Forum Discussion

PMGlobal's avatar
PMGlobal
Copper Contributor
Mar 16, 2021

PowerApps governance for enterprises

I work for an organisation with circa 6,000 users. We have recently developed a Power App and would like to deploy to the business, in order for all users to be able to use this app they need the PowerApps license assigned. Senior management do not wish to do this, as assigning the license will give all users the ability to crate an app, raising the risk of shadow IT (supposedly). Therefore, the app we created is basically of no use to the business.

 

I'd like to know if there is a way to publish a Power App to allow all users to access and use it, but without them being able to access the platform itself...?

 

Any guidance would be appreciated.

  • RobElliott's avatar
    RobElliott
    Silver Contributor

    Hi PMGlobal, it's painful to hear that these sort of outdated views held by IT management are still prevalent. I am in a small part of a company of 65,000 staff and our management take a more enlightened approach and do allow us to create apps that will benefit the business (like the one wot I built below for recording carbon emissions on company car journeys which are later used in company reports). It's not shadow IT, it's allowing teams to develop stuff that will help them deliver without bringing in expensive external developers!

     

    You might be able to achieve the more locked-down version via Power Apps Portals, I'm not really sure, but it might be worth investigating.

     

     

    Rob
    Los Gallardos
    Microsoft Power Automate Community Super User

  • max1981's avatar
    max1981
    Brass Contributor
    We solved it like this:
    Every user is licensed with Office365 E3. With that, they can use Apps and Flows.
    Yes, they can create also Apps and Flows, but we delete all Apps and Flows over night, if they are not allowed to create something. Therefore we are using also an flow with administration permission. Of course it would be possible to run that flow every hour/minutes... πŸ˜‰
    • RobElliott's avatar
      RobElliott
      Silver Contributor
      I hope you've told them their hard work will be deleted. I don't really get the point of your approach, it just gets staff cross and doesn't really help them to build up knowledge of the apps.
      • max1981's avatar
        max1981
        Brass Contributor
        Yes, they get an email with information. And we don't really delete them, we just change the owner πŸ˜‰
        They can afterwards do a training and have to accept our governance documents. After that, everybody can create flows/apps.

        Why we're doing this? because the users should be aware of security risks (example: sharing flows as owner with connections to outlook inside) or of maybe rising costs concerning api requests limitations.
        Etc.

Resources