Microsoft Power Platform is a high-productivity application development platform from Microsoft. Join this session to learn and prepare yourself in planning, securing, deploying, and supporting applications built on the platform. Know the key concepts and platform architecture to make necessary decisions for your organization to ensure successful deployments.
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Administering power platform deployment planning
1. MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
MICROSOFT 365 VIRTUAL MARATHON
Administering Enterprise Power Platform deployment
Dipti Chhatrapati, Applied Information Science
Modern Workplace Architect [Microsoft RD]
Broughtto youby:
TheGlobalMicrosoft Community&
M365Conf.com | #M365CONF
#M365VM
M365VirtualMarathon.com
2. MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
Mark Your Calendars:
March 23-25, 2021, MGM Grand Resort
Las Vegas, Nevada, USA
M365Conf.com
#M365CONF
TheSharePoint Conferenceis nowTheMicrosoft 365 CollaborationConference
#M365VM
M365VirtualMarathon.com
Broughtto youby:
TheGlobalMicrosoft Community&
M365Conf.com | #M365CONF
4. Visit the Vendors Booth, Sessions and Watch the Videos
Submit Your Answers to Enter the Raffle
You need at least 5 correct answers then submit for a chance to win one of 3
(One in each Americas, APAC, EMEA)
ARE YOU READY FOR A RAFFLE?
WE ARE GIVING AWAY 3 OCULUS QUEST ALL IN ONE!
https://bit.ly/m365raffle
5. Power Platform Scenarios and Architecture
COE Starter Kit
Security and Monitoring Power Platform
ALM and DevOps with Power Platform
Reference links
We would talk about in next few minutes…
Broughtto youby
M365Conf.com| #M365CONF
6. Dipti Chhatrapati, Navi Mumbai, India.
Modern Workplace Architect, Applied Information Science
Member of Microsoft Regional Director Program
Microsoft Identity, Security and Power platform
Ahmedabad, Gujarat, India – Gujarati, Hindi, English
Bonjour, Namaste, Guten tag, Hola, Ola, 여보세요, こんにちは, Hello!
Broughtto youby
M365Conf.com| #M365CONF
#M365VM
M365VirtualMarathon.com
7. Broughtto youby
M365Conf.com| #M365CONF
The Microsoft Power Platform
The Low code platform that spans Office 365, Azure, Dynamics 365 and standalone apps
Power BI
Business analytics
Common
Data Service
Data
connectors
AI Builder
Power Virtual Agents
Intelligent virtual agents
Power Apps
Application development
Power Automate
Workflow automation
Broughtto youby
M365Conf.com| #M365CONF
8. Power Platform is here to empower EVERYONE!
Broughtto youby
M365Conf.com| #M365CONF
Innovation anywhere. Unlocks value everywhere
9. Broughtto youby:
TheGlobalMicrosoft Community&
M365Conf.com | #M365CONF
Start Power Platform Admin run with High FIVE!
1km
2km
3km
4km
Configure COE Starter Kit
Plan Environment Strategy
Setup Security and Monitoring
5km
Establish Audit Processes
Deployment and ALM
11. Broughtto youby
M365Conf.com| #M365CONF
Discover answers on these questions
• What environments exist?
• What is the type of environments?
• What is the purpose of default environment?
• What is the purpose of environment region?
• Who can create environments?
• Who can manage environments?
13. Broughtto youby
M365Conf.com| #M365CONF
How to strategize environments?
1 Assign Admins a Power Platform Service Admin Role or Dynamic 365 Service Admin Role.
2 Restrict the creation of net-new trial and production environments to admins.
3 Treat the default environment as a ‘Personal productivity’ environment for your organization/Bus.
4 Establish a process for requesting access or creation of environments.
Dev/Test/Production environments for specific business groups or application.5
Individual-use environments for Proof of Concepts and training workshops.6
17. Broughtto youby
M365Conf.com| #M365CONF
Few COE Starter kit Apps
Extracting and archiving
unused power apps.
View how Power Apps apps in
your tenant are affected by DLP policies
Set App Owner of Power Application
Extracting information related to both power
apps and power automate in one place.
