Dataverse for Teams governance, part 2: environment approval process

In Part 1 of this series we looked at some of the challenges related to users creating new Dataverse for Teams environments. While there are admin capabilities in Microsoft Teams for blocking the use of tools like Power Apps via app permission policies, the end result from our experiment with these restrictions wasn’t exactly ideal.

This time we’ll use a different approach that offers a more sophisticated governance process for monitoring and administering Dataverse for Teams environments. We’ll leverage the Power Platform Center of Excellence (CoE) Starter Kit from Microsoft and show an example of the built-in process in action.

Environment creation: the default features

In this example, our Microsoft Teams user needs to organize a big event, so he/she creates a new team from the “Manage an event” template. To make it even easier to control the many announcements needed during the event lifecycle, he/she also browses the Teams app store for a dedicated tool. He/she discovers the Bulletins app from Microsoft and installs it into the Announcements channel. Upon app launch, it becomes apparent that this app is actually a Power Platform based solution:

Because this Bulletins app, like several other Teams sample apps, is actually based on Power Apps, there will have been a new Dataverse for Teams environment provisioned automatically. Normally there aren’t many visual clues for the user on what happens behind the scenes. They’ll just get this email from Microsoft Power Platform’s noreply address to welcome them to the app:

As the for the IT administrators managing the tenant, it will just appear as another line added into the environments list in Power Platform Admin Center:

We can’t do much to inform neither the admin nor the Teams user about this event. The available tenant wide capacity for environments will be reduced whenever such apps are installed by users. If these have been merely tests for interesting looking Teams apps, we may soon have a pile of unused Dataverse for Teams environments sitting there in our tenant.

Environment approval process, powered by CoE Starter Kit

If we have deployed the Power Platform Center of Excellence (CoE) Starter Kit, we can actually react to the provisioning of new Dataverse for Teams environments. This is because the CoE tools will automatically collect information from the tenant on a daily basis and store it in a specific environment dedicated to operating and monitoring the Power Platform governance processes.

Thanks to a Power Automate flow that comes preconfigured in CoE, the above user who deployed the Bulletins app will get a message from the flow bot within 24 hours. The adaptive card posted will contain information about the newly created environment and an explanation of the organization’s policy for Dataverse for Teams environment usage. Most importantly, there’s a call for action: “please provide a business justification or the environment may be deleted”.

What happens after the user shares us some insights on the business justification is that this information gets stored within the CoE record that represents this particular environment. These in turn can be viewed by the administrator responsible for managing the Power Platform resources within the tenant.

This decision point of collecting and evaluating the business justification from the user unlocks a new automation opportunity for us. As we now have a method to validate what the reasons behind the Dataverse for Teams environment creation actually have been, we can preserve the environments that the business needs and remove the ones that may have just been quick tests of new functionality. In fact, the CoE Starter Kit also contains a flow for Weekly Clean Up of Microsoft Teams environments that does the deletion automatically based on a predefined criteria (that we can of course modify to meet our needs).

Thanks to the catalog of environments, apps and flows that the CoE Starter Kit maintains within a dedicated Dataverse environment, we also have the possibility to combine this data with other relevant information sources and analyze it with Power BI. The standard CoE report is a great starting point for thinking about how we’d want to filter and drill into the environments and apps found within the tenant, be it in Dataverse for Teams or the full Microsoft Dataverse.

Conclusions

Enabling the self-service provisioning of both new teams as well as business applications within those teams can improve the business agility of the organization. Instead of requiring the users to follow a time consuming and sometimes daunting upfront approval process for requesting IT tools that would allow them to solve their business problems, perhaps we should turn this thinking around.

As long as we can monitor and control the usage of various apps, automations and data sources within our Microsoft 365 tenant, we don’t necessarily need to restrict the rights of users to experiment with them. Low-code tools like Microsoft Power Platform are all about unlocking bottom-up innovation and empowering the citizen developers to put their domain expertise into use. Backed by the many governance tools in Microsoft 365, Azure and Power Platform, this is what enables the practical approach to driving governed innovation that Microsoft talks about.

Here’s the catch: often times you’ll need to make use of this very same low-code platform to implement the governance processes needed for safe & systematic use of Power Apps, Power Automate, Power Virtual Agent, Dataverse and Microsoft Teams. The CoE Starter Kit made available by Microsoft on GitHub is meant to be a reference of such tools that will inspire your organization to find the model that best meets your needs.

Want to get started with Power Platform governance?

We have created the Power Platform Governance Starter Kit product to help you kickstart you low-code application platform journey with confidence. Tools, reports, analysis and guidance from the Forward Forever team of experts.

Read more