Introducing the PowerApps Center of Excellence Starter Kit
(This blog post was updated in Jan 2020 to highlight changes and new features made available in the CoE Starter Kit)
A Microsoft Power Platform Center of Excellence (CoE), as talked about in this blog post, refers to an entity that is responsible for nurturing the growth of Power Apps and Power Automate in their organization, while applying the right administrative guardrails.
The responsibilities of a CoE typically fall into these four buckets:
- Administration & Governance
A CoE is designed to drive innovation and improvement, and through its central function can break down geographic and organizational silos in order to bring together like minded people with similar business goals to share knowledge and success, whilst at the same time providing standards, consistency, and governance to the organization.
For a more detailed explanation of the functions and best practices to establish a CoE – see the talk titled “Tried and tested techniques for establishing a CoE”, that was presented at the Microsoft Business Applications Summit in June 2019. You can download the ppt here.
As the talk lays out, a CoE could start off quite simple with a single individual using the provided tools and best practices to get a view into Power Apps activity in their organization, or may grow into a more mature investment with multiple functions and roles, such as in the case of Chevron, where they’ve established a 20+ person CoE to manage multiple aspects of governance, training, support and automated app deployment across the organization.
We would encourage the reader to understand where they are in their adoption journey and invest accordingly. A key principle is to get clear about why you’re setting up a CoE, what you aim to accomplish and the business outcomes you hope to achieve. Then get started, and learn and evolve along the way. For many, the CoE is a first step in fostering greater creativity and innovation across the organization by empowering business units to digitize and automate their business processes, while maintaining the necessary level of central oversight and governance. In its fullness, a CoE typically encompasses all the functions mentioned above, in some form.
Center of Excellence Starter Kit
The Center of Excellence (CoE) Starter Kit is a collection of templatized best practices, that are designed to help organizations get started with tools needed to set up a CoE. The kit focuses on both Administration and Governance function, as well as Nurture functions of the CoE.
The download link for the CoE package, including setup instructions, documentation and source code can be found at the end of this blog post.
Before we dig into CoE Starter Kit features, we did want to take a slight detour to explain our philosophy around rolling out Admin & Governance features and point out where the CoE Starter Kit fits in that context.
Why the need for a CoE Starter Kit
Our Admin and Governance capabilities can be broadly categorized into three categories.
Out of the Box features: These core capabilities for admins and makers exist in the product admin portals and are the easiest and most robust way to complete tasks. For example, Environment and DLP Policy creation can be executed in the PowerApps and Flow admin centers.
Platform extensions: There are four ‘admin connectors’ that provide access to the same APIs that the out-of-box product use. These have been exposed through the connectors library to give users the ability to create custom solutions to execute administrative or governance related tasks. Please refer to the Admin connectors blogs for details. For example, provisioning a new Environment can be automated using the admin connectors.
The use of the extensions (and templates below) represents a feedback loop, that we use to help prioritize our out of the box product admin features.
Templates and Customization: The CoE Starter Kit falls into this category. It is a set of templates that use the admin connectors in combination with other connectors and formulas to achieve some specified goal. The nature of a template is to provide a good solution for that specific task, but it might not have the exact functionality that everyone needs and could require adjustment to achieve what others might be looking for. For example, admins could use the Environment creation template that comes with the Starter Kit, or they can use it as a starting point and modify it as appropriate.
CoE Starter Kit Features
To delve into the administration and governance steps in more detail, watch the admin breakout sessions from the 2019 Microsoft Business Applications Summit and the Managing and supporting Power Apps and Power Automate at scale session from 2019 Ignite.
The starter kit consists of multiple tools that are designed to help facilitate some of the responsibilities of a CoE – the tools and components are split into three solutions:
- Center of Excellence – Core Components
These components provide the core to get started with setting up a CoE – they sync all your resources into entities and build admin apps on top of that to help you get more visibility of what apps, flows and makers are in your environment. Additionally, apps like the DLP Editor and Set New App Owner help with daily admin tasks.
The Core Components solution only contains assets relevant to admins. No assets need to be shared with other makers or end users.
