Orchestrating Python Inside the Power Platform

• Power Platform = Orchestration tier
• Python = Execution tier
• Azure = Governance tier

Separate coordination from computation.
Wrap it in identity, network containment, logging, and policy. If you don’t enforce boundaries, entropy does.
And entropy always scales faster than success. Body 1 — The Foundational Misunderstanding Power Platform Is a Control Plane (~700 words) The first mistake is calling Power Platform “a tool.” Excel is a tool.
Word is a tool. Power Platform is not. It is a control plane. It coordinates identity, connectors, environments, approvals, and data movement across your tenant. It doesn’t just automate work — it defines how work is allowed to happen. That distinction changes everything. When you treat a control plane like a toy, you stop designing it.
And when you stop designing it, the system designs itself. And it designs itself around exceptions. “Just one connector.”
“Just one bypass.”
“Just store the credential for now.”
“Just add a condition.” None of these feel large.
All of them accumulate. Eventually you’re not operating a deterministic architecture.
You’re operating a probabilistic one. The flow works — until:

• The owner leaves
• A token expires
• A connector changes its payload
• Licensing shifts
• Throttling kicks in
• A maker copies a flow and creates a parallel universe

It still “runs.” But it’s no longer governable. Then Python enters the conversation. The naive question is:
“Can Power Automate call Python?” Of course it can. The real question is:
Where does compute belong? Because Python is not “just code.”
It’s a runtime. Dependencies. Network paths. Secret handling. Patching. If you bolt that onto the control plane without boundaries, you don’t get hybrid architecture. You get shadow runtime. That’s how governance disappears — not through malice, but through convenience. So reframing is required: Power Platform orchestrates.
Python executes.
Azure governs. Treat Power Platform like a control plane, and you start asking architectural questions:

• Which principal is calling what?
• Where do secrets live?
• What is the network path?
• Where are logs correlated?
• What happens at 10× scale?

Most teams don’t ask those because the first flow works. Then you have 500 flows. Then audit shows up. That’s the governance ceiling. Body 2 — The Low-Code Ceiling When Flows Become Pipelines (~700 words) The pattern always looks the same. Flow #1: notify someone.
Flow #2: move data.
Flow #3: transform a spreadsheet. Then trust increases. And trust becomes load. Suddenly your “workflow” is:

• Parsing CSV
• Normalizing columns
• Deduplicating data
• Joining sources
• Handling bulk retries
• Building error reports

Inside a designer built to coordinate steps — not compute. Symptoms appear:

• Nested loops inside nested loops
• Scopes inside scopes
• Try/catch glued together
• Run histories with 600 actions
• Retry storms
• Throttling workarounds

It works.
But you’ve turned orchestration into accidental ETL. This is where people say:
“Maybe we should call Python.” The instinct is right. But the boundary matters. If Python is:

• A file watcher
• A laptop script
• A shared service account
• A public HTTP trigger
• A hidden token in a variable

You haven’t added architecture. You’ve added entropy. The right split is simple:

• Flow decides that work happens
• Python performs deterministic computation
• Azure enforces identity and containment

When orchestration stays orchestration, flows become readable again. When execution moves out, retries become intentional. When governance is explicit, scale stops being luck. The low-code ceiling isn’t about capability. It’s about responsibility. Body 3 — Define the Three-Tier Model (~700 words) This isn’t a diagram. It’s an ownership contract. Tier 1 — Orchestration (Power Platform) Responsible for:

• Triggers
• Approvals
• Routing
• Status tracking
• Notifications
• Human interaction

Not responsible for:

• Heavy transforms
• Bulk compute
• Dependency management
• Runtime patching

Tier 2 — Execution (Python) Responsible for:

• Deterministic compute
• Validation
• Deduplication
• Inference
• Bulk updates
• Schema enforcement
• Idempotency

Behaves like a service, not a script. That means:

• Versioned contracts
• Structured responses
• Bounded payloads
• Explicit failures

Tier 3 — Governance (Azure) Responsible for:

• Workload identity (Entra ID)
• Managed identities
• Secrets
• Network containment
• Private endpoints
• API policies
• Logging and correlation

Without Tier 3, Tier 1 and 2 collapse under entropy. Body 4 — The Anti-Pattern Python Sidecar in the Shadows (~700 words) Every tenant has this:

• File watcher polling a folder
• Python script on a jump box
• Shared automation account
• Public function “temporarily exposed”
• Secret pasted in environment variable

It works. Until it doesn’t. Failure modes:

• OS patch breaks dependency
• Credential expires
• Laptop shuts down
• Firewall changes
• Package update changes behavior
• Nobody knows who owns it

That’s not hybrid. That’s a haunted extension cord. The hybrid replacement is explicit:

• Authenticated workload identity
• Private endpoint
• APIM enforcement
• Structured contract
• Correlated logging

If Python is going to

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365–6704921/support.

If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.