400 likes | 431 Views
PowerApps and Microsoft Flow: Best Practices for managing these two applications. James Oleinik (Principal Group Program Manager). BRK1068. So we’re looking at rolling out PowerApps and Flow and…. So we’re looking at rolling out PowerApps and Flow and… I have some questions!.
E N D
PowerApps and Microsoft Flow:Best Practices for managing these two applications James Oleinik (Principal Group Program Manager) BRK1068
So we’re looking at rolling out PowerApps and Flow and…I have some questions!
So we’re looking at rolling out PowerApps and Flow and…I have some questions! How do I make sure that my company’s data is secure? How do I control who can create, what they create, and who has access? Where can I go to view what people have already built? What is the right way to roll-out a solution company-wide? ….
Customer Service Project ServiceAutomation Finance &Operations Field & Service Sales Retail Dynamics 365 Talent Marketing Data + intelligence Power BI PowerApps Flow Power Platform
Power platform Vision PowerApps and Microsoft Flow empower users and teams within your organization to do more. Microsoft wants to empower Admins, the same way we empower app and flow makers. Create your own governance capabilities using the same building blocks (APIs) that Microsoft uses within our Admin experiences.
Build the governance plan that is right for your org! • Secure • Monitor • Alert & Action
Build the governance plan that is right for your org! • Secure • Monitor • Alert & Action • PowerApps and Flow Governance Whitepaper • Data loss prevention policies • Azure Active Directory Conditional Access • Activity logging through Office 365 Security and Compliance center. • Out-of-box analytics for admins • PowerApps and Flow PowerShell cmdlets • Power platform management connectors *new* *new* *new* *new* *new* PowerApps and Microsoft Flow Governance and Deployment whitepaper: https://aka.ms/powerappsadminwhitepaper
#1 Secure your data and network • PowerApps and Flow do not provide users with access to any data assets that they don’t already have access to. Users should only have access to data that they really require access to. • Network Access control policies can also apply to PowerApps and Flow. Blocking access to a site from within a network by blocking the sign-on page will also prevent connections to that site from being created in PowerApps & Flow.
#2 Consider location-based conditional access Available for PowerApps and Microsoft Flow Azure AD Premium Required Scenario coverage: • Grant/Block access based upon: • User/Group • Device • Location • Microsoft Application Management (MAM) support coming this fall.
Creating a Conditional Access Policy • Select User/Group • Select the Cloud apps • Apply Conditions
#3 Know your environments Environments are containers that administrators can use to manage apps, flows, connections, and other assets; along with permissions to allow organization users to use the resources CDS CDS CDS
#3 Know your environments • Environments are tied to a geographic location that is configured at the time the environment is created. • Environments can be used to target different audiences and/or for different purposes such as dev, test and production. • Every tenant has a default environment, created automatically
#3 Know your environments… and your access control • Access is controlled at three levels: • Environment roles • Resource permissions for apps/flows/etc. • CDS database security roles • Key out-of-box security roles: • Environment Admin / System Administrator • Environment Maker • System Customizer • Default environment = everyone is an Environment Maker • Global tenant admins have admin access to all environments • Environments are tied to a geographic location that is configured at the time the environment is created. • Environments can be used to target different audiences and/or for different purposes such as dev, test and production. • Every tenant has a default environment, created automatically
#4 Prevent data leakage with DLP policies • Data loss prevention policies (DLP) enforce rules for which connectors can be used together by classifying connectors as either Business Data only or No Business Data allowed. • Simply, if you put a connector in the business data only group, it can only be used with other connectors from that group in the same app. • Tenant admins can define policies that apply to all environments
#5 Review the audit trail • Activity Logging integrated with Office Security and Compliance center for comprehensive logging across Microsoft services like Dynamics 365 and Office 365 • The audit records are stored in O365 Security and Compliance center. • Office provides an API to query this data, which is currently used by many SIEM vendors to use the Activity Logging data for reporting
#7 View PowerApps admin analytics & Microsoft Flow admin analytics Available now in preview from the new Power platform admin center – https://aka.ms/ppac Active User and App Usage - How many users are using an app and how often? Location – Where is the usage? Service Performance of connectors, including custom, and drive visibility to fix if/as required Error reporting – which are the most error prone apps, error details being seen by users? Run metrics - Active runs, success and cancelled Flows in use by type and date Flows created by type and date Flows shared by type and date Error - All up views of errors in my flows and ability to drill down into specific flow Flow usage by connector – Including number of runs and connections
#8 Leverage the PowerApps & Microsoft Flow admin center • View and manage environments • View and manage all apps and flows within an environment • View and manage your CDS database • Requires a PowerApps Plan 2 or Microsoft Plan 2 license
#9 Build flows to alert on key audit events • An example of alerting that can be implemented is subscribing to Office 365 Security and Compliance Audit Logs. • This can be achieved through either a webhook subscription or polling approach. However, by attaching Flow to these alerts, we can provide administrators with more than just email alerts. Activity Logging Web Svc PowerApps logs Microsoft Flow logs Admin Microsoft Flow
#10 Build the policies you need with PowerApps, Microsoft Flow, and PowerShell • The new PowerShell Cmdlets place full control in the hands of admins to automate the governance policies necessary.
#10 Build the policies you need with PowerApps, Microsoft Flow, and PowerShell • The new PowerShell Cmdlets place full control in the hands of admins to automate the governance policies necessary. and • The new Management connectors provide the same level control but with added extensibility and ease-of-use by leveraging PowerApps and Flow. Microsoft Flow Management Connector (existing) Flow Management Connector for Admins PowerApps Management Connector for Admins PowerApps Management Connector for App Makers Power platform for Admins
Admin & Governance Customer Hackathon “The PowerApps Admin Connectors are key to good proactive governance. Using the platform as a solution to the governance and compliance issues thrown up by the platform. We need admin connectors for the whole of the MS stack.” Keith Whatling Route Performance Sr Analyst
Customer Scenarios Created a Flow to notify Admins when an app is shared with the entire organization. Flow to automatically execute Admin Governance actions. Flow that notifies Admins and PowerApp owner when an app is created with a connection to a flagged API connection. PowerApp that promotes itself by sharing permissions. PowerApp to browse a curated applications catalog.
Demo: Building against the management connectors Read the blogs & download the samples here aka.ms/adminconnectors aka.ms/listnewconnectors aka.ms/listnewresources
10 best practices for PowerApps and Flow Governance • Secure your data and network • Consider location-based conditional access • Know your environments & access control • Prevent data leakage with data loss prevention policies • Review the audit trail • Download the PowerApps & Microsoft Flow license report • View PowerApps & Microsoft Flow admin analytics • Leverage the PowerApps & Microsoft Flow admin center • Build flows to alert on key audit events • Build the policies you need with PowerApps, Microsoft Flow, and PowerShell #1 Secure #2 Monitor #3 Alert & Action
Business Applications Communities Learn • Connect • Share • Inspire Join the Microsoft Business Applications Communities where you can connect with peers and experts. Get answers to complex questions, learn from engaging discussions, read informative blogs, view webinars, and find product use examples in galleries. https://community.dynamics.com https://community.powerapps.com https://community.powerbi.com https://community.flow.microsoft.com Benefits Engagement Recognition Join for free Access tips, answers, and shared knowledge from experts Expand your network by engaging with peers Need help? Ask questions and join in on business or technical discussions in the forums Share your expertise by hosting a blog or syndicating your existing blog Earn badges for participation and engagement Become a Community Star and earn appreciation from peers
Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations