing an action

I performed another cross-check on the action that my prompt instructed Copilot to insert a SharePoint action. I got the same result as the tests that ran in the US environment. So it seems that there is no difference in that.

Copilot in EU Power Automate Studio – one more challenge

I had to try one more time to challenge Copilot. It had previously answered that it could only respond to questions about Power Automate in English. What would happen if I asked for information on Power Apps instead? There is some connection between Cloud flows and Power Apps apps, such as the ability to run them within an app context.

As you can see from the visual shared above, it does help with this. So there must be some knowledge given by either Power Apps docs in terms of licensing or is it using Bing Search and learn.microsoft.com content? If you follow this table shared in the admin section of Microsoft Copilot Studio it might be critical to see it using Bing Search.

As I said in my first article, this journey began when some CISOs asked me to help them create a risk assessment document and give them advice on how to best evaluate and compare Copilot experiences. And a good summary of it so far would be, there´s no one-size fits all.

A copilot for almost every Power Platform experience

So far, we have explored Copilot in Power Apps Studio and Copilot in Power Automate experiences. We have noticed some similarities (such as their contextual awareness), but also some differences in how they provide responses. As the visual above shows, there are many more Copilot experiences that we could examine.

To create a risk assessment documentation, we need to understand some more of the architectural concepts of a Copilot. How does a LLM (Large Language Model) process my user prompt? Is it directly send to the LLM? Or is there any pre- or post-processing involved? If so, what services or data sources are used for this?

Something to look for in my next part. Until then,…

Power Platform | Copilot Risk Assessment Pt. 3

Today we´re going to extend the storyline around a risk assessment of Copilot experience in Power Platform and further discuss on observations I had outlined in my first and second article in regards to the behavior of Copilot. This time, we´ll set our focus on Power Automate cloud flows designer.

Copilot in Power Automate Studio experience

I am using the Copilot – Describe it to build a flow feature in the Power Automate Studio, which is set to a US environment. As shown in the image above, I am entering a prompt that I could have also used with Copilot for Microsoft 365. However, the result is different because this Copilot does not use Microsoft Graph to retrieve information about my last ten emails. Instead, it suggests that I create a cloud flow that can help me with this task and recommends using two common connectors: Office 365 Outlook and Content Conversion.

After the flow being created, I then challenged Copilot with a DALL-E task to see if it would generate an image for me. However, I only got a response saying that this Copilot would help with Power Automate questions in English.

Copilot in Power Automate Studio – after the flow being created

If DALL-E doesn’t work, we can try other topics in this experience. How about Power Automate licensing? Copilot can help us with this topic, as you can see from the visual shared above. It can also explain the differences in licensing, which is useful for flow creators who want to learn more about the best licensing options for their flows.

Does this use the information from Power Automate Doc, or does it use Bing Search to get information from learn.microsoft.com? A CISO would also want to know what happens with the user prompt when it creates a meta-prompt (pre-processing) and how it performs some compliance and security checks after getting the response from an LLM (Large Language Model) (post-processing).

Therefore, one more try with a context outside of Power Automate and check on the response. But again, it doesn´t help with that one.

Copilot in Power Automate Studio – insert an action with a new connector

Let’s go back to the intention and see if it can help me add a SharePoint action. It does insert the action for me, but not exactly where I wanted. I asked it to be after the first action, but it put it after the trigger. We could debate whether the trigger counts as the first action or not, but anyway – it certainly does an action I give through my prompt.

How is all this done via Copilot and is there more information available on this Copilot doesn´t perform any job that my company would be concerned about? Current capabilities are listed here and I would recommend including this link in an internal risk assessment documentation. We know that capabilities could change or extend over time, and you may not want to completely re-write your documentation. And in terms of security and privacy of this experience, there´s also a great FAQ article you can link to.

More to come in my next article, stay tuned and, until then…

Power Platform | Copilot Risk Assessment Pt. 2

In my previous article, I shared the first observation from testing Copilot in the Power Apps Studio experience. Today, we will continue to explore this feature. However, we will switch to a different environment. In this environment, we have a specific Opt-in card in the Power Platform Admin Center. This card allows us to move data across regions and to enable or disable Bing Search.

