Introducing the PowerApps Center of Excellence Starter Kit

A Center of Excellence (CoE), as talked about in this blog post, refers to an entity that is responsible for nurturing the growth of PowerApps and Microsoft Flow in their organization, while applying the right administrative guardrails.

The responsibilities of a CoE typically fall into these four buckets:

1. Administration & Governance
2. Nurture
3. Support
4. Operations

For a more detailed explanation of the functions and best practices to establish a CoE – see the talk titled “Tried and tested techniques for establishing a CoE”, that was presented at the Microsoft Business Applications Summit in June 2019. You can download the ppt here.

As the talk lays out, a CoE could start off quite simple with a single individual using the provided tools and best practices to get a view into PowerApps activity in their organization, or may grow into a more mature investment with multiple functions and roles, such as in the case of Chevron, where they’ve established a 20+ person CoE to manage multiple aspects of governance, training, support and automated app deployment across the organization.

We would encourage the reader to understand where they are in their adoption journey and invest accordingly. A key principle is to get clear about why you’re setting up a CoE, what you aim to accomplish and the business outcomes you hope to achieve. Then get started, and learn and evolve along the way. For many, the CoE is a first step in fostering greater creativity and innovation across the organization by empowering business units to digitize and automate their business processes, while maintaining the necessary level of central oversight and governance. In its fullness, a CoE typically encompasses all the functions mentioned above, in some form.

Center of Excellence Starter Kit

The Center of Excellence (CoE) Starter Kit is a collection of templatized best practices, that are designed to help organizations get started with tools needed to set up a CoE. Today the starter kit focused specifically on the Administration and Governance function of the CoE, but we do plan to grow it over time to be more encompassing of all the CoE functions listed above.

The download link for the CoE package, including setup instructions, documentation  and source code can be found at the end of this blog post.

Before we dig into CoE Starter Kit features, we did want to take a slight detour to explain our philosophy around rolling out Admin & Governance features and point out where the CoE Starter Kit fits in that context.

Why the need for a CoE Starter Kit

Our Admin and Governance capabilities can be broadly categorized into three categories.

Out of the Box features:  These core capabilities for admins and makers exist in the product admin portals and are the easiest and most robust way to complete tasks. For example, Environment and DLP Policy creation can be executed in the PowerApps and Flow admin centers.

Platform extensions: There are four ‘admin connectors’ that provide access to the same APIs that the out-of-box product use. These have been exposed through the connectors library to give users the ability to create custom solutions to execute administrative or governance related tasks. Please refer to the Admin connectors blogs for details. For example, provisioning a new Environment can be automated using the admin connectors.

The use of the extensions (and templates below) represents a feedback loop, that we use to help prioritize our out of the box product admin  features.

Templates and Customization: The CoE Starter Kit falls into this category. It is a set of templates that use the admin connectors in combination with other connectors and formulas to achieve some specified goal. The nature of a template is to provide a good solution for that specific task, but it might not have the exact functionality that everyone needs and could require adjustment to achieve what others might be looking for. For example, admins could use the Environment creation template that comes with the  Starter Kit, or they can use it as a starting point and modify it as appropriate.

CoE Starter Kit Features

To delve into the administration and governance steps in more detail, watch the admin breakout sessions from the 2019 Microsoft Business Applications Summit here.

The starter kit consists of multiple tools that are designed to help facilitate some of the responsibilities of a CoE. The scenarios available in the kit align with the following steps, which are recommended to follow when establishing governance:

These scenarios align with real needs we observed throughout our customer interactions, and are intended to act as a starting point that should be extended.

DLP Strategy

Today, if a DLP policy is created by an admin, there is no good way of determining what apps will be affected ‘out-of-box’ in the PowerApps admin center. Although policies should definitely be put in place to increase security, implementing a policy in a tenant with existing resources risks disrupting some existing business processes. The goal of the DLP Editor canvas app is to provide admins a view of what resources will be disabled if a new or updated policy were to be enforced. Using the admin connectors, it is able to read DLP policies and details about each app’s connection references, and outputs a list of apps with connection references in opposing groups. Since the connectors also provide details about the current app owner, the app allows the user to communicate with the owner to determine the best course of action based on the requirements of the policy.

