Power Platform Governance and Administration

Currently, all the applications will be affected if the Limit sharing setting is enabled (https://learn.microsoft.com/en-us/power-platform/admin/managed-environment-sharing-limits). We should have the option to exclude some applications.

CREST penetration tester finds the Power Apps Canvas' (in mobile app) session cookies timeout is 60-90 minutes. We need this timeout to be configurable (to 10-15 minutes) which is not possible currently

Currently you can only delete all audit logs for an entity, or all audit logs before a date.

It is a common use case that you need to keep audit data for some entity longer, and other data shorter.

Following this use case I'm proposing that customers should be able to combine both criterias, e.g. send an audit log deletion request for all account audit data > 5 years and for all contact data > 3 years.

Currently, if we want to give the same security role to users belonging to a security group, there are only the following methods.

These are not efficient in terms of operation.

 - The system administrator manually grants security roles to users.

 - Create an Azure AD group with security roles and add users to that group.

 - Use XrmToolBox to give security roles to all users at once.

If this feature is implemented, we think it will make Dynamics 365 more convenient to use security groups and security roles more conveniently.

If the department is abolished when the department is abolished, I would like to automate the process of reassigning the specified record to the specified department with the deletion as a trigger.

Currently, I feel that it is inefficient because it requires manual operation in advance.

At the moment, Dataverse 'Incremental Update' Dataverse snapshots are created to a strict time schedule, configured when then synapse link is setup.

Also, snapshots are also only created (and able to be consumed) upon the arrival of new data, so old data can be handing around in a snapshot until new data arrives.

There are legitimate use-cases to manually stipulate a point of time for a snapshot creation, namely:

• Gathering of data at an arbitrary timepoint determined by an extraneous process, e.g. batch / scheduled processes.
• Forcing a cut of data at a time where new data is not arriving.
• Reducing cloud costs associated with ADF pipeline dataflows (explicit snapshot creation reduces the required frequency of the dataverse update, and inherent use of Integration Runtime cores).

It would be nice to restore only one dataverse table to another environment of a excel downloadable file.

Currently, there is a function to check the security score for the entire organization, but there is no function to check the security score for each environment.

Being able to check the security score for each environment will allow for more efficient management of each environment.

In many business scenarios, having long-term access to backup data is critical for compliance, audit trails, and data recovery. Currently, Dynamics 365 only allows backups to be managed in the cloud, and the retention period is limited based on system policies.

This feature would enable administrators to download a full backup of their Dynamics 365 environment directly to a local machine, ensuring that they can retain it indefinitely or for as long as required by business needs or regulatory requirements. With a downloadable backup, organizations can maintain control over their data for extended periods, providing added security and flexibility in managing data retention policies independently of cloud limitations.

This capability would be particularly valuable for industries with stringent data retention requirements or for organizations that need long-term access to historical data for analysis or auditing purposes.

We are a large organization and we often create support cases to Microsoft, I'm writing this from D365FO point of view.

we have 20 application specialists and 15+ external/guests.

In LCS we have the opportunity to see all support cases any person in the organization has created, even guests in our network.

Now when support portal has moved to PPAC you can only view what you alone has created which is not sufficient, I've been told by Microsoft support that this is possible to override if you have admin rights. This is sufficient for a very small number of users as you do not want to assign admin to no more than 2-3 users.

there is also the issue with external/guests to access our PPAC and the support portal.

We need

• roles for access for external/guests
• roles for access for all users to see all support cases by application/app