Copilot in EU Power Apps Maker Studio

I used the same prompts as in my previous article, where I performed my tests in a US environment, and created an app. I tried to use DALL-E again and asked Copilot to help me summarize the last email I received. However, as you can see from the results shown in the image above, neither of the actions was successful.

I tried again with my prompt on writing an introductory paragraph, but I got a different result this time. Unlike the US-side, I got an error message saying „Sorry, something went wrong…“. Was it a technical issue? I decided to try again. No, the same message appeared. I tested it with different environments in the EU, but the outcome was always the same. What about the VanArsdel-thing that I got when using a US environment? I decided to check that too.

VanArsdel Heating and Air Conditioning – search in a EU environment

Same as in the US environment, when performing a search in the environment, I don´t receive a result, unless I switch the toggle to include web results. The results then include the documentation from learn.microsoft.com. Why is this happening? Is Copilot using a different training model in the EU? Is it because the data doesn’t leave the EU boundary and Bing Search is not used, even though it is active? Let me try a different challenge to verify this.

Copilot in US Power Apps Maker Studio experience

Switching back to the US environment and ask Copilot for some help with licensing questions. To my surprise, it gave me a relevant answer and allowed me to explore more details based on the previous answer. However, unlike Copilot for Microsoft 365, Copilot in Power Apps did not show me the sources of the information it used. I could only guess that it either learned from Power Apps docs or used Bing Search to find information from Power Apps docs. Next, I wanted to test Copilot in the EU environment and see how it performed there.

Copilot in EU Power Apps Maker Studio experience

Okay, this is a surprising outcome. Copilot cannot assist with this task in any of the EU scenarios. I verified this in other EU environments as well, to rule out any technical glitches on my end, but I got the same results. It seems that Copilot cannot access any Power Apps documentation in the EU environment. Either Bing Search does not index them, or is not permitted to. And it seems that they were not used in a different way to train the model or provide grounding, because otherwise I would expect Copilot to give an answer close to the US-one.

The test results may vary depending on your situation, but they show the importance of testing Copilot experiences and documenting the risk assessment. I also suggest that you read this document before creating any internal documentation, as it may help you to refer to this resource and avoid updating your risk assessment docs every time Copilot improves.

That concludes my tests and observation on Copilot in Power Apps experience for building apps through conversation, but that doesn´t mean it´s the end of this series. So stay tuned for more, until then…

Power Platform | Copilot Risk Assessment

After a brief break, I’m launching a new series on how to get ready for a risk assessment of copilots integrated in Power Platform. This series won’t cover the Microsoft 365 Copilot experience, although there are some common aspects because copilots use the same technology stack.

A risk assessment might seem unnecessary since Microsoft enables Copilot by default and ensures a responsible and secure AI experience. However, there are steps you can take to ensure that your organization and developers have the best experience with Copilot in Power Platform. And it´s always a good idea to understand some technology aspects to prevent things from going in a wrong direction.

Screenshots of the Copilot experience in Power Apps Maker Studio

I will begin by showing the experience of using Power Apps Maker Studio and addressing a common concern of a CISO, which is whether the company data is secure when using Copilot in Power Apps. In this example, I am asking Copilot to find information about a user named Power Admin, maybe using Microsoft Graph as the data source. This to compare the user experience with using Copilot for Microsoft 365 in this scenario. [Note: It would help with this task]

In the screenshot I shared, you cannot see that Copilot starts to generate an app based on the prompt I used. It tries to handle some sample data information, which I will show you in the next image. While the app is being created, Copilot interacts with me and asks what I want to do. I challenge it again by asking if it can help me summarize my last team meeting. From its answer, you can see that it works in the context of creating an app with a focus on generating table schemas or performing table operations. So let’s create an app first and see what happens next.

Copilot screenshots in Power Apps Maker Studio after the app being created

I can ask Copilot for more help when I’m designing an app. I try to test its limits by prompting it to use DALL-E, a service that might be useful. However, Copilot only responds to things related to Power Apps. I make one more attempt to get some help with data that could be relevant to my app. I ask Copilot to summarize the last email I received. But it doesn’t work. Copilot in Power Apps app designer experience won’t help me with that.

