PowerApps governance for enterprises

Copper Contributor

I work for an organisation with circa 6,000 users. We have recently developed a Power App and would like to deploy to the business, in order for all users to be able to use this app they need the PowerApps license assigned. Senior management do not wish to do this, as assigning the license will give all users the ability to crate an app, raising the risk of shadow IT (supposedly). Therefore, the app we created is basically of no use to the business.


I'd like to know if there is a way to publish a Power App to allow all users to access and use it, but without them being able to access the platform itself...?


Any guidance would be appreciated.

4 Replies

Hi @PMGlobal, it's painful to hear that these sort of outdated views held by IT management are still prevalent. I am in a small part of a company of 65,000 staff and our management take a more enlightened approach and do allow us to create apps that will benefit the business (like the one wot I built below for recording carbon emissions on company car journeys which are later used in company reports). It's not shadow IT, it's allowing teams to develop stuff that will help them deliver without bringing in expensive external developers!


You might be able to achieve the more locked-down version via Power Apps Portals, I'm not really sure, but it might be worth investigating.




Los Gallardos
Microsoft Power Automate Community Super User

We solved it like this:
Every user is licensed with Office365 E3. With that, they can use Apps and Flows.
Yes, they can create also Apps and Flows, but we delete all Apps and Flows over night, if they are not allowed to create something. Therefore we are using also an flow with administration permission. Of course it would be possible to run that flow every hour/minutes... ;)
I hope you've told them their hard work will be deleted. I don't really get the point of your approach, it just gets staff cross and doesn't really help them to build up knowledge of the apps.
Yes, they get an email with information. And we don't really delete them, we just change the owner ;)
They can afterwards do a training and have to accept our governance documents. After that, everybody can create flows/apps.

Why we're doing this? because the users should be aware of security risks (example: sharing flows as owner with connections to outlook inside) or of maybe rising costs concerning api requests limitations.