PowerApps and Flow buttons are graduating out of preview!

Microsoft

PowerApps and Flow are becoming a more integral part of SharePoint Online with the imminent release of Custom Forms with PowerApps and the Flow Launch Panel. Starting in November, these features will no longer be considered as preview features.  

FlowPowerAppsbuttons.PNG

 

If you have the Preview Features switch turned off in SharePoint administration center today, you were not seeing the Flow and PowerApps buttons in modern lists and libraries. Once this change goes into effect, the buttons will become available, regardless of the setting: Flow button in modern libraries, and both Flow and PowerApps buttons in modern lists.

 PreviewFeatures.PNG

 

The change will start with our First Release tenants, and then move forward into the rest of the production in two waves. We hope to complete the change over the month of November.

 

PowerApps and Flow are still working on completing their certification for government and sovereign cloud environments with stricter compliance requirements, and the buttons will continue to remain invisible for these environments, independent of the preview features switch setting.

45 Replies

This is all good news, but for organisations that are not yet ready to roll this feature out to end users, there needs to be a way to hide these buttons on tenant or site collection level.

 

For anyone of the same opinion, please vote up this user voice item to make Microsoft understand the importance allowing their customers to roll out new features in their own pace.

Hi @Pontus T, we are starting to take big dependencies on Flow and PowerApps: Custom Forms in the PowerApps case, and out of box review/approval flows for lists and libraries on the Flow side. So having these features off is not something we want to encourage to keep the product consistent for our users. 

 

We do appreciate the feedback, and will be watching the discussion under the user voice item to be sure.

Does PowerApps and Flow button appears even though user do not have PowerApps\Flows license enabled in our tenant?

I think this should be security based so that administrator can control who can see these button and who can't.

"So having these features off is not something we want to encourage to keep the product consistent for our users"

 

This is all well & good, but things shouldn't be released & out of preview without the supporting administrative controls to restrict visibility/usage, until our Organisations are ready to do so, in line with our internal & very specific strategies.

 

As a result, our 35k strong userbase will have ability to use tools they are not familiar with, without the correct guidance or best practices, subsequently causing large increases in resources in correcting user errors or addressing design duplications from separate users.

 

We appreciate Microsoft have their own Change Management processes, which are adhered to with preview features then full release gradually over time; there needs to be an understanding that individual business, organisations & specific users within those may have their own Change Management & access policies that are being hindered by Microsoft's lack of understanding for administrative needs.

Hi @Kerem Yuceturk, thank you for your reply. I see your point but it is simply not rational thinking from Microsoft's side. As much as you want to empower users to get started with these great features, trust me that we as admins are of the same opinion, I really cannot see why it would not be in Microsoft's best interest to also allow your customers to roll them out with the best possible results.

 

Multiple issues occur when end users get access to these tools with no training or applied governance. This just needs planning to remain secure, stable and successful. Just take @Craig White's tenant size, and consider all the concerns around data governance when users can hook up their flow to a Twitter connector and send business sensitive data out in cyber space (#confidential). I know this can be controlled but users also needs to be informed and trained. Not to mention the internal support needed to back up the adoption of these tools.

 

So I simply don't buy it. There are already many features and apps that can be controlled from central admin, which is extremely helpful (and essential) to organisations that needs to follow certain internal and external rules and regulations for their environment.

 

Please consider this. We want to give our users all the new tools, but please leave us to option of controlling how and when this done. We do not want to revert back to classic UI to avoid this.

 

Thank you.

@Jaymin Patel, when the user clicks on the ribbon icon for PowerApps/Flow, it should open a separate browser tab for the app in question. Once the user logs in with their standard O365 credentials, it will AUTOMATICALLY grant them a free licence.

 

We just tested this with a dummy account & saw the change instantly in the licencing part of the O365 admin centre for the associated account. Again this is a worry if licences are automatically being applied to users without correct governance applied "on the ground"

To add further to my points raised above, a generic end user with a free licence also has access to the 'Admin Centre' option within the Flow/PowerApps browsers, so can not only create apps but also provision new PowerApps environments without prior governance or approval.

 

An Admin Centre should only be accessible by O365 administrators. Why is this not so?

Thanks Craig for your reply. It is really bummer!! Most of user base is not tech savvy. We do not want to expose them to PowerApps and Flows until we train them and they are ready. Apart from this, If license is automatically assigned to the user (without Admin's knowledge) then it defeat the purpose of governance. 

 

@Kerem Yuceturk - How is Microsoft going to solve a problem when we do not want our user to see "PowerApps" and "Flows" button on Modern forms. 

It's unbelievable that MS won't empower their customers to control their environment. It's irresponsible - no thought given to training or security concerns; other initiatives that may be a high value priority to the business. It puts teams supporting Office 365 in a reactive position and doesn't set them up for success. I'm sending the user voice link to people in my company to vote. 

It's not Microsoft's decision to decide what's best for my organization or users. You're vision is one sided with no thought for security concerns, training concerns or other higher value initiatives my company may be pushing that could conflict with your desire of a consistent product.
Kerem, based on your statements that PowerApps and Flow are still catching up with meeting all regulatory and security features, dependent or not to the future of SharePoint, the decision to release to a company should be based on the Admins and companies decision, not Microsoft. Some of us are keeping SharePoint on Premise around for just this reason. The decision to "Push" companies keeps our team (a highly regulated Global Financial Firm) continuously explaining situations that we should not have to.

Hello,

 

Has the "Create Flow on Selected Item" trigger been completed in Flow? That was one that seemed to be a work in progress several weeks ago.

