7 Mistakes To Avoid When Creating A Power Platform Environment
Setting up a Power Platform environment the wrong way can have serious consequences. This includes data-loss with no recovery from backups, lack of security that allows undesired users into the environment, and poor performance that hurts end-users efficiency. In this article I will show you how to properly setup
Table of Contents 1. Picking The Incorrect Region 2. Choosing The Wrong Environment Type 3. Forgetting To Enter An Environment URL 4. Failing To Apply A Security Group 5. Missing Security Roles Assignment To Users 6. Neglecting The Setup Of Data Policies 7. Delaying Applying Power Platform Licenses
1. Picking The Incorrect Region
You only have one chance to select the proper region. If you choose the wrong one, there is no way to change it. The only way forward is to create another new environment and start again.
The environment’s region matters because it determines which datacenter your Power Apps, Power Automate flows and your data lives in. Choose the datacenter closest to your users to deliver the best performance. Also consider data sovereignty – data stored outside of your home country will be subject to the laws where it is stored.
2. Choosing The Wrong Environment Type
The default environment type Sandbox enables the Reset action which deletes all data & customizations within the environment and restores it to factory settings. You cannot perform a restore to recover lost data or customizations because the environment backups get deleted too. It is critical that you make sure the environments used for production do not have the type Sandbox.
This mistake can be easily fixed by opening the environment in the Power Platform Admin Center and pressing the Convert To Production action.
3. Forgetting To Enter An Environment URL
Changing the environment URL after initial environment setup has the potential to break Power Automate flows and other customizations. For example, a Power Automate flow that uses the environment URL stored in an environment variable would begin to fail.
To update the environment URL after an environment is created go to Power Platform Admin center and Edit the environment settings.
4. Failing To Apply A Security Group
An environment with no security group allows the system administrator to assign roles and share apps & flows with any user in the tenant. Only developers should be allowed in the development environments to ensure no customizations are broken. Likewise, only authorized users should be allowed in the production environment to make certain no sensitive data is leaked.
To update the Security group go to Power Platform Admin center and Edit the environment settings.
5. Missing Security Roles Assignment To Users
Users cannot run apps in an environment until they are assigned at least a Basic User security role. Developers require an Environment Maker role or System Customizer role to create new resources and view data. Additional custom security roles may be required as well. Do not assume that because a user appears in the environment’s Users list that they have a security role.
To assign a security role to a user, open the Users menu, select a user and then click Manage Security Roles.
6. Neglecting The Setup Of Data Policies
Data policies define which connectors are enabled or blocked and which connectors can be used with one another. By default all connectors can be used with no limitations. Your organization’s private data can be sent to 3rd party online services and consumed by their APIs.
If proper data policy for the environment is unknown upon creation consider move all Microsoft connectors to the business category while leaving the others in the non-business category. This will prevent Microsoft connectors from interacting with 3rd party APIs. Consider blocking the HTTP connector until you have a good reason to enable it. The HTTP connector can access any API on the internet.
Also, if you decide to enact a data policy after apps & flows have already been developed, you run the risk of breaking them. The Power Platform Center Of Excellence Starter Kit includes a useful Power Apps app named DLP Editor. You can run an impact analysis before changing the data policy to see which specific apps & flows will break. Then you would inform their creators and find a resolution.
7. Delaying Applying Power Platform Licenses
Developers and end-users alike cannot use being using premium apps, flows and other services without Power Platform licensing. Per app and per flow licenses must be added to the environment as an add-on within the Capacity menu. The sames goes for AI Builder credits and Power Pages capacity.
Per user licenses are assigned to a user account and do not need to be assigned to each new environment created.
Did You Enjoy This Article? 😺
Subscribe to get new Power Apps articles sent to your inbox each week for FREE
If you have any questions or feedback about 7 Mistakes To Avoid When Creating A Power Platform Environment please leave a message in the comments section below. You can post using your email address and are not required to create an account to join the discussion.
Great post Matthew, thanks a lot. 🙂
Really helped me to check if my environments are in a good shape.
I’m glad you found it helpful 🙂
This email arrived as I sat down to work on exactly this issue. Absolutely essential reading which saved me a lot of time. As usual Mathew, you are a ray of sunshine. Thank you.
Great timing as I just had to do this for a client. I wonder what your thoughts are on creating a service principal for a brand new client? I go back and forth on if it would help with flow development or be unnecessarily complex. Thoughts?