Power Platform Center of Excellence – A Real World Governance Journey Part 2: Leveraging and Building Upon the Power Platform CoE Starter Kit
By Cathy Ashbaugh, Vice President, Client Success and Qais Gharib, Practice Manager, Business Applications.
In our last post, Power Platform Center of Excellence – A Real World Governance Journey: Part 1, we introduced Company X and the factors that led to them committing to building out a governance strategy and program for the Power Platform. To recap, our client, Company X is a well-respected, diverse F-100 global organization seeking to empower their 200,000+ employees to use the Power Platform to become makers of their own low-code apps for productivity in a safe and secure manner. The rapid expansion of apps, flows, and bots being built across the organization raised a security concern and the decision to implement Power Platform governance was made. Company X, with help from the Compass365 team, decided to explore the Microsoft Power Platform Center of Excellence Starter Kit as a foundational step to ensure that security and compliance policies were enforced in a mature application environment. This blog post will focus on our shared experience with the Power Platform CoE Starter Kit, what works, what’s missing, and lessons learned.
Note: Microsoft’s tools for enabling Power Platform governance are evolving quickly, and as we and Company X began our journey in 2022, some of what was then lacking, may be now available.
What is a Center of Excellence?
Let’s start with the definition of a Center of Excellence. A Center of Excellence (CoE) is essentially an engine for continuous improvement within an organization. A well-defined and structured CoE helps to drive innovation, enabling the sharing of knowledge, successes, and lessons learned while at the same time, providing standards, consistency, and governance. With the rapid expansion of low-code/pro-code tools like the Power Platform, pro developers and makers, are creating apps for personal, departmental, and enterprise usage, a CoE is critical to ensuring the tools are being used in a safe, sustainable way.
Microsoft Power Platform CoE Starter Kit
The Microsoft Power Platform CoE Starter Kit is a collection of tools and components designed to help get an organization started on their journey to establish governance and consistency for the apps, flows, and bots being built. The Starter Kit is just that – a place to start. Microsoft expresses clearly that it is a starter kit, not a finisher kit. While the Starter Kit provides tools to help you define your why and your key business outcomes and a set of reference templates, configurations, and settings, it should be expected that implementing the Power Platform CoE requires much more than the Starter Kit offers out of the box.
Implementing and managing a CoE requires people, communications, and defined requirements and processes. The tools offer a great foundation and inspiration, but as we learned, each organization will need to invest time, energy, and resources to thoughtfully design a Center of Excellence that meets their unique requirements and should expect a continual effort to grow and evolve the program over time. It also requires cooperation and input from various functional areas including security, IT operations, technical support and architecture, innovation and more. As our client at Company X so aptly stated, “As early as possible in the process, invest in establishing and nurturing friendships within all the participating groups.” Finding common ground and a value proposition that speak directly to that functional area are key. As an example, security can be shown how the CoE will provide real-time, detailed information on the number and types of connectors being used and directly support risk mitigation, making their lives easier.
“As early as possible in the process, invest in establishing and nurturing friendships within all the participating groups.”
-Company X
What’s in the Power Platform CoE Starter Kit?
The following components are included:
- Core components to get you started with set up.
- Governance components for audit and compliance.
- Nurture components for sharing best practices and enabling makers.
- Reporting components to understand the metrics of your tenant.
- Add-ons for Power Platform admin, communications site template, theming components, application lifecycle management (ALM) components, and innovation backlog components.
Challenges to be addressed
Upon a detailed examination of the Starter Kit components and tools, we and our client at Company X quickly determined that the set of templates provided would need heavy customization to support their large enterprise environment and that there were gaps in functionality that would need to be addressed. There are also licensing implications in that while using SharePoint data for Power Apps is free, many of their makers were not licensed for Dataverse, a relational database that lets you securely store and manage data that’s used by business applications and is recommended for more robust apps. This presented a challenge and conversation internally as well as with Microsoft about an agreeable licensing model to enable the organization.
