Description

Currently, the Default Power Platform environment is designed as a tenant-wide shared environment where all users are automatically granted access and assigned the Environment Maker role.

While this design supports ease of adoption and personal productivity scenarios, it presents governance challenges for organizations with stricter security and compliance requirements.

We would like to propose the following enhancements:

Requested Improvements

1. Support security group restriction for Default environment
2. Allow administrators to optionally restrict access using Microsoft Entra security groups.
3. Allow removal or control of implicit Environment Maker role
4. Provide an option to disable automatic assignment and allow explicit role-based management.
5. Introduce license-based access separation
6. Enable scenarios where users can access apps in managed environments without being able to create resources in the Default environment.

Business Value

• Better alignment with enterprise governance and compliance requirements
• Reduced risk of uncontrolled app/flow creation
• Greater flexibility in managing citizen development at scale

Additional Context

Organizations are increasingly adopting Managed Environments and structured ALM practices, where unrestricted Default environment behavior can conflict with governance standards.

Providing optional control (rather than changing the default behavior) would preserve Microsoft’s current design while enabling enterprises to adopt stricter governance models.