In a digitized world, using a technological tool for effective management skills is becoming crucial. Following the development of new technology, companies, and enterprises have decided to introduce innovative solutions that improve operational processes and open new possibilities for adapting to changes in market conditions.
Microsoft Power Platform is one of the best tools in this area. This advanced solution allows:
- automation of business processes
- creating applications
- data analysis
To fully utilize the Power Platform’s potential, it is necessary to understand its operational aspects.
In the article, I’ll focus on crucial configuration aspects within the Power Platform, going step by step through configuration with you. I’ll examine why the right configuration is essential to safely and efficiently Power Platform. I’ll also share some tips and tricks to use the application admin panel potential fully.
The first steps toward configuration
Each preparation of a new environment within the Power Platform should be preceded by careful analysis. Before creating the environment, it is worth considering some basic questions. Answers will impact the effectiveness and adjust the configuration to the needs of our organization.
Preliminary analysis
- Goal and purpose of the environment: Do we plan to create a single environment (e.g., Center Of Excellence) for administrators and related tasks? Or do we need a configuration adapted to implementations of greater complexity, capable of handling extensive process-supported applications (ALM) (this solution may require the creation of three separate environments: development, test, and production)?
- Availability of the Dataverse Database Capacity[1]: Does our organization have sufficient Dataverse database capacity in its tenant[2] to create a new environment?
- Access management: Do we want access to the environment to be fully controlled using Azure Active Directory/Microsoft Entra ID[3], or do we plan independent configurations (in most cases, however, we want access to be managed in one place)?
- Data Loss Prevention Policies: Does our environment require Data Loss Prevention policies[4], and how should they be configured?
Configuration scenario
For this article, we will assume a more complex configuration scenario.
- We will focus on creating a configuration used in professional implementations, including three separate environments: development, testing, and production.
- Access control will occur within the Azure Active Directory/Microsoft Entra ID service.
- The ALM process will be implemented using the Solutions mechanism [5], in which changes will be introduced manually (there is an option to automate this process, but this topic is beyond the scope of this article).
To better understand all the elements that make up this configuration, I will present the described scenario in the form of a diagram:
Security group configuration on the Microsoft Entra ID side
We will start the environment configuration process with the appropriate preparation of Microsoft Entra and the creation of appropriate Security Groups. Their synchronization between Power Platform and Microsoft Entra will allow you to manage access to the environment entirely from Microsoft Entra.
- We start by logging in to the Azure portal. We select the Azure Active Directory section.
- Due to the upcoming modifications in the area of Azure Active Directory, which include the transformation into Microsoft Entra, we will perform configuration in a new interface – Microsoft Entra Admin Center. To access it, go to the Overview section under My Feed (alternatively, we can open it via a direct URL: Home – Microsoft Entra admin center)
- Choose: „Group” and „All Groups” from the menu on the left side.
- Click the „New group” button
- Fulfill the details of the new group on the Azure Portal. Here is an example configuration:
- Group type – Security,
- Group name – Security Group Power Platform Dev,
- Group description – Developer environment security group,
- Membership type – Assigned,
- Owners – indicates the person who is to be the owner of the group,
- Members – indicates people who are to be members of the group. After further configuration, group members will have access to the environment (access to the environment does not mean access to data and operations performed on the environment; this is a separate configuration not covered in this article).
- Continue with steps 2 to 4, repeating these steps until we reach three distinct groups: Dev, Test, and Production. The table below shows the full sample configuration that can be used:
Now, with a properly configured Security Group, we can start configuring environments within the Power Platform.
Configuration of environments on the Power Platform side
The Power Platform Admin Center tool manages environments within the Power Platform. Although Microsoft offers many methods to get there, the quickest way is to use the Power Platform admin center direct URL link (microsoft.com).
When you launch this admin center, you will receive a welcome message and an invitation to a short virtual orientation “journey.” I encourage you to participate in this “journey” because it will give you a better understanding of the importance and application of the main navigation elements.
New environment
I assume that we have already completed the above-mentioned virtual journey. At this point, we can fully focus on creating a new environment.
The first step is to ensure we have enough capacity in the “Capacity Database” to create a new environment with the Dataverse database. We are required to have at least 1GB of free database memory. To verify the available capacity, go to the “Resources” section and then to the “Capacity” subsection. This is where a report presenting the available memory usage will be presented.