So let´s check with a prompt I took from Copilot Lab. I was surprised to receive an interesting response that referred to a „VanArsdel Heating and Air Conditioning Canvas App“. I wondered where this came from, since my tenant was not VanArsdel, nor did it have any tenant relationship with it. I was testing this in a US region environment, where there was no opt-in required for generative AI. I will explain later why this is relevant. Does this mean that Copilot can use some external data?

Seeking for information on VanArsdel Heating and Air Conditioning Canvas App

I tried the general search feature to see if I had imported any solution related to VanArsdel that I might have forgotten, but I got no results. However, when I included web results, I found some cross-references to VanArsdel in the documentation. This is intriguing because the UI says „Results for VanArsdel in this environment“. Does this mean that my environment is somehow trained on Power Apps Docs content?

From Results found in my environment to learn.microsoft.com URL

When I click on the first document, it opens the learn.microsoft.com experience. I wonder if Copilot in app designer experience uses Bing Search to find more information, or if it only uses Power Apps Docs without involving Bing Service. This is why a risk assessment is important. Organizations are interested in knowing which data is used or where your prompt is used.

Read more about how I continued my tests, what resources I would recommend to use when preparing a risk assessment documentation for your organization and how I am now helping customers to perform this task a lot faster. Until then,…

Power Platform | Provide governance at scale

At MS Ignite, Microsoft announced new capabilities for Managed Environments today. Many customers have recently enhanced their low-code strategy by adding responsible AI capabilities, but there are also many questions about how AI can work with Power Platform and Governance team. The goal is to simplify their daily tasks and reduce the effort, while maintaining the highest company security and compliance standards and using AI responsibly.

Admins can now use environment groups and specific rules to standardize essential settings and configurations for governance at a new level of scale. Makers can access a personal developer environment that complies with these rules. These environments can be seamlessly integrated with Pipelines for Power Platform, which simplifies the use of ALM tools. Additionally, the latest advisor capabilities offer admin teams useful insights gathered from different environments. This gives them more control over the development and deployment process, and also makes onboarding easier.

To outline the capabilities and drive business value discussions, I am sharing today this new visual that summarizes the current feature set as of November 2023 used in my briefing sessions.

Visual of Managed Environments capabilities breakdown

CIOs know that IT teams have ongoing and upfront costs for providing SaaS solutions that help their business teams and themselves perform daily tasks. These costs are not only related to premium licenses and immediate charges. Developing and maintaining their own professional services package for SaaS operation in fact can be expensive in terms of time, effort and money.

A conversation based on entitlement could alter the perception of the premium licenses mentioned above, as they all grant the right to use and activate Managed Environments. Some of the monthly per-user license fees are used to provide such maintenance tools that offer more visibility, more control and less effort.

The new features enable customers to simplify their governance at scale, access various settings and services, and reduce their IT labor costs. By using Power Platform’s AI-generated insights to automate daily routines, and by applying different rules to groups of environments to ensure security and compliance standards, customers can save time and avoid tedious tasks.

A breakdown visualization of Govern, Protect and Manage the Power Platform

Managed Environments is one of the many features and tools that help govern, protect and manage the Power Platform. However, some SaaS security teams may not be aware of the full range of capabilities available, because they are not all managed within the Power Platform Admin Center. Therefore, Power Platform admin teams should make use of the extensive toolset that comes with the premium- or subscription-based licenses to keep the SaaS offer in optimal condition. This is especially important for ensuring Cybersecurity, as some of the protection mechanisms are enabled and managed by Microsoft, while others require your own configuration and management according to your company’s operational preferences.

It´s about time to streamline your governance at scale. Until then,…

Power Platform | Hyperscale to your business workload

In March 2021, I wrote an article comparing Dataverse and Azure SQL for data management. I followed up with more articles on how to use Dataverse to develop business applications. Now, I want to share some insights on how developers can get started with Dataverse and leverage its features.

Dataverse has received several updates in the past few weeks, which might have gone unnoticed among the many features that Power Platform offers. One of these updates is the seamless connectivity to data stored in different Dataverse environments. This is a significant feature for application developers who want to access data from multiple sources and regions.

Application developers come in various „flavors“, ranging from those who use MS Excel as their main tool to create their applications. MS Excel provides an easy way to collaborate on data, share access, aggregate, analyze, or enhance datasets with Power Pivots, Power Query, and formulas. However, it is not suitable for large datasets that exceed 1M+ rows, co-authoring with multiple users simultaneously, storing files and other media types, and complying with Governance and Data Leak Protection standards in relation to GDPR.

