Now Reading: Power Platform Governance Problems
-
01
Power Platform Governance Problems
1
00:00:00,000 –> 00:00:02,440
A global enterprise ran a tenant audit last year.
2
00:00:02,440 –> 00:00:05,200
They found something most organizations never look for.
3
00:00:05,200 –> 00:00:09,680
6,200 applications, 4,000 flows, 900 connectors.
4
00:00:09,680 –> 00:00:11,720
All inside a single default environment.
5
00:00:11,720 –> 00:00:13,880
The default environment is supposed to be a playground.
6
00:00:13,880 –> 00:00:17,080
It’s where users experiment, where they build personal productivity apps,
7
00:00:17,080 –> 00:00:18,600
it’s not where you run production.
8
00:00:18,600 –> 00:00:19,920
Yet that’s exactly what happened.
9
00:00:19,920 –> 00:00:24,080
An entire shadow application platform, apps owned by employees who left years ago,
10
00:00:24,080 –> 00:00:26,960
flows triggering business critical processes with no monitoring,
11
00:00:26,960 –> 00:00:29,880
data moving through integrations, nobody documented,
12
00:00:29,880 –> 00:00:31,800
nobody approved, nobody owned.
13
00:00:31,800 –> 00:00:33,880
When I say nobody owned it, I mean literally.
14
00:00:33,880 –> 00:00:37,640
Most apps had an owner field pointing to a user ID from 2019,
15
00:00:37,640 –> 00:00:39,240
that person no longer worked there.
16
00:00:39,240 –> 00:00:42,320
Here’s what matters, this wasn’t a breach, this wasn’t rogue developers.
17
00:00:42,320 –> 00:00:46,640
This was the natural outcome of treating a development platform like it’s a productivity tool.
18
00:00:46,640 –> 00:00:47,840
That distinction matters.
19
00:00:47,840 –> 00:00:49,440
This episode explains why.
20
00:00:49,440 –> 00:00:51,280
While local adoption exploded.
21
00:00:51,280 –> 00:00:53,560
To understand how we got here, go back 10 years.
22
00:00:53,560 –> 00:00:55,440
IT backlogs everywhere hit a wall.
23
00:00:55,440 –> 00:00:57,640
Request queue sat at 12 to 18 months.
24
00:00:57,640 –> 00:01:01,120
You’d submit a project request and know you weren’t getting an answer for over a year.
25
00:01:01,120 –> 00:01:02,920
Business units got tired of waiting.
26
00:01:02,920 –> 00:01:05,320
Tired of a T saying, “We’ll get to you eventually,”
27
00:01:05,320 –> 00:01:08,320
the market for professional developers was brutal.
28
00:01:08,320 –> 00:01:10,040
Supply couldn’t keep pace with demand.
29
00:01:10,040 –> 00:01:12,120
Companies bid against each other for talent.
30
00:01:12,120 –> 00:01:14,360
A competent developer could write their own ticket.
31
00:01:14,360 –> 00:01:17,720
Salaries climbed, hiring freezes meant fewer people doing more work.
32
00:01:17,720 –> 00:01:20,440
Low-code platforms came along with a specific promise.
33
00:01:20,440 –> 00:01:22,320
Apps in weeks instead of months.
34
00:01:22,320 –> 00:01:23,920
No coding expertise required.
35
00:01:23,920 –> 00:01:28,000
Business users could build database applications using visual interfaces.
36
00:01:28,000 –> 00:01:29,000
No SQL.
37
00:01:29,000 –> 00:01:30,560
No programming languages.
38
00:01:30,560 –> 00:01:31,680
Drag and drop.
39
00:01:31,680 –> 00:01:33,200
Click and configure.
40
00:01:33,200 –> 00:01:34,640
The narrative was compelling.
41
00:01:34,640 –> 00:01:37,240
Let citizen developers solve the backlog problem.
42
00:01:37,240 –> 00:01:39,560
Free up IT to focus on infrastructure.
43
00:01:39,560 –> 00:01:44,360
Let the business build what it actually needs instead of waiting months for IT to translate requirements.
44
00:01:44,360 –> 00:01:46,040
Executives love the cost story.
45
00:01:46,040 –> 00:01:50,560
A citizen developer building apps in Power Apps doesn’t cost $150,000 salary.
46
00:01:50,560 –> 00:01:52,440
Doesn’t require six months of waiting.
47
00:01:52,440 –> 00:01:55,360
Doesn’t require formal requirements and project meetings.
