Logging available for tracking activity in Flow & PowerApps?

Regular Visitor

Does anyone know if O365 audit logs capture activity for Flow & PowerApps? or if there will be future features/services to do so? For security purposes, we need to have visibility into activity that comes into and out of our environment, esp for users in sensitive roles.

 

Responses & thoughts appreciated. Thanks! :D

3 Replies
I just did a quick check and I would not say my answer is gospel, but I do see some activity in the O365 audit logs for Flow activities. I have some simple flows involving SharePoint and Exchange which is what I base my answer on.
However....that being said, some of the logs are very obscure and I think there is some additional activity that it is not seeing (e.g. I don't see that it logged in and sent an email on my behalf) so while there is some stuff there, it isn't as detailed as you probably are hoping for.
This post: https://powerusers.microsoft.com/t5/PowerApps-Ideas/Enable-confirming-the-activity-logs-of-PowerApps...
Seems to suggest that the situation still hasn't improved. There is some FLOW logging, but no PowerApp logging.

And yes, that's me posting that I can't see when PowerApps hit SharePoint Online!

Yes, PowerApps will become part of the audit log in the near future.

 

I already replied to another thread about the PowerApps and Flow admin capabilities already there and coming. https://techcommunity.microsoft.com/t5/PowerApps-Flow/MS-Flow-logging-monitoring/m-p/227717#M1397

 

My response:

Since a couple of months there is a PowerApps and Flow Powershell module available. Check https://docs.microsoft.com/en-us/powerapps/administrator/powerapps-powershell. The cmdlets will not give you the internal structure of the Flow, but you are able to get Flow runs (Get-FlowRun) or get used connections (Get-PowerAppConnection).

There are also a whole bunch of administrative cmdlets but without a P2 these cmdlets only give you info about Flows that are made by or shared with your user account. With a P2 and the correct administrative role in O365 and the PowerApps/Flow environments you can get info about the Flow that are not shared with you.

With a P2 you can also use the Flow management connector (https://docs.microsoft.com/en-us/connectors/flowmanagement/:( administering Flow by using Flow. 

A similar connector for PowerApps was announced during the Business Application Summit a couple of weeks ago. With these two connectors combined you can build your own PowerApps and Flow admin center using PowerApps and Flow if you want something else than Microsoft provides.

An on-demand session on this topic you can find here: https://www.microsoft.com/en-us/businessapplicationssummit/video/BAS2018-111120

 

Also - have a look at PowerApps/Flow DLP policies: https://docs.microsoft.com/en-us/powerapps/administrator/create-dlp-policy