Some developers prefer to use Microsoft SharePoint and Lists. They are familiar with creating workflows on top of data rows, working with a set of data easily through browser experience, supporting images and other data types, and searching across large datasets. However, when they design business applications and want to scale them up, they may encounter some challenges. They may need experts to manage the site configuration and list administration. They may also face limitations on large sets of data above 30M+ rows and lists containing multiple lookup columns. Moreover, SharePoint may not be suitable for complex relational data and large transactions.

If you want to (hyper)scale your business workloads in the Era of AI, you need to leverage Copilot companions that can help you extract quick information and insights from your data. As a software application developer, you also need to learn about modern and robust data ecosystems that can scale easily with your company’s demand, without creating a complex and problematic monolithic database.

Dataverse service breakdown visual

This is the time, where you should breakdown the value and capabilities of using the Dataverse service as your (hyper)scale data engine for building your Copilot enabled user interface and next generation business application. One element of this being the feature currently in preview for creating elastic tables. So what´s elastic tables?

Elastic tables: A type of table in Dataverse that can handle large volumes of data in real-time, powered by Azure Cosmos DB. They have flexible schema, horizontal scaling, and time-to-live features.

Use cases: Elastic tables are suitable for scenarios that require high throughput, unstructured or semi-structured data, or frequent data model changes. They are not suitable for scenarios that require multi-record transactions, strong consistency, or filters on related tables.

With this feature becoming available through Dataverse service for low-code application developers, you can imagine the service being even closer to Azure. Well in fact, it´s build on top of Azure services – so it´s now surprise that this capability has been requested and now becomes available.

But it´s the costs to it ! That´s the main argument my CIO still wants to run our data backend on Azure SQL and Azure Cosmos DB individually.

Azure SQL supports huge data sets, billions of rows with several related tables, views, filters, aggregations and other complex data analysis. It also provides a robust disaster recovery toolset around elastic SQL pools, backup of data sets and restoring in case of data corruption. However, it also requires specialized and skilled teams to build the security model around it, handling the end-to-end client experience. And of course, it would not be suitable for handling files or non-relational data types, such as log files.

Since Dataverse DB and file capacity entitlements are included in the premium Power Platform Power Apps and Power Automate license offers, they are not a direct runtime cost that you can use for comparison. However, if you had to build and maintain your own Azure infrastructure for all the features and capabilities shown in the breakdown visual, do you think you could save a lot of money and use the benefits of a hyperscale platform?

For instance, you can use the new Dataverse long term data retention feature (in preview) to manage the two stages of the data lifecycle: hot or cold data storage. This native platform feature lets you keep historical application data in Dataverse for a long time, which helps you meet audit, legal, and regulatory requirements, save database space, and avoid spending on custom solutions. What would be the costs of building this based on your Azure SQL, Cosmos DB and other services infrastructure? You think you can build it for less than USD 20$ or USD 15$ per user/month?

Take an even closer look at the storage costs of long-term retention provided in this example and perform a simple calculation based on the data capacity you can find in your tenant-wide capacity report via the Power Platform Admin Center or simply consider the rule of thumb of

With an average compression of at lease 50%, a savings of 50% compared to when the data was in the active state.

Understanding long term retention storage costs, MS Learn

In other words, a clever data retention strategy could even provide you budget for a reinvestment in premium licenses. Beside the fact of using a (hyper)scale service for your business workloads. Until then, …

Power Platform | A fair-trade?

Recently, I had another conversation with a fashion retail customer considering the Power Platform premium licensing model, but wasn´t sure about generating an all-over business value that justifies the investment. Those following my blog for a while now, know my passion for research on how to explain things in a simplified manner. Those being new today – a warm welcome to today´s article.
How should I be able to best explain that a justification for an investment on premium licenses for a single user should pay off in multiple ways?

The concept of fair-trade within the fashion industry has gained significant attention in recent years. One aspect of this discussion is focused on creating fashion that can be truly recycled and transformed into new garments, instead of being repurposed into different outcomes. The goal is to establish a sustainable cycle where materials are reused, reducing waste and the environmental impact of the fashion industry.

Simplified example of a price composite for a pair of jeans

Efforts are being made to develop innovative textile technologies and manufacturing processes that facilitate the recycling of fashion items. Designers are experimenting with materials that are easily recyclable, such as organic cotton, hemp, and biodegradable fibers. Additionally, some brands are exploring the use of modular designs and reversible clothing to extend the lifespan of garments.

When it comes to fair-trade practices, one significant concern is ensuring that seamstresses and workers involved in the production of fashion items are fairly compensated for their labor. Many fashion brands have committed to improving working conditions and wages for their employees, particularly in developing countries where the majority of garment production occurs.

My customer being in the fashion retail industry, I thought above shown example of justifying the price of a pair of jeans could become a good starting point for having a conversation around Power Platform premium licensing model. So, I requested having a common-sense of the ingredients shown in my visual. And it seems we could easily agree on those.

A simplified price-composite exposure for Power Apps premium

My next action was, to explain my customer of why I used this storyline: Imagine the $20 for Power Apps premium would be a composite based on several factors as well. One of them being for research & development, maintaining and hosting the software. Other factors including the services for customer support, sales and marketing. And in addition, taking into account the amount of storage being used, the usage of artificial intelligence or other foundational services (Azure). Basically, layering and mapping the composite of a price for a pair of a jeans to the Power Apps premium price-tag for a user.

After telling this story, our conversation turned into a business value discussion. As an example: One part of the price being the offer of using Managed Environments – a suite of premium capabilities that allows admins to manage Power Platform at scale with more control, less effort, and more insights. Another example being the part of using Dataverse. So we discussed the value of using a preferred solution for every developer that allows administrators with the help of Pipelines in Power Platform to implement an enterprise scale-out Application Lifecycle Management (ALM) without teaching the complex things behind it to every developer. Ensuring though that business critical applications created by anyone can be safely used, deployed and maintained in production implementing the company´s ALM standards.

Power Apps Subscription plan breakdown

You can imagine, it started a conversation about a breakdown of the Power Apps premium subscription as you can see from above visual. What was a complex thing to understand before, became a simple thing to look at afterwards.

Providing this example to yours, starting for having such conversations with your customers or even as an internal discussion of how a justification of a license could look like. Could it be done for Power Automate and other parts of the Power Platform. For sure, it can. But that is on yours, now that you´ve read through the ingredients it takes for having a constructive discussion on an investment for premium licenses. Until then,…

Power Platform | Quo vadis Governance?

Talking about enterprise-grade governance and following a company-wide strategy to enable everyone for transforming their way of working, finally doing more with less, it becomes a clear task that running on a classic IT-driven governance model from 90’s to 00’s to ensure security and compliance, becomes a challenge to scale-out effectively due to newly added parameters. Charles Lamanna talking about the AI revolution supercharging low-code and sharing with us,

…advisor in Managed Environments offers proactive recommendations and inline actions, helping administrators stay ahead of security threats at scale

Charles Lamanna, Corporate Vice President, Business Applications & Platform

we could expect some AI impact, transforming governance models in near future.
What do I mean by this?

Visual of a Corporate and IT-Governance model

IT Governance framework

IT governance frameworks play a crucial role in evaluating the overall performance of your IT department. They offer valuable insights into how your department functions and provide a comprehensive understanding of the key metrics that management requires. By implementing an IT governance framework, you can effectively assess the returns that IT investments are generating for your business. This allows you to make informed decisions, optimize resource allocation, and align IT strategies with your organization’s objectives. Ultimately, IT governance frameworks provide the necessary structure and guidance to enhance the efficiency and effectiveness of your IT department.

ITIL framework

ITIL stands for Information Technology Infrastructure Library. It is a framework that focuses on IT service management in order to ensure that IT services effectively support the core processes of a business. The primary goal of ITIL is to align IT services with the needs of the organization.

ITIL consists of five sets of management best practices:

1. Service Strategy: This set of practices helps organizations develop strategies to meet their customers‘ needs and align IT services accordingly.
2. Service Design: This set of practices focuses on designing new or modified IT services that are effective, efficient, and reliable.
3. Service Transition: This set of practices deals with the transition of IT services into the live production environment, including change management, release management, and knowledge management.
4. Service Operation: This set of practices ensures that IT services are delivered and supported effectively on a day-to-day basis. It covers incident management, problem management, and service desk support.
5. Continual Service Improvement: This set of practices aims to continuously enhance the quality and effectiveness of IT services through regular monitoring, analyzing, and improving processes.