Flow to verify compliance details of an app
21. Broughtto youby
M365Conf.com| #M365CONF
#1 - Conditional service access
Azure AD Premium required
Scenario coverage
Grant/block access based upon
User/Group
Device
Location
22. Broughtto youby
M365Conf.com| #M365CONF
#2 - Environment security and access control
Env (no CDS)
Common
Data Service
Env (w/ CDS)
Access is controlled at three levels
Environment roles
Resource permissions for apps/flows/custom connectors/etc.
CDS security roles (if a CDS database has been provisioned)
Once a CDS database has been created, the CDS
security roles take over for controlling security
24. Broughtto youby
M365Conf.com| #M365CONF
#4 - Security with CDS in an environment
Each security role grants discrete privileges Data can be secured down to the field level
25. Broughtto youby
M365Conf.com| #M365CONF
#4 - Environment Security Roles
Persona Details Environment has CDS Environment does not have CDS
Environment Admin Can perform all administrative actions
on an environment.
System Administrator (predefined) security
role
Environment Admin role assignment
Environment Maker • Can create resources (e.g., apps and
flows) in an environment but cannot
make administrative actions on the
environment itself.
• If CDS is provisioned, they can
optionally be assigned maker access
to the database.
Environment Maker (predefined) security
role for Canvas and Flow.
System Customizer (predefined) security
role for Model/CDS customization.
Environment maker role assignment
End user Can access assets like apps and flow
buttons that are shared with them but
cannot create assets themselves.
Note that end users are not given
permission to the environment itself,
they’re only shared access to the
applications and database that are
located in an environment.
Customized security role that provide
access to assets in the environment (such
as CDS and Model Driven apps). If using
canvas apps, access is shared the same as
non-CDS environments–at the app level.
Custom security roles are created to
support applications built in your
organization.
Custom security roles can also come with
applications you install from AppSource or
if your users sign up for Dynamics 365.
Users are shared access to the canvas
app (no environment role assigned)
26. Broughtto youby
M365Conf.com| #M365CONF
#5 - Cross-tenant inbound & outbound restrictions
Customer Tenant
Contoso
3rd Party Tenant
Fabrikam
Fabrikam user can establish a connection
using Contoso credentials
Contoso User can establish
a connection using Fabrikam credentials
27. Broughtto youby
M365Conf.com| #M365CONF
#5 - Cross Tenant Access – Restrict outbound
Customer Tenant
Contoso
3rd Party Tenant
Fabrikam
Globex user can establish a connection
using Contoso credentials
Contoso User is blocked from
connecting using Fabrikam credentials
https://aka.ms/adtenantrestrictions => this applies to all Azure AD Cloud SaaS app
28. Broughtto youby
M365Conf.com| #M365CONF
#5 - Cross Tenant Access – Restrict inbound
Customer Tenant
Contoso
3rd Party Tenant
Fabrikam
Fabrikam user is blocked connecting
using Contoso credentials
Contoso User can establish a connection
using Fabrikam credentials
Requires support ticket today => this restriction only applies to Power Apps and Power Automate
29. Broughtto youby
M365Conf.com| #M365CONF
Data policies for connectors
Data loss prevention policies (DLP) enforce
rules for which connectors can be used
together
Connectors are classified as either Business
Data only or No Business Data allowed
A connector in the business data only group
can only be used with other connectors
from that group in the same app or flow
Tenant admins can define policies that apply
to all environments
Non-Microsoft connectors can fully blocked
using DLP policies
31. Broughtto youby
M365Conf.com| #M365CONF
Example DLP policy
Connectors used in
application or flow
Impact of DLP
SharePoint and OneDrive This would be allowed
Common Data Service This would be allowed
Common Data Service and SharePoint This would not be allowed
SharePoint and Twitter This would be allowed
SharePoint,TwitterandCommonDataService This would not be allowed
DLP Policy Connector Assignment Apps and Flow Behavior as a result of DLP policy assignment
Error message in Power Automate is Flow uses connectors which are in different groups
33. Broughtto youby
M365Conf.com| #M365CONF
Discover answers on these questions
• What policies exist?
• What licenses users are assigned to?
• What is the capacity requirement?
• What connectors will be needed?
• What plans would be requiring?
