Administering power platform deployment planning

MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
MICROSOFT 365 VIRTUAL MARATHON
Administering Enterprise Power Platform deployment
Dipti Chhatrapati, Applied Information Science
Modern Workplace Architect [Microsoft RD]
Broughtto youby:
TheGlobalMicrosoft Community&
M365Conf.com | #M365CONF
#M365VM
M365VirtualMarathon.com

MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
Mark Your Calendars:
March 23-25, 2021, MGM Grand Resort
Las Vegas, Nevada, USA
M365Conf.com
#M365CONF
TheSharePoint Conferenceis nowTheMicrosoft 365 CollaborationConference
#M365VM
Broughtto youby:

THANK YOU TO ALL OUR GENEROUS SPONSORS

 Visit the Vendors Booth, Sessions and Watch the Videos
 Submit Your Answers to Enter the Raffle
 You need at least 5 correct answers then submit for a chance to win one of 3
(One in each Americas, APAC, EMEA)
ARE YOU READY FOR A RAFFLE?
WE ARE GIVING AWAY 3 OCULUS QUEST ALL IN ONE!
https://bit.ly/m365raffle

 Power Platform Scenarios and Architecture
 COE Starter Kit
 Security and Monitoring Power Platform
 ALM and DevOps with Power Platform
 Reference links
We would talk about in next few minutes…
Broughtto youby
M365Conf.com| #M365CONF

 Dipti Chhatrapati, Navi Mumbai, India.
 Modern Workplace Architect, Applied Information Science
 Member of Microsoft Regional Director Program
 Microsoft Identity, Security and Power platform
 Ahmedabad, Gujarat, India – Gujarati, Hindi, English
Bonjour, Namaste, Guten tag, Hola, Ola, 여보세요, こんにちは, Hello! 
Broughtto youby
#M365VM

Broughtto youby
The Microsoft Power Platform
The Low code platform that spans Office 365, Azure, Dynamics 365 and standalone apps
Power BI
Business analytics
Common
Data Service
Data
connectors
AI Builder
Power Virtual Agents
Intelligent virtual agents
Power Apps
Application development
Power Automate
Workflow automation
Broughtto youby

Power Platform is here to empower EVERYONE!
Broughtto youby
Innovation anywhere. Unlocks value everywhere

Broughtto youby:
Start Power Platform Admin run with High FIVE!
1km
2km
3km
4km
Configure COE Starter Kit
Plan Environment Strategy
Setup Security and Monitoring
5km
Establish Audit Processes
Deployment and ALM

Plan Environment Strategy
Broughtto youby
1km
#M365VM

Broughtto youby
Discover answers on these questions
• What environments exist?
• What is the type of environments?
• What is the purpose of default environment?
• What is the purpose of environment region?
• Who can create environments?
• Who can manage environments?

Broughtto youby
Quick glance on Environments
Azure AD Tenant
Environments

Broughtto youby
How to strategize environments?
1 Assign Admins a Power Platform Service Admin Role or Dynamic 365 Service Admin Role.
2 Restrict the creation of net-new trial and production environments to admins.
3 Treat the default environment as a ‘Personal productivity’ environment for your organization/Bus.
4 Establish a process for requesting access or creation of environments.
Dev/Test/Production environments for specific business groups or application.5
Individual-use environments for Proof of Concepts and training workshops.6

Broughtto youby
Demo : Environments
Reviewing Environments and its settings

Configure COE Starter Kit
Broughtto youby
#M365VM
2km

Broughtto youby:
Quick glance on Center of Excellence Starter Kit

Broughtto youby
Few COE Starter kit Apps
Extracting and archiving
unused power apps.
View how Power Apps apps in
your tenant are affected by DLP policies
Set App Owner of Power Application
Extracting information related to both power
apps and power automate in one place.
Flow to verify compliance details of an app

Broughtto youby
Demo : COE Kit
Reviewing Solutions and its components
Viewing COE Apps and Reports

Setup Security and Monitoring
Broughtto youby
#M365VM
3km

Broughtto youby
FIVE layers of Security
Dev

Broughtto youby
#1 - Conditional service access
Azure AD Premium required
Scenario coverage
 Grant/block access based upon
 User/Group
 Device
 Location

Broughtto youby
#2 - Environment security and access control
Env (no CDS)
Common
Data Service
Env (w/ CDS)
 Access is controlled at three levels
 Environment roles
 Resource permissions for apps/flows/custom connectors/etc.
 CDS security roles (if a CDS database has been provisioned)
 Once a CDS database has been created, the CDS
security roles take over for controlling security

