Manage Microsoft Dataverse for Teams environments
Microsoft Dataverse for Teams – now generally available – empowers users to build custom apps, bots, and flows in Teams by using Power Apps, Power Virtual Agents, and Power Automate in Microsoft Teams. When a team owner adds this capability to their team, a Microsoft Power Platform environment with a Microsoft Dataverse for Teams database is created and linked to their team.
Dataverse for Teams honors the existing data governance paradigms of Microsoft Power Platform and enables access control in the Teams Admin Center. The Power Platform admin center provides more detail, including monitoring dedicated capacity utilization and Data Loss Prevention (DLP) policies. Dataverse for Teams greatly simplifies environment lifecycle management and user security role management by aligning to Teams constructs.
You can leverage our philosophy of using Microsoft Power Platform to manage Microsoft Power Platform by building automation to send welcome emails to owners of new Dataverse for Teams environments and requesting business justification for the newly created environments. Central IT can then effectively engage with new makers and ensure that Dataverse for Teams capacity is used effectively in the tenant and distributed to the most valuable business use cases. Similar workflows can be used to apply specific DLP policies to Dataverse for Teams environments as needed and to invoke clean-up of unused assets that can be repurposed for more compelling scenarios in the tenant.
Govern environment creation
We recommend setting up reactive governance workflows and monitoring abilities to provide Team owners the ability to provide a business justification, and to provide admins with the ability to review the business justification:
- Team owners can provide a business justification for their new environment within X days of creating the environment
- Admins approve or reject the submitted business justifications, and optionally mark them for a later review.
- An automated cleanup runs periodically and deletes rejected or unclaimed (no justification provided) environments. If needed, deleted environments can be recovered within seven days from the Power Platform admin center.
- Admins can also review usage data and resource detailsperiodically, and can choose to delete unused environments to free up assets for important use cases.
A template implementation of this reactive governance process to manage Dataverse for Teams environments is available as part of the CoE Starter Kit.
Dedicated Dataverse for Teams environments will be used for appropriate business use cases. Additionally, admins can choose to set up public teams that are already backed by Dataverse for Teams environments where test or trial users can be directed to. A public Teams will ensure that the tenant capacity limits are applied to appropriate business use cases while still allowing individual users to test the new capabilities.
Monitoring Dataverse in Teams Capacity and Usage
Admins can leverage Power Apps Analytics and Power Automate Analytics reports in Power Platform admin center to view usage, performance and error details related to Dataverse for Teams environments.
Admins can monitor capacity usage for Dataverse for Teams environments using dedicated capacity views in PPAC.
Appropriate notifications are sent to the Teams owners when the environment is nearing 80% of its capacity. Notifications are also sent to tenant admins when the tenant is reaching 80% of its capacity. These capacity limits cannot be extended. As an admin, you can monitor inactive Dataverse for Teams environments in the tenant and invoke cleanup as appropriate, as well as have an automated cleanup of unused environments in place to free up capacity for more compelling scenarios.
A Power BI dashboard, which is already part of the CoE Starter Kit has been updated with dedicated Dataverse for Teams views. These views give admins visibility into how their organization is using Dataverse for Teams, and can further identify highly used as well as inactive environments.
Managing Data Loss Prevention policies
To manage data governance policies for newly created Dataverse for Teams environments we recommend one of these two options for creating Data Loss Prevention (DLP) policies:
- Create a policy spanning all environments except selected ones. Keep the available connectors in this policy limited to those that you want to expose to makers in Dataverse for Teams environments. By setting the scope of the DLP policy to Exclude certain environments, this policy will apply to any new environments that will be created in your tenant – including Dataverse for Teams or Trial environments. Any other type of new environments, like a Production or Sandbox environment, can be removed explicitly from this tenant-wide DLP policy and added to appropriate dedicated DLP policies suited for their use case.
- Create a policy specific for Dataverse for Teams environments. Keep the available connectors in this policy limited to those you want Team members to have access to. Set up a script using PowerShell cmdlets or a flow using admin connectors that periodically adds newly created Dataverse for Teams environments to this policy and removes them from the default tenant level policy.
Teams Admin Center Controls
Global or Teams admins can use Teams app controls through Teams admin center to enable/disable Microsoft Power Platform features within Teams. App controls are supported at an individual user level through Teams app permission policies and at tenant level through Teams manage apps settings.
|Teams Apps Control||Capabilities|
|Power Apps||Ability to create new Power Apps using Teams embedded maker experience. This is tied to the implicit ability to create new Dataverse for Teams environments |
Ability to use Dataverse or Dataverse in Teams apps within Teams using Power Apps app
|Power Virtual Agents||Ability to create new Power Virtual Agents using Teams embedded maker experience. This is tied to the implicit ability to create new Dataverse for Teams environments |
Ability to use Dataverse or Dataverse in Teams Power Virtual Agents within Teams using Power Virtual Agent app
|Shared Power Apps||Ability to use Dataverse or Dataverse in Teams Power Apps within Teams using Built by your colleagues catalog.|
|Shared Power Virtual Agents||Ability to use Dataverse or Dataverse in Teams Power Virtual Agents within Teams using Built by your colleagues catalog.|
|Various Sample Apps||Ability to create new Power Apps, Power Automate and Power Virtual Agents by using sample apps within Teams. This is tied to the implicit ability to create new Dataverse for Teams environments|
We recommend that given the coarse nature of these controls that block environment creator, maker and user access, admins should instead use reactive constructs – either by building their own or by using the templates in the CoE Starter Kit – in order to govern Dataverse in Teams environment creation workflows.
Admin and Governance Best Practices
This article is part of our Adoption Best Practices content – a series of articles providing proven guidance that’s designed to help you create and implement the business and technology strategies necessary for your organization to succeed with Microsoft Power Platform.
CoE Starter Kit
The CoE Starter Kit is a collection of templates that implement our best practices and are designed to help you get started with developing a strategy for adopting and supporting Microsoft Power Platform. Head over to the documentation or watch a brief overview video to learn more.