Power Platform Governance and Administration

According to the document:https://learn.microsoft.com/en-us/troubleshoot/power-platform/dataverse/working-with-solutions/install-failure-priviledge-not-assigned#workaround, there are 3 roles that can help import solution (System Administrator, System Customizer, and Environment Maker). However, it would be better if there is an out-of-the-box role that can focus on only export and import solution and help user share the components.

Currently, all the Asia-based tenant can create Dataverse environment from other region except for Australia and India. This is hard for some business scenario when the end-user is based in these 2 countries, but the administration and development need to be done from Asia region.

While Power Apps allows table selection and editing, it is inefficient for handling large volumes of records (querying, updating, deleting). Although SSMS can execute SQL on Dataverse tables, it currently does not support updates or deletions.

I want to be able to check inquiries made more than 2000 items ago in order to review past inquiries.

We received a message from Message Center (ID: MC942823) informed that starting in March 2025, the tenant isolation feature will be enabled by default for tenants that have not been configured with a tenant isolation policy

We understand that this will affect apps and flows using cross-tenant connections. However, there is currently no method to identify which apps and flows are using these connections or to list all the impacted apps and flows. If we have multiple apps or flows, we will have to check each one individually, which is a frustrating and time-consuming process.

It would be beneficial to have a feature in the future, such as a dashboard or a list, that helps summarize which apps and flows are using cross-tenant connections.

Hi Microsoft,

Recently we working on an issue and encountered the following potential security risk and it is co-related with Project for the web.

Project for the web stored it's data in Dataverse table name "Project" in default environment.

when comes to Power Platform administration and permission, System customizer role by default gain access to ALL Dataverse tables, including "Project".

System Customizer will be required when :

• Need to create custom table.

who will be potential users to assigned with System customizer:

• Developer
• External users who work on project.

This would means, when they are assigned with System Customizer role, automatically they will gain access to Project table and read all data.

Create a custom security role to limit the permission to "Project" table is an option, but only limited to person who aware of it. For those not aware, it is a data leak risk.

Can Microsoft re-evaluate system customizer permission?

Currently, PowerApps does not have a function to check the breakdown by app, so I would like you to add it.

Hello Team,

We were planning to get the notification alerts when the power platform environment changes from managed to unmanaged and vise versa as well.

We could be able to set this alert on all the environments as well as to a specific environment as well as per our requirement.

However, there is no such way available now. i would like to post my idea here, thus it can get noted. Thus in the future, we can have this alert added.

Thanks,

Minal

We need to clarify the region restriction in Azure policy applied to resource group since we're encountering a discrepancy in the parameters in the Azure policy when creating a Billing policy in Power Platform Admin Center.

The environment we're trying to add is located in [Australia Southeast], and the resource group is under policy which allows creation of resources in [Australia East] and [Australia Southeast]. Technically, this should pass because the location meets the requirements of the policy.

However, the Azure policy return the error missing region [Australia]. And only when user add [Australia] to the policy, it will allow the creation of Biling policy for the environment which is located in [Australia Southeast].

This doesn't make sense this this mean it will allow all region in Australia and is not restricted to Australia East and Southeast. There is no documentation mentioned this part, so this doesn't make sense to the end users.

We will need a documentation or explanation for this type of scenario to avoid confusion in the future.

When you delete any records from PPAC (e.g., deleting security role) and it is failed, only following error message is displayed.

"Unable to delete xxx. Please try again."

This message does not provide enough required information of root cause. In my case, actually it was due to dependency, but it was not easy to know it by error message.

Please consider making error message more detail and valid.