By implementing the ITIL framework, organizations can improve their IT service management capabilities, maximize operational efficiency, and provide better support for their core business processes.

Power Platform – Control at scale

Taking a closer look in Power Platform´s control at scale governance framework, you´ll notice that there´s been quite a lot of opportunities in there. A set of tools that mainly can be categorized in three different buckets to make it easier to consume. Many of them being thought and designed from stepping into a typical IT administrator´s shoes, performing their daily tasks in a newly SaaS- and AI-driven world.

Power Platform control at scale framework

Crossing the chasm

But where´s the issue with that in terms of scalability and a rapid-changes-driven world we´re currently into? To me, it´s a simple answer: The lack of humans keeping up with constantly ongoing changes that require adaption, corrective actions, and constant measurement for improvements. Or you could also say, the lack of professionals we´re in charge of, to manage a platform or ecosystem like this effectively under the pressure of cost-reductions and goal fulfillment.

Visual of a problem statement around Power Platform Governance models

But lucky us, humans not only does have the skill of idleness in some cases, we also do have the incredible skill and power to become creative and find solutions to almost unsolvable problems.

Entering a new era of Governance

In this case, I´d like to introduce you to another framework called DPRR – Framework. This being added or successfully implemented as being part of your IT-governance framework could significantly change the way of acting, the way of being cost-effective, and lower the amount of professionals needed to take into account for this? How´s that possible you think?

Visual that outlines the DPRR – Framework

An app modernization shortcap

Imagine the following situation: A team of professional developers being assigned a new project to modernize a legacy application, taking it into the next era and implementing modern, state-of-the-art features and capabilities. This legacy application being a pretty old, though over the years effectively working booking system. The programming language this app has been designed with, far away from being ready for an era of APIs, Microservices, or even SaaS interacting model.

To fulfill on this requirement the pro developer team starts considering their toolset. While a lot of tools already exists inside that company, the tool the pro developers would love to use, is not yet being licensed. Asking for budget coming outside of the app modernization project, the developers are granted to purchase a license for their tools needed. IT not being afraid of them using their tools as it should be. Governance?

What´s the difference we see in current low-code world?

We do see IT admins following their IT governance framework that always worked for them across the last decades, implementing and using above tools to secure and govern the Power Platform and of course ensuring compliance with company standards. But then it fails, when it comes to an even bigger amount of requests incoming, not only by IT developers requesting to use the Power Platform tools – this time business developers flushing the „waiting list“ and wants to join the „party of creation“. So instead of this developer toolset becomes an easy accessible toolset, it feels like becoming a big challenge to finally get your hands dirty with these tools, and this is due to IT admins oversizing/-thinking their governance role. And due to a lack of responsible admins, any requests incoming just fuels another set of backlog tasks list. So how can we change this?

DPRR Framework – a possible solution?

What would be, if using the DPRR Framework as an extension to your already implemented IT-governance framework for your company all of a sudden puts more responsibility on the side of your Power Platform Maker/Developer community? Them becoming your first and last line of defense when it comes back to securing the Platform? I´d like yours to think about this and come back with your feedback. Share a comment or sent a DM if you don´t like to publicly expose your thougths. Until then,…

Power Platform | Enterprise-grade governance

You may have heard or seen on LinkedIn and X social media feeds that the second edition of the Microsoft Power Platform Conference (MPPC) has been ongoing in Las Vegas this week. There´s been some important information around enterprise-grade governance shared recently, that I think, can be easily overlooked in all the buzz and news ongoing. Nevertheless, those are essential, being a Global- or Power Platform admin and considering your job being an easy scale-out environment- and tool adoption strategy for developers and users.

In detail, I am talking about:

• auto-claim for Power Apps licenses
• the public preview of Default Environment Routing
• enable your makers by creating Developer environments on makers’ behalf
• pipelines delegated deployments (SPN)

Enterprise-grade governance is more important than ever in the age of AI

Ryan Cunningham, VP Power Apps – Announcements during MPPC

In a previous article, I shared my thoughts around enabling default environment routing or not and in my last article, I provided more food for thought around TCO reduction impact on using such admin- and governance tools in the age of AI.

