Power Platform Governance and Administration

Current limit:

User cannot edit values for the Cross Tenant Server profile, only Location and Port can be changed. This is really inconvenient as values that need to be changed once in a while, like Client Secret, cannot be changed. Users would have to create a new Server Profile and go through the entire process one more time to get mailboxes working. No workarounds available

Suggestion:

Enabling all values of Cross Tenant server profiles to be editable would benefit users greatly

Benefits:

- As mentioned, convenience regarding values that need to be changed regularly

- Saves time on the process of having to re-activate mailboxes

- Provides general ease of access

We are using Deployment Pipelines to manage all our Power App and Workflows from Dev to Test to Prod. We use the Delegated Deployment option using a Service Principal account. This is to make sure all connections are workflows are shared to that account. This helps when you have multiple people working in the Power Platform and someone leaves the company. Their flows and power apps will still work. However, we discovered today that if a Solution includes some "Desktop Flows" and you are promoting it to a new environment, the deployment will fail. You will get an error

"ServicePrincipalShareNotSupportedInApi - Sharing connections with a service principal is not supported by the api."

This happens because under the connections section, we check the option to share connections with service principal account. This is required to ensure workflows will run correctly when deployed. This needs to be allowed with Desktop Flow Machine Group connections too.

My work around right now is to manually export the solution as zip as a managed solution. Then manually import it into the new environment. Once imported, you will be able to deploy updates to the solution with Pipelines once more.

Currently, we only have the option to download the summary of total File capacity consumption. We should also have the choice for the Admin to download the attachments stored in File capacity, which includes images, attachment in emails, etc to monitor the resource in the environment.

In Mid-January Microsoft rolled out something to Copilot Studio that was a bug which affected all agents in our Tenants.

after a few weeks of meetings we were finally informed that this was in fact a bug and they rolled out a fix.

We were reactive to this bug, rather than proactive and believe anything of this nature should be notifying all Admins of the issue, as well as the ETA on a fix.

I have several environments and managing them is easier with the sort option, The problem is that we do not have any option to save the order we want, and the page is not even capable to remember my last sort configuration.

This is a very basic feature and a must have

https://i.ibb.co/DftZrQzq/Screenshot-2025-02-03-003553.png

https://learn.microsoft.com/en-us/power-pages/configure/manage-sharepoint-documents#step-1-enable-document-management-functionality-in-model-driven-apps

Global admin role is required within Azure for activating the integration which only works when the operator is directly assigned to the role rather than when a group is assigned to the role.

This goes against our rbac and pim model

Title: Allow PPAC Admin User to Unlink and Relink the CE Environment with F&O Environment

Overview:

This proposal suggests implementing a feature that empowers PPAC admin users to unlink and relink the Customer Engagement (CE) environment with the Finance & Operations (F&O) environment directly within the PPAC. This functionality aims to facilitate more efficient management of environments, especially for businesses that require frequent synchronization between production and lower environments.

Detailed Description:

1. Current Challenge:

• Businesses often need to perform a weekly refresh from production to lower environments or shadow environments to maintain up-to-date backups and ensure testing environments reflect production data.
• Currently, the unlink-relink process requires opening a support ticket with Microsoft. This is both time-consuming and dependent on the availability of Microsoft's technical support team, which may not align with the business's operational downtime.

1. Proposed Solution:

• Introduce a feature in the PPAC that allows admin users to unlink and relink the CE environment with the F&O environment without needing to engage Microsoft's support team.
• This feature would be accessible to users with the necessary administrative privileges, ensuring that only authorized personnel can perform these actions.

1. Benefits:

• Efficiency: Reduces the time and effort required to manage environment synchronizations, allowing businesses to perform these actions independently and on-demand.
• Flexibility: Businesses can schedule unlink-relink processes according to their operational needs without waiting for external support, minimizing downtime and disruptions.
• Cost-Effectiveness: Decreases the reliance on external support, potentially reducing costs associated with support tickets and downtime.

1. Considerations:

• Security: Ensure that the feature is secure and that only authorized users can perform unlink-relink operations. Implement authentication and logging mechanisms to track changes.
• Usability: Develop a user-friendly interface within the PPAC to guide admins through the unlink-relink process, including any prerequisites or dependencies.
• Documentation: Provide comprehensive documentation and best practices to help admins understand the implications and proper steps for unlinking and relinking environments.

1. Implementation Steps:

• Conduct a feasibility study to understand the technical requirements and potential impacts on existing systems.
• Develop a prototype to test the unlink-relink functionality within a controlled environment.
• Engage with a pilot group of users to gather feedback and refine the feature.
• Roll out the feature to all PPAC users with appropriate training and support materials.

Conclusion:

By allowing PPAC admin users to unlink and relink environments independently, Microsoft can significantly enhance the flexibility and efficiency of environment management for businesses. This feature aligns with the need for agile and responsive IT operations, supporting businesses in maintaining robust and up-to-date environments.

This proposal should provide a comprehensive overview and rationale for the suggested feature, making it easier for the Microsoft team to understand the value and importance of the enhancement.

We can see that Power Pages has a firewall capability now. This feels like a great step toward more control of traffic through Power Pages.

I work with quire secure Government departments and they often have an issue with the lack of logging and antivirus capability with Power Pages.

Traffic monitoring is currently very elementary. What my clients often want is the ability to track the IP address a given user (logged in portal user) came from and what pages they visited, what forms they drafted, etc. We can come close to this info through the use of analytics with DNS forwarding, but it's still not a bullet proof data match.

Is there anything on the roadmap to improve this level of logging?

We can see that Power Pages has a firewall capability now. This feels like a great step toward more control of traffic through Power Pages.

I work with quire secure Government departments and they often have an issue with the lack of logging and antivirus capability with Power Pages.

Antivirus needs to be managed after the file is uploaded and landed on the network. Although it is secure, some government security standards stipulate that they need the file to be scanned before landing into the secure network's storage. In the past we'd use F5 to scan during transmission. Is it possible to enable the new firewall to scan files prior to it landing into Storage blob, sharepoint or Annotations?

I understand that we have Defender for Cloud and Storage which I'm a fan of, but for it's not so simple for Annotations. Also sometimes we have old, outdated policies we simply can't get around.

It would be great to receive a reminder when the website authentication key is due for renewal, I had an internal company site that is used quite heavily within the firm down for just under a week because of this with no indication as to what the cause was, After checking all of the site settings and scouring my code for errors a simple refresh of the authentication key was all that was required. A lot of hassle for a tiny problem.

Either an email reminder to the owner or a notification when editing the site to say that the key needs to be renewed would be great