48
00:01:55,360 –> 00:01:59,720
By 2026, citizen developers outnumbered professional developers 4-to-1.
49
00:01:59,720 –> 00:02:03,720
Four business users building applications for every train software engineer.
50
00:02:03,720 –> 00:02:05,240
The platforms made this effortless.
51
00:02:05,240 –> 00:02:08,440
Microsoft Power Platform integrated into Microsoft 365.
52
00:02:08,440 –> 00:02:10,560
You already had a Microsoft 365 license.
53
00:02:10,560 –> 00:02:11,760
Power Apps was included.
54
00:02:11,760 –> 00:02:13,200
Power Automate was included.
55
00:02:13,200 –> 00:02:15,000
You clicked buttons and built something that worked.
56
00:02:15,000 –> 00:02:16,520
Something that solved the real problem.
57
00:02:16,520 –> 00:02:18,960
Something that moved today instead of 2027.
58
00:02:18,960 –> 00:02:21,120
Here’s the architectural mistake nobody discussed.
59
00:02:21,120 –> 00:02:23,760
Organizations believe low-code meant less governance.
60
00:02:23,760 –> 00:02:26,880
Fewer rules, fewer policies, more speed, less bureaucracy.
61
00:02:26,880 –> 00:02:28,000
That’s not what it meant.
62
00:02:28,000 –> 00:02:30,360
Low-code actually means distributed governance.
63
00:02:30,360 –> 00:02:33,960
It means spreading development authority across the organization.
64
00:02:33,960 –> 00:02:36,560
It means thousands of people making architectural decisions
65
00:02:36,560 –> 00:02:38,760
who’ve never taken a software engineering course.
66
00:02:38,760 –> 00:02:40,760
It means building systems without the discipline
67
00:02:40,760 –> 00:02:43,480
that traditionally constrained those decisions.
68
00:02:43,480 –> 00:02:46,400
Speed without architecture creates a specific problem.
69
00:02:46,400 –> 00:02:49,160
Organizations discovered that within three to five years.
70
00:02:49,160 –> 00:02:51,080
But we’re getting ahead of ourselves.
71
00:02:51,080 –> 00:02:52,880
The architectural misunderstanding.
72
00:02:52,880 –> 00:02:56,160
Most organizations treat Power Platform as a productivity tool.
73
00:02:56,160 –> 00:02:57,120
Like Excel.
74
00:02:57,120 –> 00:02:59,680
Like SharePoint, something you enable for the business
75
00:02:59,680 –> 00:03:01,560
and trust users to operate responsibly.
76
00:03:01,560 –> 00:03:03,320
That is not what Power Platform is.
77
00:03:03,320 –> 00:03:06,840
Architecturally, Power Platform is a distributed development environment
78
00:03:06,840 –> 00:03:09,280
embedded inside Microsoft 365.
79
00:03:09,280 –> 00:03:10,480
That distinction matters.
80
00:03:10,480 –> 00:03:12,680
That distinction explains everything that goes wrong.
81
00:03:12,680 –> 00:03:14,320
A productivity tool stores data.
82
00:03:14,320 –> 00:03:15,720
Manages collaboration.
83
00:03:15,720 –> 00:03:17,880
Let’s use this organization.
84
00:03:17,880 –> 00:03:19,360
Excel is a productivity tool.
85
00:03:19,360 –> 00:03:20,800
SharePoint is a productivity tool.
86
00:03:20,800 –> 00:03:21,920
You can misconfigure them.
87
00:03:21,920 –> 00:03:22,880
You can leak data.
88
00:03:22,880 –> 00:03:24,840
But they are not fundamentally platforms
89
00:03:24,840 –> 00:03:26,280
for building applications.
90
00:03:26,280 –> 00:03:27,760
Power Platform is different.
91
00:03:27,760 –> 00:03:29,440
It is an application development platform.
92
00:03:29,440 –> 00:03:30,240
It has a runtime.
93
00:03:30,240 –> 00:03:31,320
It has a data layer.
94
00:03:31,320 –> 00:03:34,080
It has connectors that integrate external systems.
95
00:03:34,080 –> 00:03:36,600
It can trigger automations across your entire technology
96
00:03:36,600 –> 00:03:37,080
estate.
97
00:03:37,080 –> 00:03:38,600
It can move data between systems.
98
00:03:38,600 –> 00:03:41,200
It can make decisions and execute them automatically.
99
00:03:41,200 –> 00:03:42,400
Here is what it does not have.
100
00:03:42,400 –> 00:03:43,200
A compiler.