34. Broughtto youby
M365Conf.com| #M365CONF
Demo : Security and Monitoring
Reviewing security roles
Sharing Apps
Setting App Owner using COE App
Managing DLP Policies using COE App
Monitoring Power Platform usage
36. Broughtto youby
M365Conf.com| #M365CONF
Power platform Auditing
Common
Data
Service
Auditing
Office 365
Activity
Logging
• Office 365 Compliance Center
• search and view Power Apps and
Power Automate events
• Audit data is retained for 90 days
• Dynamic 365 Portal
• Audit entities and attributes data changes
• Audit data is retained until configuration is
disabled or deleted.
42. Broughtto youby
M365Conf.com| #M365CONF
Discover answers on these questions
• What is the purpose of solution types?
• How to manage solutions?
• How to versioning solutions?
• What is the Application Life Cycle Management?
• How to get ready for the new application?
• How to use DevOps to track and manage deployment?
• How to import/export/update existing application?
• What is the process for retiring and removing an application?
• What are the build tasks in PowerApps Build Tools to use in DevOps?
45. Broughtto youby
M365Conf.com| #M365CONF
Points to be noted…
Environments and Security
Establish an environment strategy and a process
Set up security policies
COE Starter Kit
Understand different components of COE starter kit
Monitoring
Regularly check the available environment capacity.
Review the top storage used by environments.
Regularly check on system jobs.
Monitor usage and look for insights related to types of flows and
apps
Auditing
Create new alert policies.
Frequently review the auditing data in CDS and Office 365 log
search .
Deployment and ALM
Familiarize yourself with PowerShell commands against power
platform.
Familiarize yourself with ALM operations via solutions.
Understand the PowerApps Build tasks using DevOps
48. Broughtto youby
M365Conf.com| #M365CONF
Resources to Checkout
Microsoft Docs https://docs.microsoft.com/en-us/power-platform/admin/admin-powerapps-enterprise-deployment
Licensing Guide - https://docs.microsoft.com/en-us/power-platform/admin/pricing-billing-skus
Hands on Labs - https://aka.ms/powerplatformlabs
Blogs - https://powerapps.microsoft.com/en-us/blog/
Pluralsight Course - https://www.pluralsight.com/courses/power-platform-administration-foundation
Power Platform Adoption Framework - https://github.com/PowerPlatformAF/PowerPlatformAF
The Power Apps community - https://powerusers.microsoft.com/
Support Ticket from Power Platform Admin Center - https://admin.powerplatform.microsoft.com/support
Microsoft Learn - https://docs.microsoft.com/en-us/learn/modules/introduction-power-platform/
Finding Partners - https://PowerApps.microsoft.com/partners
Power Platform Ideas –
Power Apps - https://powerusers.microsoft.com/t5/Power Apps-Ideas/idb-p/Power AppsIdeas
Power Automate - https://powerusers.microsoft.com/t5/Flow-Ideas/idb-p/FlowIdeas
Power BI - https://ideas.powerbi.com/forums/265200-power-bi-ideas
49. Broughtto youby
M365Conf.com| #M365CONF
Power Platform Sessions at M365VM around governance!
Mile Speaker Session
Mile 1 Jon Levesque This is more than just technology...
Mile 4 Paul Swider Under the Hood: Power Platform and CDS Portals
Mile 5 Kunal Kankariya Power Apps Build Tools - Automate ALM
Mile 6 Ashley Rogers Taming the Wild West: Governance in the Power Platform
Mile 6 Johnny Lopez Understanding the COE Starter Kit for the Power Platform
Mile 6 David Drever Securing Your Data within Microsoft's Power Platform
Mile 6 Ralph Rivas Understanding Power Platform licensing
50. CONSIDER DONATING TO THE FOLLOWING CHARITY RELIEF FUNDS:
UNITED WAY: HTTPS://GIVE.UWKC.ORG/M365VM
INTERNATIONAL MEDICAL CORPS: HTTPS://BIT.LY/MEDICALCORPSFUND
10% OF FUNDS FROMSPONSORS GOTO SUPPORT COMMUNITY RELIEF.
FOR MORE INFORMATION WRITE TOINFO@M365VIRTUALMARATHON.COM
52. MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
THANK YOU FOR JOINING US!
DO YOU HAVE ANY QUESTIONS?
Speaker feedback
https://bit.ly/M365VMSpeakerFeedback
Event feedback
https://bit.ly/M365VMFeedback
53. MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
THANK YOU FOR JOINING US!
Broughtto youby
M365Conf.com| #M365CONF
#M365VM
M365VirtualMarathon.com