 

thanks

 

 

Thank you all very much for the thoughtful feedback you have provided. I wanted to clarify a few things.

 

When we first added the PowerApps and Flow buttons to modern lists back in the second half of 2016, these products were still in preview. They have since moved to general availability and completed their certification processes earlier this year to certify that they are in compliance with the standards expected from workloads in Office 365. Microsoft Trust Center has detailed information about the current level of compliance for PowerApps and Flow. We would not be removing them from under the preview features switch if this were not the case. You should not have anything to worry about on the compliance front. We actually have a few customers who have been asking for this change knowing that PowerApps and Flow are now within the compliance boundary. The only exception to this is government cloud and sovereign cloud instances in Germany and China, where the buttons will remain off while PowerApps and Flow work on adding support for these environments.

 

Features like “Custom forms using PowerApps”, “Flow launch panel” and “Out of box review/approval flow” are set to become major features for SharePoint Online. We hear our customers desire to be able to control each new feature of SharePoint and turn it on or off on your own terms, but the permutations of different features and their interactions with each other makes the maintainability and support of our product prohibitively difficult, and moves us away from viewing SharePoint as a coherent whole, rather than a collection of independent features. So we want to avoid providing a switch for each feature even though this does provide our customers with peace of mind. We are trying to make new features as easy to learn as possible and to provide in box tutorials and guides where it makes sense to help end users succeed, and to also reduce the burden on you for creating comprehensive documentation and training. We acknowledge that we have more work to do here but our designer and UX writers are spending more effort here.

 

PowerApps and Flow both have admin centers that allow O365 admins to go in and see all of the apps and flows in the tenant, as well as take them over as needed when users leave an organization, or under other circumstances. They also allow you to set policies to prevent mixing SharePoint data with other connectors if you need to do that, and let admins download the list of active users who use these tools in their organizations. We also just announced that activities from Flow are also available in the O365 security and compliance center: https://flow.microsoft.com/en-us/blog/security-and-compliance-center/

 

I also wanted to iterate that Flow and PowerApps always run in the context of a user, and they don't allow users to do anything that was beyond their reach previously. Savvy users today can use other third party automation solutions, or create code that will do the things that Flow and PowerApps can help them do without the data controls that Flow and PowerApps allow. It's true that under the trial licenses users can try out different features of Flow and PowerApps such as creating their own environments, but they would not be able to access other environments (including the default environment) like tenant administrators can, and their environments will expire after the trial period. 

 

The presence of Flow and PowerApps licenses for users is not checked by SharePoint UI. So the buttons will be visible regardless of the state of licenses for a given user. 

 

We want to find a healthy balance between helping you control your data, and providing your end users tools they can use to get work done without having to resort to non-compliant tools. We still think graduating these features out of preview is the correct thing to do here.

 

Our plan remains to start rolling this change out to First Release tenants by November 13, and then to Production tenants in two waves on November 27, and December 4th.

Hi @Paul Alvarez, Flow launch panel changes have been released to First Release tenants last week.

This is absolutely unacceptable for many large tenants including mine. New features are welcome, but this isnt about the features or buttons. Its the ability to control access to an apps that arent ready for prime time. Powerapps isnt even integrated in SP as a form solution yet, flows are still bound by personal execution limits. Microsoft is repeating the same mistakes all over again despite of assurances of not forcing new applications that cant be controlled before adoption. As a member of the CAB forum and ill make sure it gets escalated there as well
Problems:
1-Azure AD Conditional access cant target these apps for blocking unautorized access.
2- Signup via unlicensed Trial subscriptions cant be stopped to these apps. The trials it seems can even be extended after expiry.
3- Anyone - even unlicensed can create Powerapps and publish to the whole org creating clutter and confusion.

A solution to either of these 3 problems can grant some degree of control over all this and it seems MS is chosing not to resolve them.

Hi @Shobhit Acharya, we would love to understand the problems you mention below better. Some comments:

  • Custom Forms with PowerApps is going out to First Release tenants next week, same time as this change. This is one of the reasons we don't want to have a way for turning these buttons off.
  • Flow does not impose a personal execution limit. It's always a tenant wide pool based on how many users are in the tenant, and it is shared across users. 
  • Flow and PowerApps both support AAD conditional access, 2 factor auth, etc. Is that what you are looking for here?
  • Trial users can create environments to test out, but can't make these environments be the default environment and "pollute" the environment that vast majority of the users will see. The tenant admins have a way to control who can publish apps in the default environment. 

Happy to set up some time to talk about the issues to understand it in more detail, but they should be addressable with what we have today.

Thanks Karem, yes a quick 15 mins with you should help get our perspective through. I will check with you next week on this.
As per flow pricing plans, there is the 2k/user/month limits, but yes its aggregated to the enterprise. Still however not comparable to designer which runs independent of limits and user context. That is beside the point though as its control on blocking usage of these apps that we are asking for.
Regarding conditional access, I can show it to you how by using Ad premium conditional access to block users from accessing flow or powerapp portal has no effect.
Regarding trial access, that is demonstrateable as well. Anyone can with Trial access can share apps to a ton of people in the org. All get notified , and all can open the app and start using it. And it shows up in their app "list" as well.

The SP ui integration of apps is however a welcome direction. But if a non license or conditional access block has no effect on these buttons, atleast it should have blocked opening the apps themselves wont it? Seems not to be true.

We have rolled this change out to our First Release tenants earlier today.

 

Next, we plan to roll out to Production tenants in two waves on November 27, and December 4th.