101
00:03:43,200 –> 00:03:44,600
No static type checking.
102
00:03:44,600 –> 00:03:46,280
No forced deployment pipeline.
103
00:03:46,280 –> 00:03:47,040
No code review.
104
00:03:47,040 –> 00:03:48,440
No version control requirement.
105
00:03:48,440 –> 00:03:50,000
No automated testing framework.
106
00:03:50,000 –> 00:03:52,640
No governance enforced by the platform itself.
107
00:03:52,640 –> 00:03:54,440
This is the architectural truth.
108
00:03:54,440 –> 00:03:56,760
Every citizen developer using Power Platform
109
00:03:56,760 –> 00:03:58,200
is effectively writing software.
110
00:03:58,200 –> 00:03:59,840
They are architecting databases.
111
00:03:59,840 –> 00:04:01,280
They are building business logic.
112
00:04:01,280 –> 00:04:02,680
They are integrating systems.
113
00:04:02,680 –> 00:04:04,160
They are making security decisions.
114
00:04:04,160 –> 00:04:07,000
They are implementing data flows that touch sensitive information.
115
00:04:07,000 –> 00:04:09,520
They are doing this without formal training.
116
00:04:09,520 –> 00:04:10,840
Without architecture review.
117
00:04:10,840 –> 00:04:12,640
Without the discipline that traditionally
118
00:04:12,640 –> 00:04:15,080
constrained these decisions in software engineering.
119
00:04:15,080 –> 00:04:17,240
Organizations deployed a development platform
120
00:04:17,240 –> 00:04:18,720
without development discipline.
121
00:04:18,720 –> 00:04:20,520
Then they told users to go build.
122
00:04:20,520 –> 00:04:22,160
What looks like citizen productivity
123
00:04:22,160 –> 00:04:24,240
is actually unmanaged applications sprawl.
124
00:04:24,240 –> 00:04:25,600
The comparison matters.
125
00:04:25,600 –> 00:04:28,720
When you enable Excel, you are enabling a spreadsheet tool.
126
00:04:28,720 –> 00:04:30,400
Users can build bad spreadsheets.
127
00:04:30,400 –> 00:04:32,920
Users can create massive workbooks with broken formulas.
128
00:04:32,920 –> 00:04:33,800
You can lose data.
129
00:04:33,800 –> 00:04:35,480
But the blast radius is contained.
130
00:04:35,480 –> 00:04:36,480
It is a spreadsheet.
131
00:04:36,480 –> 00:04:38,560
The organization survives.
132
00:04:38,560 –> 00:04:39,880
When you enable Power Platform,
133
00:04:39,880 –> 00:04:41,600
you are enabling a development platform.
134
00:04:41,600 –> 00:04:43,400
Users can build bad applications.
135
00:04:43,400 –> 00:04:46,560
Users can create integrations that violate security policy.
136
00:04:46,560 –> 00:04:49,600
Users can move sensitive data where it should not go.
137
00:04:49,600 –> 00:04:52,720
Users can create automations that trigger uncontrollably.
138
00:04:52,720 –> 00:04:54,480
The organization does not just survive.
139
00:04:54,480 –> 00:04:56,480
It is now running mission critical processes
140
00:04:56,480 –> 00:04:58,720
built by people who have never seen a design pattern.
141
00:04:58,720 –> 00:05:00,920
This is not a judgment about citizen developers.
142
00:05:00,920 –> 00:05:01,920
This is architecture.
143
00:05:01,920 –> 00:05:04,360
This is what happens when you distribute development authority
144
00:05:04,360 –> 00:05:06,520
without distributing development discipline.
145
00:05:06,520 –> 00:05:08,000
The platforms make this invisible.
146
00:05:08,000 –> 00:05:11,000
Power Apps makes it effortless to connect to a data source.
147
00:05:11,000 –> 00:05:13,520
You click, you drag, you drop, and app appears.
148
00:05:13,520 –> 00:05:15,040
It works. It solves a problem.
149
00:05:15,040 –> 00:05:17,400
The UI is clean. The interactions are smooth.
150
00:05:17,400 –> 00:05:19,960
You have no sense that you just built a database application
151
00:05:19,960 –> 00:05:22,240
with no normalization, no referential integrity,
152
00:05:22,240 –> 00:05:23,200
no access controls.
153
00:05:23,200 –> 00:05:25,720
The ease of construction is precisely why this matters.
154
00:05:25,720 –> 00:05:29,240
Organizations see speed and interpret it as simplicity.