Catalog tenant resources, visualize data in Power BI

The admin centers provide a view of PowerApps and Flows in each environment to admins, but it does not have all the data listed in a tenant-wide view and there are some additional details that might be useful to display together. To make visualizing data in the tenant easier, multiple components are included to help enable such a tenant-wide view.

First, a Flow called “Admin | Sync Template” uses the admin connectors to read all data in all environments, including PowerApps, Flows, Connectors, Connection References and Makers. This data is stored in CDS entities that match the schema of the objects returned from the admin connectors, basically copying the data from the API. Once the data is synced, there is a master list that can be easily visualized in the provided Power BI Dashboard. Although it might be the same data that was accessible before in the admin center simply rearranged, there are many meaningful insights that can be made from this kind of command over the data in Power BI. For example, it will show the most active makers and region of makers, or most used connectors across the tenant. This detail can be useful for IT to understand which areas need more support, which might not have been easily surfaced otherwise.

Another component syncs audit log data into CDS, giving the ability to aggregate session count and monthly active users (MAU) totals for apps. This can help identify which apps need more attention; Higher usage can indicate which apps are most used and therefore more prone to affecting a potentially high critical business processes. It’s not only important to understand what apps need support, but also to keep track of how PowerApps and Flow has been increasing productivity by replacing an old or creating a new business processes.

App Audit example process

In the example provided, fostering communication between the center of excellence and power users is mutually beneficial. If makers provide more information about the app, those in charge of security and support can be aware of the requirements, risks and business justification for the app. In turn, the app maker can expect a better support model for development and maintenance.

In the starter kit, the PowerApps App entity has additional fields that represent requirements from the center of excellence, which the app maker is responsible for filling out. There is a Flow that reads all the records in the PowerApps App entity, and sends a notification to the app maker if any app is not compliant with the company’s agreement policy. The threshold for determining if an app is compliant is that the maker has provided business justification requirements and the app has been published in the past 60 days. If the app is not compliant, the maker must go to the Developer Compliance Center canvas app and follow the instructions to stay compliant.

Once the business requirements are submitted and ready for review, an admin can review the details in a Power Platform Admin View model driven app. There is a view that filters out all the apps that are compliant and need final validation from an admin. On each app, there is a business process flow that is designed to guide the audit process from reviewing the details to assigning it to the app catalog.

This audit process example in the starter kit only covers PowerApps apps–can you think of a good audit process for validating Flows or Environments?

App Catalog

There are many reasons why an app catalog might be used, but the most common reason is for discoverability. Normally if an app is shared broadly, it might be difficult for some end users to find the correct environment, or dig up the share link that was initially sent out. The canvas app provides a template for displaying apps that have been marked true for ‘In App Catalog’ and ‘Featured In App Catalog’, and have a category, which are all metadata fields in the CDS PowerApps App entity. In this scenario, apps can be featured in the app catalog once they have passed the audit process. This means that not only is the app more discoverable for end users, but also ensures that the app that has been shared broadly is being monitored by some authoritative body. One example of how you can extend this canvas app is to add the ability for users to rate, comment and favorite the apps.

Welcome Email to new makers

If a new maker is detected during the Sync Template Flow, another Flow is kicked off to send a welcome email to that new maker. This scenario is important from a nurturing perspective, because it provides a proactive level of support that will foster desired practices. For example, the welcome email has the option of sharing a list of learning resources and the company’s internal Yammer channel for peer support. This makes the development experience better for the makers because they have a larger channel to seek help from, which can grow more independently and can be self sufficient. This email provides the best medium to introduce other first-time material to makers, such as links to data compliance policies and things of that nature (this is an example of a potential extension).

The solution can and should be customized in the ways that fit each unique organization. Some companies might prefer a more strict auditing process, where they decide to delete resources if not compliant. Others might prefer an even more relaxed approach that what is there. These details are unique to each organization and might not always be common. Understanding what those processes that dictate the way the Power Platform is governed is the overall requirement of the center of excellence, these tools are just means to this end.

Download

Read the documentation article in the download to see all the components in the solution, the installation instructions for the solution and additional information on developing a Center of Excellence. This template is intended to represent an example tool set with extendable components, which should be customized to meet each organization’s requirements.

Directly download the solution pack at aka.ms/CoEStarterKitDownload.

View the GitHub repo here.

Support and Feedback

Questions, comments, concerns, or interest in contributing? Please post your feedback in the Administering PowerApps community forum