Talking to customers this week, to get their perspectives on news shared around the MPPC Conference, I was asked though to add more clarity to Global- and Power Platform admins choices coming with recent announcements. So I created the following visual to help outlining a possible, simplified decision journey.

Decision path for Global- and Power Platform admins

It starts from the left being a Global- or Power Platform admin, asking yourself some formal / general questions first, before diving deeper into the yes/no decisions to be made. Down left, you do find the latest option or creating Developer environments on maker´s behalf and of course taking into account of combining those with the Managed Environment feature or not. Admins kept asking me, why they would turn on Managed Environments for their Development environment(s)?

While there´re many benefits such as the weekly digest or extended backup feature, my main argument still is around the control of sharing. You want to ensure that in each Development environment sharing is limited to either Co-Developers or Testers. Certainly, what you don´t want is to have any users directly using any of the developer artifacts that maybe pointing to non-productional data sources. Or by using the artifacts directly out of the developer environments, them acting with extended (unwanted) security permissions.

As an admin, your main goal is to ensure an easy maintenance, lowering the IT costs, which is another aspect of choosing Managed Environments turned on for your Development environments. And as you can see in above visual, there´re some aspects that should be understood, when it comes to run-time experience (mainly used during test scenarios) or when developing artifacts, which are not part of the Power Apps developer plan license.

In the center area of the visual, you do find the new environments for makers that would come with Default Environment Routing being turned on. And of course those would live in a friendly relationship with shared Development environments that you´ve been using for ensuring a co-development of artifacts which are either project-based or where other requirements enforcing such development strategy.

On top middle of the visiual you do find the choices that you might have inherited from your M365 admin colleague. The Microsoft Teams environments and of course the beloved Default Environment. Even though I strictly simplified the decision path here (there´re many more questions that you could ask yourself), the main intention was to ensure the understanding of which licenses would need to be assigned to users. And yes, auto-claim for Power Apps licenses could play a significant role in here.

Last, but not least, to the right side you do find the ALM block, which again was simplified by selecting only the low-code ALM option. Pipelines in Power Platform. And the reason for this, was the recent announcement of supporting delegated deployments (SPN), which unlocks new capabilities for using this tool as your main ALM tool for all kinds of low-code generated artifacts.

While created thoughtfully and based on September licensing guide information, you know that creating such visual could always lead to follow-up questions or issues in terms of becoming outdated, or even containing errors. Therefore a strongly reminder to always proof-check results by using the latest and official licensing information instead. Until then,…

Power Platform | Help IT reducing TCO

I joined the Nordic Summit conference and did provide my retrospective on that in my previous article. In today´s call I´d like to pick-up and focus on an important topic that got stuck in my head. This „motion“ isn´t exclusive to this event, it´s been circling around for quite a while, having conversations with customers or consultants in the field.

the most apparent problem is that every user accessing a managed environment will need a premium license

Alex Shlega, Microsoft Power Platform Consultant/Solution Architect, Business Applications MVP

First things first: This is not a question of highlighting someone’s (unpopular) opinion or presenting the opinion as generally wrong. Alex wrote a nice detailed blog post around Managed Environments aiming to take over the CoE Starter Kit and provided his perspective on this. Part of it was above quoted statement. With it, I think he hit a common „mantra“ ongoing in regards to premium licenses for the Power Platform.

Why there´s a new mindset needed?

There´s pretty much no company C-level person I´ve been talking to, who doesn´t came up with a goal of IT costs needs to significantly decrease and we drastically need to lower the costs. Almost the same moment this person adding, that driving and growing innovation is key to keep an important role insight each industry market, remaining or becoming part of the „leaders box“. This is why many companies considering consolidation, refactoring and modernization strategies for their current IT landscape. Micro-servicing and democratize data in the era of AI might be something you´ll hear a lot, related to this. If you´re a CIO interested in Low-Code´s role on innovation, I recommend yours reading this.

What´s the role of Managed Environments for IT (or a company)?

Managed Environments is a suite of capabilities that allows admins to manage Power Platform at scale with more control, less effort, and more insights.