155
00:05:29,240 –> 00:05:30,840
Speed in low code is not simplicity.
156
00:05:30,840 –> 00:05:32,280
Speed is abstraction.
157
00:05:32,280 –> 00:05:35,480
The platform is hiding complexity, not eliminating it.
158
00:05:35,480 –> 00:05:38,240
It is hiding the fact that you are building software.
159
00:05:38,240 –> 00:05:40,280
Here is what a citizen developer sees.
160
00:05:40,280 –> 00:05:42,080
I clicked buttons and built an app.
161
00:05:42,080 –> 00:05:44,280
This app lets my team organize their work.
162
00:05:44,280 –> 00:05:47,480
This app saves time. This app works.
163
00:05:47,480 –> 00:05:49,240
Here is what an architect sees.
164
00:05:49,240 –> 00:05:51,640
This application has no documented data model.
165
00:05:51,640 –> 00:05:54,520
It has no owner. It has no documented business purpose.
166
00:05:54,520 –> 00:05:55,960
It has no retirement plan.
167
00:05:55,960 –> 00:05:59,360
It connects to three external systems with no audit trail.
168
00:05:59,360 –> 00:06:02,200
It stores credentials in the app’s connection reference.
169
00:06:02,200 –> 00:06:04,400
It uses a personal cloud account for storage.
170
00:06:04,400 –> 00:06:05,840
It has no security review.
171
00:06:05,840 –> 00:06:08,000
It will fail silently when that person leaves.
172
00:06:08,000 –> 00:06:09,560
These are the same app.
173
00:06:09,560 –> 00:06:12,240
Two different interpretations of the same reality.
174
00:06:12,240 –> 00:06:16,560
The architectural misunderstanding is treating the citizen developer’s interpretation as complete.
175
00:06:16,560 –> 00:06:18,640
Organizations believe they have a productivity tool
176
00:06:18,640 –> 00:06:20,880
when they have deployed an unmanaged development platform.
177
00:06:20,880 –> 00:06:22,600
They believe they have empowered the business
178
00:06:22,600 –> 00:06:25,600
when they have distributed architectural responsibility
179
00:06:25,600 –> 00:06:27,560
across people without architectural training.
180
00:06:27,560 –> 00:06:29,160
This is where the problems begin.
181
00:06:29,160 –> 00:06:30,920
Not because low code is bad.
182
00:06:30,920 –> 00:06:32,800
But because architecture matters.
183
00:06:32,800 –> 00:06:34,480
The default environment disaster.
184
00:06:34,480 –> 00:06:37,840
Every Microsoft 365 tenant comes with a default environment.
185
00:06:37,840 –> 00:06:39,600
This environment exists for a reason.
186
00:06:39,600 –> 00:06:41,160
It is meant to be a sandbox.
187
00:06:41,160 –> 00:06:43,560
A place where users experiment where they learn
188
00:06:43,560 –> 00:06:47,040
where they build personal productivity apps without friction.
189
00:06:47,040 –> 00:06:48,720
Here is what actually happens.
190
00:06:48,720 –> 00:06:52,200
The default environment becomes the primary application platform.
191
00:06:52,200 –> 00:06:55,080
By default, every user in your tenant is an environment maker.
192
00:06:55,080 –> 00:06:57,440
That means they can create apps in the default environment.
193
00:06:57,440 –> 00:06:58,280
They can create flows.
194
00:06:58,280 –> 00:07:01,160
They can build without approval, without review.
195
00:07:01,160 –> 00:07:04,920
Without anyone knowing it exists until something breaks.
196
00:07:04,920 –> 00:07:07,240
The data from tenant audits is consistent.
197
00:07:07,240 –> 00:07:10,200
70 to 80% of all power platform artifacts,
198
00:07:10,200 –> 00:07:13,520
apps, flows, automations exist in the default environment.
199
00:07:13,520 –> 00:07:15,160
Not in manage production environments.
200
00:07:15,160 –> 00:07:16,760
Not in isolated team environments.
201
00:07:16,760 –> 00:07:20,560
Not in controlled govern spaces in the default environment.
202
00:07:20,560 –> 00:07:23,400
This reveals the reality most organizations avoid.
203
00:07:23,400 –> 00:07:26,200
They never implemented environment architecture at all.
204
00:07:26,200 –> 00:07:27,240
They enabled power platform.
205
00:07:27,240 –> 00:07:28,800
They told users to go build.
206
00:07:28,800 –> 00:07:30,720
They left the default environment open.
207
00:07:30,720 –> 00:07:33,000
And then they were surprised when the default environment
208
00:07:33,000 –> 00:07:34,800
contained thousands of applications.
209
00:07:34,800 –> 00:07:37,840
The surprise is the indicator that architecture did not happen.
210
00:07:37,840 –> 00:07:41,160
Let me describe what happened in that global enterprise we discussed.
211
00:07:41,160 –> 00:07:43,800
The audit found 6,200 applications.
212
00:07:43,800 –> 00:07:46,720
4,000 flows, 900 connectors.
213
00:07:46,720 –> 00:07:48,160
All in the default environment.
214
00:07:48,160 –> 00:07:49,560
Think about that scale for a moment.
215
00:07:49,560 –> 00:07:50,440
That is not a mistake.
216
00:07:50,440 –> 00:07:52,160
That is not a few rogue developers.
217
00:07:52,160 –> 00:07:54,160
That is the outcome of an organization saying
218
00:07:54,160 –> 00:07:57,760
everyone can build without defining where, how, or under what conditions.
219
00:07:57,760 –> 00:08:01,960
When the audit team asked about those 6,000 applications, they discovered a pattern.
220
00:08:01,960 –> 00:08:06,720
First, 40 to 50% of the applications showed zero usage in the past year.
221
00:08:06,720 –> 00:08:10,120
They had been created possibly used once, then abandoned.
222
00:08:10,120 –> 00:08:13,440
Yet they remained in the environment, connected to live data sources,
223
00:08:13,440 –> 00:08:16,960
retaining security permissions, creating permanent attack surface.
224
00:08:16,960 –> 00:08:20,320
Second, most applications had no documented owner.
225
00:08:20,320 –> 00:08:24,240
The owner field pointed to user IDs that no longer existed in the directory.
226
00:08:24,240 –> 00:08:27,480
Those people had left the company, retired, moved to different roles.
227
00:08:27,480 –> 00:08:28,760
The applications remained.
228
00:08:28,760 –> 00:08:32,120
Often unmanaged, connected to systems they were never meant to touch.
229
00:08:32,120 –> 00:08:34,280
Third, the flows, thousands of them.
230
00:08:34,280 –> 00:08:37,480
Were triggering automations across the entire technology estate.
231
00:08:37,480 –> 00:08:42,160
Some updated SharePoint sites, some sent emails, some moved data between systems.
232
00:08:42,160 –> 00:08:44,160
Many had no documentation about their purpose.
233
00:08:44,160 –> 00:08:45,400
Most had no monitoring.
234
00:08:45,400 –> 00:08:47,280
If a flow failed silently, nobody knew.
235
00:08:47,280 –> 00:08:50,720
If a flow triggered unexpectedly, nobody understood why.
236
00:08:50,720 –> 00:08:53,280
Fourth, the connectors revealed the data story.
237
00:08:53,280 –> 00:08:57,160
900 different connector instances, meaning 900 different integrations
238
00:08:57,160 –> 00:08:58,840
to external systems and services.
239
00:08:58,840 –> 00:09:01,320
Some of those connectors used personal cloud accounts.
240
00:09:01,320 –> 00:09:04,840
Someone’s drop box, someone’s one drive, someone’s personal Google drive.
241
00:09:04,840 –> 00:09:08,520
Data was flowing to personal storage because the app needed somewhere to put files
242
00:09:08,520 –> 00:09:11,360
and the easiest path was the user’s personal cloud account.
243
00:09:11,360 –> 00:09:14,200
Let me be precise about what this means architecturally.
244
00:09:14,200 –> 00:09:18,000
An unmanaged shadow application platform had emerged inside the tenant.
245
00:09:18,000 –> 00:09:19,280
Not unauthorized.
246
00:09:19,280 –> 00:09:20,760
Power platform was approved.
247
00:09:20,760 –> 00:09:23,480
But the applications themselves had no governance.
248
00:09:23,480 –> 00:09:24,840
No lifecycle management.
249
00:09:24,840 –> 00:09:26,440
No ownership accountability.
250
00:09:26,440 –> 00:09:28,080
No documented business purpose.
251
00:09:28,080 –> 00:09:33,040
The organization was running production workflows inside an environment designed for personal experimentation.
252
00:09:33,040 –> 00:09:36,040
When you ask why this happened, the answer is simple.
253
00:09:36,040 –> 00:09:39,040
The default environment is frictionless.
254
00:09:39,040 –> 00:09:41,840
Creating an app in the default environment takes minutes.
255
00:09:41,840 –> 00:09:42,760
No approval.