Requirement: User(s) will require a Per User license, as well as Global or Power Platform Admin permissions
Scenario Toolkit component Catalog tenant resources 1.CDS Entities: Environments, Apps, Flows
2.Admin | Sync Template v2 (Flows) – all, Apps, Flows, Custom Connectors, Connectors, Model Driven Apps
3.Admin | Sync Audit Log (Flow)
4.Power BI Dashboard
5.Custom Connector for Office 365 Audit Logs
6.Power Platform Admin View (Model Driven App)
DLP Strategy + Visibility 7.DLP Editor (Canvas App)
8.DLP Customizer (Canvas App)
Change App Ownership 9.Set New App Owner (Canvas App)
- Center of Excellence – Governance Components
Once you are familiar with your environments and resources, you might start thinking about audit and compliance processes for your apps. You might want to gather additional information about your apps from your makers, you might want to audit specific connectors or app usage – apps like the Developer Compliance Center and flows to identify connector usage part of this solution will help with that.
The Compliance Components solution contains assets relevant to admins and existing makers.
The Compliance Components provide a layer on top of the Core Components, it is required to install the Core Components prior to using the Audit Components.
License Requirement: Makers participating in the audit and compliance workflows will need a Per App or Per User License.
Scenario Toolkit component Sample Audit Process 1.Developer Compliance Center (Canvas App)
2.Flow – Compliance detail request
3.Business Process Flow for Auditing resources
Archive unused apps 4.App Archive and Clean Up – Start Approval and Check Approval (Flows)
5.App Archive and Clean Up Admin View (Model Driven App)
Act based on certain connector usage 6.Find and add admins as owners for apps that leverage certain connectors (Flow)
7.Find and disable flows that leverage certain connectors (Flow)
- Center of Excellence – Nurture Components
An essential part of establishing a CoE is nurturing your makers and an internal community. You will want to share best practices and templates and onboard new makers – the assets part of this solution, like the Welcome Email and Template Catalog can help develop a strategy for this motion.
The Nurture Components solution contains assets relevant to everyone in the organisation.
The Nurture Components provide a layer on top of the Core Components, it is required to install the Core Components prior to using the Nurture Components.
License Requirement: Anyone in CoE community will need a Per App or Per User License.
Scenario Toolkit component Onboard new makers, provide training and share best practices 1.Admin | Welcome Email (Flow)
2.Template Catalog (Canvas App)
3.Admin | Newsletter with Product Updates (Flow)
4.Training in a day Management and Registration (Canvas Apps)
5.Training in a day Feedback Reminder, Registration Confirmation and Reminder (Flow)
Encourage Adoption 6.App Catalog (Canvas App)
These scenarios align with real needs we observed throughout our customer interactions, and are intended to act as a starting point that should be extended.
Today, if a DLP policy is created by an admin, there is no good way of determining what apps will be affected ‘out-of-box’ in the Power Apps admin center. Although policies should definitely be put in place to increase security, implementing a policy in a tenant with existing resources risks disrupting some existing business processes. The goal of the DLP Editor canvas app is to provide admins a view of what resources will be disabled if a new or updated policy were to be enforced. Using the admin connectors, it is able to read DLP policies and details about each app’s connection references, and outputs a list of apps with connection references in opposing groups. Since the connectors also provide details about the current app owner, the app allows the user to communicate with the owner to determine the best course of action based on the requirements of the policy.
Catalog tenant resources, visualize data in Power BI
The admin centers provide a view of Power Apps and Power Automate resources in each environment to admins, but it does not have all the data listed in a tenant-wide view and there are some additional details that might be useful to display together. To make visualizing data in the tenant easier, multiple components are included to help enable such a tenant-wide view.
First, a Flow called “Admin | Sync Template” uses the admin connectors to read all data in all environments, including Power Apps, Power Automate, Connectors, Connection References and Makers. This data is stored in CDS entities that match the schema of the objects returned from the admin connectors, basically copying the data from the API. Once the data is synced, there is a master list that can be easily visualized in the provided Power BI Dashboard. Although it might be the same data that was accessible before in the admin center simply rearranged, there are many meaningful insights that can be made from this kind of command over the data in Power BI. For example, it will show the most active makers and region of makers, or most used connectors across the tenant. This detail can be useful for IT to understand which areas need more support, which might not have been easily surfaced otherwise.