• Admins can use Managed Environments with any type of environment and enable it with a few steps.
• Managed Environments is included as an entitlement with various Power Platform and Dynamics 365 licenses, except for the Developer Plan when users run their assets.
• Managed Environments can help admins view and control their Power Platform or Dynamics 365 applications with less effort.

Overview – Managed Environments (as of September 2023)

If you haven´t recently got a chance to take a deeper look into the suite of tools that are part of Managed Environments, above visual will give you a glimpse of the current state as of September 2023. There´s quite a lot of tools and capabilities to discover being a Power Platform admin or user.

Why Managed Environments help reduce TCO?

Once you got yourself familiarized with the opportunities and capabilities offered by Managed Environments in general, you may raise above quoted statement as well. The best way of considering Managed Environments being a fit from a financial perspective is to consider the impact on lowering TCO for Power Platform as SaaSm therefore performing a TCO analysis. Let´s take a closer look.

Overview of the building blocks of TCO

While there´re various ways and no strict formula to calculate TCO, my guidance for IT is to consider the above building blocks. We do have five of them, though in practice I´ve seen a lot of TCO calculations only taking into account the first and last building block. When discussing Power Platform licensing strategy in general, why is this? Do we simply forget about all other building blocks or is it a matter of inconvenience (uncomfort) to take them into account for a better decision making?

Mapping and measuring is not an easy task

Many times, I´ve seen IT struggling with mapping and measuring. But you cannot make decisions on things you don´t see. Therefore, I am using below visual when driving value talks around Managed Environments and I would like to share it with yours.

Mapping Power Apps Premium and Power Automate Premium to TCO building blocks

Above visual takes into account a customer who would like to digest an investment into the most prominent Power Platform modules: Power Apps- and Power Automate Premium. Remember the quote from above? It basically states paying a monthly subscription for using Power Apps Premium and Power Automate Premium, but many forget: Both licenses entitle for using Managed Environments suite.

So an easy way of thinking about estimating the costs could be taking into acount a proportion of the price to pay for a premium user subscription matches the price of Managed Environments. In addition to this a smaller portion needs to be added for people using these tools for the three influential building blocks. This small price-portion though being significantly lower, compared to performing the tasks with different tools or manually.

As you can see inside shared above visual the main strength and goals of the tools provided with Managed Environments suite aim on reducing the TCO building blocks of Direct costs, Indirect costs, and Hidden costs. Admins are empowered to significantly lower these costs by using the tools in their daily admin-lifetime with the Power Platform. This starts by providing options on configuring and securing the Power Platform by features like:

• Sharing limits
• Customer Lockbox & CMK
• Advanced DLP for Desktop Flows
• IP Firewall

It continues with options on Training, Maintenance and Support, such as:

• Maker Onboarding
• Default Environment Routing
• License reports
• Receiving weekly digests

And of course options for SLA, Data Connectivity and -migration

• Export to App Insights
• Pipelines for Power Platform
• Extended Backup
• Solution Checker

Just to name a few examples of the current available tools inside the ME suite. Let´s recap again: The price for the tools of ME suite is a proportion of the price to pay for a premium user subscription + a small proportion for each building block ME is influencial on.

Now, if you´re able to perform these tasks within the above 3 TCO building blocks with different tools or manually in a more cost-optimized way, you´re free not to select Managed Environments being your suite of admin tools, which I call-out being another value and shows the flexible mix and match to fit your needs.

My Conclusion

If you´re instead using Managed Environments suite you´ll see short-term significant impact on reducing the TCO of owning Power Platform. The amount of hours saved by a single admin for instance filtering each environment manually on apps and flows that are no longer used, orphaned and should become archived and deleted. The development costs saved of building individual tools to ensure Makers being directed to a safe development ecosystem, that in addition to this also can be managed and become part of Pipelines for Power Platform. The amount of labor saved for ensuring environments can be recovered in terms of a disaster based on Extended Backup. Or the hours of time saved on individual user training for pointing newbies to an onboarding experience, them to self-serve their needs. I stop here as you might get the pattern.

We should ask why we don´t start the value talks helping IT significantly reducing TCO while providing an ecosystem for innovation where everyone feels included and being part of. Until, then…