In a situation where it turns out that we do not have enough capacity, there are two things we can do:
- Freeing up space under current licenses. The official Microsoft documentation describes the database cleanup options: Free up storage space – Power Platform | Microsoft Learn.
- Purchasing a license that will increase “Database Capacity”. In most cases, we must choose between purchasing a dedicated “Dataverse Capacity Add On” license or expanding the number of user licenses. To make the right choice, it is worth reading the licensing guide from Microsoft: Licensing Overview for Microsoft Power Platform – Power Platform | Microsoft Learn.
However, in the configuration discussed in this article, we have enough space to create a new environment.
The next step will be to go to the Environment section, where we can start creating the environment by pressing the ‘+ New’ button.
Then, a new window will open on the left side of the interface, in which we will start entering the environment parameters.
Creating a new environment consists of two steps. Once you have finished filling in the first window and pressing the “Save” button, you will be taken to the second window.
Important! Clicking “Save” in the first step does not yet lead to creating a new environment. In the table below, we will analyze each point that must be completed during this process in detail.
By understanding the implications of the choices made in the options above, we can proceed to personalize the configuration of our environments. In the next table, you can see the parameters that apply to our environments:
The final configuration should look like this:
Once the configuration is complete, we can start working in our environments. Please note the Security Group controls that access to the environment. Users must first be assigned to the appropriate groups to access the environment. It is also important to remember that access to an environment does not automatically grant access to applications and data. This is done by Security Roles, which can be assigned to individual users or teams.
Summary and next steps
In this article, we focused on the process of creating environments. It is worth noting that the scope of administrative activities is much broader than the configuration described above. However, we now have a solid basis for further actions. By gaining knowledge in subsequent areas, we can use configuration possibilities more effectively and manage our environments more efficiently. I encourage you to explore the next steps and possibilities on your own with the Microsoft documentation: Microsoft Power Platform admin documentation – Power Platform | Microsoft Learn
***
[1] More about Dataverse Database Capacity: New Microsoft Dataverse storage capacity – Power Platform | Microsoft Learn
[2] Tenant definition: Define Azure Active Directory tenants – Cloud Adoption Framework | Microsoft Learn
[3] Because of the recent service name change from Azure Active Directory to Microsoft Entra, in the next parts of this article, I will be using a newer version – Microsoft Entra. However, in the attached screenshots, you might still notice the name Azure Active Directory Azure AD is Becoming Microsoft Entra ID – Microsoft Community Hub & New name for Azure Active Directory – Microsoft Entra | Microsoft Learn & Azure AD is being renamed to Microsoft Entra ID | Microsoft Entra Identity Developer Blog
[4] More about Data Loss Prevention: Data loss prevention policies – Power Platform | Microsoft Learn
[5] Documentation on solutions: Solutions in Power Apps – Power Apps | Microsoft Learn
[6] To verify this aspect, it is necessary to compare Azure Regions Choose the Right Azure Region for You | Microsoft Azure with Power Platform Regions overview for Power Automate – Power Automate | Microsoft Learn. The second documentation shows that the Power Platform Region comprises a few Azure Regions.
[7] The problem is caused by the situation in which Power Platform resources and additional services are stored in different Azure regions. For, the Azure Synapse Link documentation (Create an Azure Synapse Link for Dataverse with Azure Data Lake – Power Apps | Microsoft Learn) says that both Power Platform and Synapse resources must be in the same region, meaning that when choosing Power Platform in European region our resources can be inserted in North Europe or West Europe (which we cannot modify from the Power Platform Admin Center). Before moving to the next steps, we should always check which Azure Regions our Power Platform environments were implemented in.
[8] More about development environments: About the Power Apps Developer Plan – Power Platform | Microsoft Learn
[9] More about trial environments: About trial environments: standard and subscription-based – Power Platform | Microsoft Learn
[10] A list of all standard languages is available here: Microsoft Dataverse language collations – Power Platform | Microsoft Learn
[11] Documentation on personal options: Set personal options – Power Apps | Microsoft Learn
[12] Link to the tool: User Settings Utility · XrmToolBox
[13] More about Power Platform currency system: Manage transactions with multiple currencies – Power Platform | Microsoft Learn & Transaction Currency (currency) table (Microsoft Dataverse) – Power Apps | Microsoft Learn
[14] More about Security Groups: Control user access to environments: security groups and licenses – Power Platform | Microsoft Learn
[15] More about URL and region dependency: Power Platform and Dynamics 365 datacenter regions – Power Platform | Microsoft Learn
Leave a comment