Home > Blog > How to improve governance on the Power Platform: Third step
How to improve governance on the Power Platform: Third step
AlfaPeople |
Feb 28, 2022

How to improve governance on the Power Platform: Third step

In my previous post, How to improve governance on the Power Platform: Second step, we looked into the admin components of the Power Platform Center of Excellence (CoE) Starter Kit.

Once you have become familiar with your environments and components, you can start to look at the governance components.

Overall, the governance components are made up by flows and apps. In this article, I go through those that are most important to understand the process.

Flows

There are a number of flows among the Power Platform’s governance components that you can use to:

  • Find apps and flows that can be archived or cleaned up.
  • Send a request to the owner of an app or flow and ask them to archive or clean it up.
  • Execute on the archiving and cleaning after the owner has approved it.

Also, the Starter Kit has some default rules that you can change according to your needs.

For instance – by default – apps and flows that have not been modified or launched in the last six months will be archived or cleaned up.

But for some organisations this time frame is too long and for others it is too short. Fortunately, you can customize the flow to fit your needs – whether its more or less than the default number of months.

This is easy to do, so you can introduce more complexity to you governance components if you would like.

Let’s move on to some of the flows that I would like to share with you.

Archive and Clean Up v2 – Start Approval for Apps and Flows

You can use this first flow to check for apps and flows that have not been modified or launched in the last six months – or another time frame defined by you and your organization.

Next, you can request for the owner of the app to decide whether the app can be deleted via Flow approvals and email.

Flow approvals UX

Figure 1 – Flow Approval Received Message

Figure 1 – Flow Approval Received Message

Email

Figure 2 – Email Request Approval Message

Figure 2 – Email Request Approval Message

This way, the owner of the app or flow can approve or reject the archiving of the app in different ways.

But keep in mind that this archiving rule is only a default suggestion included in the CoE Starter Kit.

That means you can implement any archiving rule you would like to in your organization.

Admin | Archive and Clean Up v2 (Check Approval)

With this flow, you can schedule an interval in which there will be checks for approval responses created by the Start Approval flows described above.

If the app or flow is newly approved, the approved date will be marked so that the Archive and Clean Up v2 (Clean Up and Delete) flow, which is described below, can delete it after user has time to archive.

If you have made the approval in the past, but before deletion, it sends a reminder to archive the app or flow before it is deleted.

Admin | Archive and Clean Up v2 (Clean Up and Delete)

You can run this flow daily and do two clean up tasks for the workflow:

  1. Delete timed out requests. All non-approved requests that were created over a month ago will be deleted from the Archive Approval table.
  2. Delete the flows and apps that has been approved for deletion more than three weeks ago (this can be configured to fit your organizational needs).

It is important to note, that this flow will not delete the apps and flows by default. This is to ensure that you explicitly are ready for that to occur. If you would like to start the deletion of flows and apps, you can update the Auto Delete On Archive environment variable to Yes.

Request Orphaned Objects Reassigned (Parent)

On a daily basis, this flow collects all the orphaned objects in the tenant and attempts to associate them with the manager of the former owner.

It then sends a Teams bot note to each of the impacted managers and let them know that there are objects to clean. At the same time, it also calls the child flow for each manager.

In case there is an orphaned object that cannot be resolved to a previous manager, the admins will get a notification by email. This way, they know which orphaned objects needs to be cleaned manually.

Figure 3 – Notification Orphaned Objects (Parent)

Figure 3 – Notification Orphaned Objects (Parent)

Request Orphaned Objects Reassigned (Child)

This flow is triggered once a day for every manager with objects that are owned by a former employee. It shows you all the cloud flows and canvas apps that are owned by the employees that have left the company and let the manager decide what they want to do:

  1. Email the list to themselves
  2. Take ownership of all the apps and flows
  3. Delete all the apps and flows
  4. Assign them all to someone else
  5. See each one individually

Figure 4 – Notification Orphaned Objects (Child)

Figure 4 – Notification Orphaned Objects (Child)

Apps

Now, let us take a look on the apps that are among the governance components in the Power Platform’s CoE Kit. They can help you as managers and administrators with the following:

  1. Identify what apps and flows should be archived and/or cleaned up.
  2. 2.Approve and Reject Clean up items from other users.
  3. Start a new auditing process to gather all the information from the apps and flows ensure compliance.

Cleanup Old Objects App

The Archival flows mentioned above will ask makers to respond if objects are still useful, but it sometimes happen that the makers overlook or forget them.

In that case, another flow can send this email to their manager:

Figure 5 – Power Platform objects stale – Email message

Figure 5 – Power Platform objects stale – Email message

The manager can then click on the link in the mail and go to this app to do the cleaning.

As you can see here, you can choose which employee to work on first:

Figure 6 – Cleanup Old Objects App admin view – User selection

Figure 6 – Cleanup Old Objects App admin view – User selection

And then, for each employee, you go and either reject the deletion or send a reminder notification.

Figure 7 – Cleanup Old Objects App admin view – User apps

Figure 7 – Cleanup Old Objects App admin view – User apps

You can send the person to the app to do the clean up as well. Here, they will be able to approve or reject the deletion for all their objects.

Figure 8 – Cleanup Old Objects App admin view – Send notification

Figure 8 – Cleanup Old Objects App admin view – Send notification

When you as a user open the Archive Request Clean App, you can see which apps have been requested to archive or clean up.

Figure 9 – Cleanup Old Objects App users view

Figure 9 – Cleanup Old Objects App users view

Approved objects will be deleted after three weeks and rejected items will exempt the user from requesting about this app for another 4 weeks.

However, these rules and timeframes can be adjusted according to your organization’s needs.

Also, if you need to request more information from the users of the apps or flows, you can customize this app to include it.

App and Flow Archive and Clean Up View

This app gives you the admins a view of all objects that are currently being considered for archival or deletion.

Admins can filter between the apps which have been rejected with a note, for example, to review:

Figure 10 – App and Flow Archive and Clean Up view

Figure 10 – App and Flow Archive and Clean Up view

You can send the person to the app to do the clean up as well. Here, they will be able to approve or reject the deletion for all their objects.

Figure 8 – App and Flow Archive and Clean Up view detail

Figure 11 – App and Flow Archive and Clean Up view detail

Developer Compliance Center

The Developer Compliance Center app is used in the auditing process as a tool for you as a user to check whether your app, flow, chatbot or custom connector is compliant. You can also submit information to the CoE admins business justification to stay in compliance.

Figure 9 – Developer Compliance Center overview

Figure 12 – Developer Compliance Center overview

Once you have selected the app, you can add more details to submit the app to compliance.

Figure 13 – App overview

Figure 13 – App overview

This is also one of the apps you can customize. Each organization has their own processes and different needs in terms of app approval.

So, it is a good idea to look into the default processes and – if you need to – add or remove fields or steps to make your compliance process aligned with your organization.

Conclusion: How to make use of the governance components in the Power Platform

All these apps and flows is a great help with defining how we can implement a governance area and how we can make our Power Platform components compliant by requesting information such as:

  • Business Justification, impact, and category
  • Access management
  • Dependencies and data classification

And with that, we have answered one more question from the first blogpost in this series: What does our apps and flows do?

Furthermore, you can customize many of the components we have been through.

So, if your organization already has a governance proces, you only need to adjust the apps and flows to get access to the additional information you might need to meet your current processes and policies.

But, if your organization does not have governance procedures in place yet, these governance components in the Power Platform might give you a good idea on how to get started.

Next up is Innovation Backlog components and ALM Accelerator for Makers components.