“The Power Platform CoE Starter Kit is like drawing an outline in black and white. It’s foundational and gets you started. Then, you layer in the colors to bring the art alive.”
-Compass365 Solutions Architect
Trying to apply the Starter Kit in an organization that already has 30,000 assets (apps, flows, and bots) in their tenant was challenging, to say the least. Our Solutions Architect described it this way, “The Power Platform CoE Starter Kit is like drawing an outline in black and white. It’s foundational and gets you started. Then, you layer in the colors to bring the art alive.” The colors in this metaphor are the customizations and solutions created to fill in the gaps and address specific business requirements. In our scenario, we identified a number of customizations we’d want to build to support the CoE, one of which is an Inventory & Attestation App.
Taking inventory
As mentioned, our client already had 10,000+ makers and a collection of 30,000 assets deployed globally at the start of the CoE implementation. With an active Power Platform community of this size and complexity, we needed to take a hard look at all of the solutions in production. Which ones are being used? Which ones were orphaned? What sources are they connecting to and who is consuming them? Are we using any premium connectors? Is there external sharing?
As an organization committed to enabling its makers while maintaining a high degree of security and compliance with standards such as SOX, GDPR, HIPPA, and others, it was clear that a complete inventory of the assets was needed and that it was necessary to include the maker community in the process. The Inventory & Attestation App was conceived as a way to a) inventory all of the existing Power Platform apps, flows, and bots in production and b) query the makers on components used and other criteria relating to compliance, and c) quarantine any non-compliant solutions until they can be remediated. With requirements from our client, the Compass365 team built the Inventory & Attestation App using Power Platform and fed the information into the CoE.
The Inventory & Attestation Power App
As previously stated, the Power Platform CoE Starter kit is a fantastic base set of tools that gives organizations significant flexibility in how they approach governance and compliance. Company X knew how many apps and flows (assets) existed in their tenant. They just didn’t know what the assets did, what they connected to, or what the makers’ intentions were. The company needed to know more than the Starter Kit offered. They needed each asset owner to attest to various governance and compliance factors. Attestation would lead to risk and compliance scores for each asset. These scores would be used to determine if further action would be taken on the particular asset.
To achieve this goal, we needed to start with the asset data aggregated in the CoE Starter Kit. Early on in this journey, we were wary of modifying any components of the CoE in case any future updates of the CoE would break the solution. Therefore, we created a limited mirror of asset data that was created through a series of Power Automate flows that read CoE data and updated our limited mirror. We then created a robust notification engine to inform users of the requirement to attest to a status, pending quarantine of assets, and other activities based on the status of assets in the limited mirror dataset.
Once makers receive a notification to attest to one or more assets, they are directed to an Inventory & Attestation App. Makers then answer questions about their owned assets. Automation then assigns risk and compliance scores based on the Maker’s responses.
A second app built for Power Platform Administrators allows users to take quarantine or restore actions on assets based on status or scoring.
Additional components identified
In addition to the Inventory and Attestation App, we identified the following components to build/modify:
- ALM Accelerator implementation
- Pipelines
- Environment request app
- Service Now Integration
As of today, the foundational CoE is in place from an IT operations and support perspective, but there’s much more to come. Join us for the third and final blog in this blog series, Power Platform Center of Excellence – A Real World Governance Journey Part 3: Sustainment – Nurture Makers and Support Operations.
Begin your Power Platform CoE Journey
If you are ready to empower your citizen developers in a safe, secure, operationally efficient way, our Power Platform Center of Excellence program is for you. If you would like to learn more about services to get your Power Platform Center of Excellence up and running, please contact us to arrange a complimentary consultation.
Compass365, a Microsoft Gold Partner, delivers SharePoint, Microsoft Teams, and Power Platform solutions that help IT and business leaders improve how their organizations operate and their employees work.