Broughtto youby
#3 – Sharing Environment Resources
Sharing an App Sharing a custom connector
Sharing a portal Sharing a Flow in Power Automate

Broughtto youby
#4 - Security with CDS in an environment
 Each security role grants discrete privileges  Data can be secured down to the field level

Broughtto youby
#4 - Environment Security Roles
Persona Details Environment has CDS Environment does not have CDS
Environment Admin Can perform all administrative actions
on an environment.
System Administrator (predefined) security
role
Environment Admin role assignment
Environment Maker • Can create resources (e.g., apps and
flows) in an environment but cannot
make administrative actions on the
environment itself.
• If CDS is provisioned, they can
optionally be assigned maker access
to the database.
Environment Maker (predefined) security
role for Canvas and Flow.
System Customizer (predefined) security
role for Model/CDS customization.
Environment maker role assignment
End user Can access assets like apps and flow
buttons that are shared with them but
cannot create assets themselves.
Note that end users are not given
permission to the environment itself,
they’re only shared access to the
applications and database that are
located in an environment.
Customized security role that provide
access to assets in the environment (such
as CDS and Model Driven apps). If using
canvas apps, access is shared the same as
non-CDS environments–at the app level.
Custom security roles are created to
support applications built in your
organization.
Custom security roles can also come with
applications you install from AppSource or
if your users sign up for Dynamics 365.
Users are shared access to the canvas
app (no environment role assigned)

Broughtto youby
#5 - Cross-tenant inbound & outbound restrictions
Customer Tenant
Contoso
3rd Party Tenant
Fabrikam
Fabrikam user can establish a connection
using Contoso credentials
Contoso User can establish
a connection using Fabrikam credentials

Broughtto youby
#5 - Cross Tenant Access – Restrict outbound
Customer Tenant
Contoso
3rd Party Tenant
Fabrikam
Globex user can establish a connection
Contoso User is blocked from
connecting using Fabrikam credentials
https://aka.ms/adtenantrestrictions => this applies to all Azure AD Cloud SaaS app

Broughtto youby
#5 - Cross Tenant Access – Restrict inbound
Customer Tenant
Contoso
3rd Party Tenant
Fabrikam
Fabrikam user is blocked connecting
Contoso User can establish a connection
using Fabrikam credentials
Requires support ticket today => this restriction only applies to Power Apps and Power Automate

Broughtto youby
Data policies for connectors
 Data loss prevention policies (DLP) enforce
rules for which connectors can be used
together
 Connectors are classified as either Business
Data only or No Business Data allowed
 A connector in the business data only group
can only be used with other connectors
from that group in the same app or flow
 Tenant admins can define policies that apply
to all environments
 Non-Microsoft connectors can fully blocked
using DLP policies

Broughtto youby:
How to strategize DLP Policies?

Broughtto youby
Example DLP policy
Connectors used in
application or flow
Impact of DLP
SharePoint and OneDrive This would be allowed
Common Data Service This would be allowed
Common Data Service and SharePoint This would not be allowed
SharePoint and Twitter This would be allowed
SharePoint,TwitterandCommonDataService This would not be allowed
 DLP Policy Connector Assignment  Apps and Flow Behavior as a result of DLP policy assignment
 Error message in Power Automate is Flow uses connectors which are in different groups

Broughtto youby
Monitoring Power Platform

Broughtto youby
• What policies exist?
• What licenses users are assigned to?
• What is the capacity requirement?
• What connectors will be needed?
• What plans would be requiring?

Broughtto youby
Demo : Security and Monitoring
Reviewing security roles
Sharing Apps
Setting App Owner using COE App
Managing DLP Policies using COE App
Monitoring Power Platform usage

Establish Audit Processes
Broughtto youby
#M365VM
4km

Broughtto youby
Power platform Auditing
Common
Data
Service
Auditing
Office 365
Activity
Logging
• Office 365 Compliance Center
• search and view Power Apps and
Power Automate events
• Audit data is retained for 90 days
• Dynamic 365 Portal
• Audit entities and attributes data changes
• Audit data is retained until configuration is
disabled or deleted.

Broughtto youby
Automation with Power Platform
PowerShell
Cmdlets
Power
Automate
Connectors
Power
Automate
Templates
CoE Starter Kit

Broughtto youby
Demo : Auditing
Reviewing Logging events in Office 365
Configuring CDS Entities Auditing

Deployment and ALM
Broughtto youby
#M365VM
5km

Broughtto youby
Solutions Types
Managed
Solution
Unmanaged
Solution
• Dev Environment
• Add/Remove components
• Export solution
• Test/UAT/Prod Environment
• Can not Add/Remove components
• Can not export solution

Broughtto youby
Solutions Layering
The ultimate behavior = The culmination of the system solution, managed and unmanaged solutions.