Another component syncs audit log data into CDS, giving the ability to aggregate session count and monthly active users (MAU) totals for apps. This can help identify which apps need more attention; Higher usage can indicate which apps are most used and therefore more prone to affecting a potentially high critical business processes. It’s not only important to understand what apps need support, but also to keep track of how Power Apps and Power Automate resources have been increasing productivity by replacing an old or creating a new business processes.
The Power BI Dashboard is now also available via app source.
App Audit example process
In the example provided, fostering communication between the center of excellence and power users is mutually beneficial. If makers provide more information about the app, those in charge of security and support can be aware of the requirements, risks and business justification for the app. In turn, the app maker can expect a better support model for development and maintenance.
In the starter kit, the PowerApps App entity has additional fields that represent requirements from the center of excellence, which the app maker is responsible for filling out. There is a Flow that reads all the records in the PowerApps App entity, and sends a notification to the app maker if any app is not compliant with the company’s agreement policy. The threshold for determining if an app is compliant is that the maker has provided business justification requirements and the app has been published in the past 60 days. If the app is not compliant, the maker must go to the Developer Compliance Center canvas app and follow the instructions to stay compliant.
Once the business requirements are submitted and ready for review, an admin can review the details in a Power Platform Admin View model driven app. There is a view that filters out all the apps that are compliant and need final validation from an admin. On each app, there is a business process flow that is designed to guide the audit process from reviewing the details to assigning it to the app catalog.
This audit process example in the starter kit only covers PowerApps apps–can you think of a good audit process for validating Flows or Environments?
There are many reasons why an app catalog might be used, but the most common reason is for discoverability. Normally if an app is shared broadly, it might be difficult for some end users to find the correct environment, or dig up the share link that was initially sent out. The canvas app provides a template for displaying apps that have been marked true for ‘In App Catalog’ and ‘Featured In App Catalog’, and have a category, which are all metadata fields in the CDS PowerApps App entity. In this scenario, apps can be featured in the app catalog once they have passed the audit process. This means that not only is the app more discoverable for end users, but also ensures that the app that has been shared broadly is being monitored by some authoritative body. One example of how you can extend this canvas app is to add the ability for users to rate, comment and favorite the apps.
Welcome Email to new makers
If a new maker is detected during the Sync Template Flow, another Flow is kicked off to send a welcome email to that new maker. This scenario is important from a nurturing perspective, because it provides a proactive level of support that will foster desired practices. For example, the welcome email has the option of sharing a list of learning resources and the company’s internal Yammer channel for peer support. This makes the development experience better for the makers because they have a larger channel to seek help from, which can grow more independently and can be self sufficient. This email provides the best medium to introduce other first-time material to makers, such as links to data compliance policies and things of that nature (this is an example of a potential extension).
The solution can and should be customized in the ways that fit each unique organization. Some companies might prefer a more strict auditing process, where they decide to delete resources if not compliant. Others might prefer an even more relaxed approach that what is there. These details are unique to each organization and might not always be common. Understanding what those processes that dictate the way the Power Platform is governed is the overall requirement of the center of excellence, these tools are just means to this end.
In Part 2 of this blog post we share strategies on how to get started with adopting the CoE Starter Kit.
Read the documentation in the download to see all the components in the solution, the installation instructions for the solution and additional information on developing a Center of Excellence. This template is intended to represent an example tool set with extendable components, which should be customized to meet each organization’s requirements.
The Center of Excellence (CoE) Starter Kit is not supported by the Power Platform product team (which is true for all tools available in this GitHub repo). We are a small team in Engineering who built this unsupported community sample solution for anyone to use and modify as their own, made available to customers on an as-is basis via an MIT license. It’s possible you might run into some issues, such as installation problems, authorization issues, or bugs in the apps and flows within the solution.
Please, do not raise support tickets for issues related to this toolkit in the Power Platform Admin Center or any official product portal. Instead, kindly.
- Make sure you have read through the entire documentation
- If the issue is not addressed in the documentation, raise a new issue in the issues tab of the GitHub repo. Someone from the team will respond to your issue there.