Broughtto youby
• What is the purpose of solution types?
• How to manage solutions?
• How to versioning solutions?
• What is the Application Life Cycle Management?
• How to get ready for the new application?
• How to use DevOps to track and manage deployment?
• How to import/export/update existing application?
• What is the process for retiring and removing an application?
• What are the build tasks in PowerApps Build Tools to use in DevOps?

Broughtto youby
Power Platform with DevOps
1. Initialize Azure DevOps.
2. Install PowerApps Build Tools.
3. Build Pipelines.

Broughtto youby
Demo : Power Platform with DevOps
Managing Unmanaged/Managed Solution in Admin Center
Export/Import Solutions in different environments

Broughtto youby
Points to be noted…
 Environments and Security
 Establish an environment strategy and a process
 Set up security policies
 COE Starter Kit
 Understand different components of COE starter kit
 Monitoring
 Regularly check the available environment capacity.
 Review the top storage used by environments.
 Regularly check on system jobs.
 Monitor usage and look for insights related to types of flows and
apps
 Auditing
 Create new alert policies.
 Frequently review the auditing data in CDS and Office 365 log
search .
 Deployment and ALM
 Familiarize yourself with PowerShell commands against power
platform.
 Familiarize yourself with ALM operations via solutions.
 Understand the PowerApps Build tasks using DevOps

Broughtto youby
Empower Community

Broughtto youby
Nurture your colleagues with Power Platform
Evangelism
Community
development
Training and
Support

Broughtto youby
Resources to Checkout
 Microsoft Docs https://docs.microsoft.com/en-us/power-platform/admin/admin-powerapps-enterprise-deployment
 Licensing Guide - https://docs.microsoft.com/en-us/power-platform/admin/pricing-billing-skus
 Hands on Labs - https://aka.ms/powerplatformlabs
 Blogs - https://powerapps.microsoft.com/en-us/blog/
 Pluralsight Course - https://www.pluralsight.com/courses/power-platform-administration-foundation
 Power Platform Adoption Framework - https://github.com/PowerPlatformAF/PowerPlatformAF
 The Power Apps community - https://powerusers.microsoft.com/
 Support Ticket from Power Platform Admin Center - https://admin.powerplatform.microsoft.com/support
 Microsoft Learn - https://docs.microsoft.com/en-us/learn/modules/introduction-power-platform/
 Finding Partners - https://PowerApps.microsoft.com/partners
 Power Platform Ideas –
Power Apps - https://powerusers.microsoft.com/t5/Power Apps-Ideas/idb-p/Power AppsIdeas
Power Automate - https://powerusers.microsoft.com/t5/Flow-Ideas/idb-p/FlowIdeas
Power BI - https://ideas.powerbi.com/forums/265200-power-bi-ideas

Broughtto youby
Power Platform Sessions at M365VM around governance!
Mile Speaker Session
Mile 1 Jon Levesque This is more than just technology...
Mile 4 Paul Swider Under the Hood: Power Platform and CDS Portals
Mile 5 Kunal Kankariya Power Apps Build Tools - Automate ALM
Mile 6 Ashley Rogers Taming the Wild West: Governance in the Power Platform
Mile 6 Johnny Lopez Understanding the COE Starter Kit for the Power Platform
Mile 6 David Drever Securing Your Data within Microsoft's Power Platform
Mile 6 Ralph Rivas Understanding Power Platform licensing

CONSIDER DONATING TO THE FOLLOWING CHARITY RELIEF FUNDS:
UNITED WAY: HTTPS://GIVE.UWKC.ORG/M365VM
INTERNATIONAL MEDICAL CORPS: HTTPS://BIT.LY/MEDICALCORPSFUND
10% OF FUNDS FROMSPONSORS GOTO SUPPORT COMMUNITY RELIEF.
FOR MORE INFORMATION WRITE TOINFO@M365VIRTUALMARATHON.COM

MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
Let’s Discuss 

MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
THANK YOU FOR JOINING US!
DO YOU HAVE ANY QUESTIONS?
Speaker feedback
https://bit.ly/M365VMSpeakerFeedback
Event feedback
https://bit.ly/M365VMFeedback

MICROSOFT 365
Virtual MARATHON
May 27 & 28, 2020
36 hours / 2 days
THANK YOU FOR JOINING US!
Broughtto youby
#M365VM

Administering power platform deployment planning

More Related Content

What's hot (20)

Similar to Administering power platform deployment planning (20)

More from Dipti Chhatrapati (17)

Recently uploaded (20)

Administering power platform deployment planning