256
00:09:42,760 –> 00:09:44,280
No environment request.
257
00:09:44,280 –> 00:09:45,760
No security review.
258
00:09:45,760 –> 00:09:46,800
No wait.
259
00:09:46,800 –> 00:09:48,080
Just click and build.
260
00:09:48,080 –> 00:09:51,720
When you ask why it was never discovered, the answer is also simple.
261
00:09:51,720 –> 00:09:53,880
Default environment usage was invisible.
262
00:09:53,880 –> 00:09:56,080
It does not appear on most governance dashboards.
263
00:09:56,080 –> 00:09:57,360
It does not trigger alerts.
264
00:09:57,360 –> 00:10:02,600
It just grows quietly until an audit reveals thousands of applications that nobody knew existed.
265
00:10:02,600 –> 00:10:04,560
This is the default environment disaster.
266
00:10:04,560 –> 00:10:07,800
Not that the environment exists environments are necessary.
267
00:10:07,800 –> 00:10:12,960
But that organization’s deployed a development platform left the development environment completely open
268
00:10:12,960 –> 00:10:16,160
and then acted surprised when developers filled it with applications.
269
00:10:16,160 –> 00:10:18,160
The default environment is not the real problem.
270
00:10:18,160 –> 00:10:22,560
It is the symptom, the symptom of an organization that enabled a development platform without implementing
271
00:10:22,560 –> 00:10:25,040
the governance that development platforms require.
272
00:10:25,040 –> 00:10:26,640
But this is just one failure pattern.
273
00:10:26,640 –> 00:10:28,480
The real problem runs deeper.
274
00:10:28,480 –> 00:10:30,120
The connector governance gap.
275
00:10:30,120 –> 00:10:32,440
Power platform connectors are the integration layer.
276
00:10:32,440 –> 00:10:36,120
They are how applications reach beyond the platform and touch the rest of your technology
277
00:10:36,120 –> 00:10:37,120
estate.
278
00:10:37,120 –> 00:10:38,280
A connector is a bridge.
279
00:10:38,280 –> 00:10:40,480
It connects power apps to SharePoint.
280
00:10:40,480 –> 00:10:42,400
Connects power automate to Dynamics.
281
00:10:42,400 –> 00:10:44,400
Connects applications to external services.
282
00:10:44,400 –> 00:10:47,120
Connects your internal systems to personal cloud accounts.
283
00:10:47,120 –> 00:10:48,600
This is where the real damage happens.
284
00:10:48,600 –> 00:10:51,040
The architectural problem is structural.
285
00:10:51,040 –> 00:10:54,720
Connectors are approved at the tenant level, not enforced at the application level.
286
00:10:54,720 –> 00:10:59,000
An administrator approves a connector that connector becomes available to every application in
287
00:10:59,000 –> 00:11:00,000
the environment.
288
00:11:00,000 –> 00:11:02,400
Every flow, every app, every automation.
289
00:11:02,400 –> 00:11:06,400
There is no concept of this connector is approved for this specific application or this
290
00:11:06,400 –> 00:11:08,920
connector can only access this specific data.
291
00:11:08,920 –> 00:11:11,520
The approval is binary, approved or blocked.
292
00:11:11,520 –> 00:11:13,840
Once approved, it is available everywhere.
293
00:11:13,840 –> 00:11:15,080
Here is the vulnerability.
294
00:11:15,080 –> 00:11:18,800
Overly permissive connector policies create data leakage pathways.
295
00:11:18,800 –> 00:11:23,640
A single poorly configured flow can expose sensitive data across organizational boundaries.
296
00:11:23,640 –> 00:11:27,280
After what happened at a financial services organization, they enabled power platform.
297
00:11:27,280 –> 00:11:30,240
They wanted citizen developers building workflow automations.
298
00:11:30,240 –> 00:11:32,640
They wanted to accelerate digital transformation.
299
00:11:32,640 –> 00:11:34,880
They approved connectors for the business.
300
00:11:34,880 –> 00:11:36,200
SharePoint connector.
301
00:11:36,200 –> 00:11:37,200
Dynamics connector.
302
00:11:37,200 –> 00:11:38,400
One drive connector.
303
00:11:38,400 –> 00:11:39,880
Outlook connector.
304
00:11:39,880 –> 00:11:43,040
Standard business services.
305
00:11:43,040 –> 00:11:47,440
A few months later, an architect noticed something unusual in the audit logs.
306
00:11:47,440 –> 00:11:50,760
Power apps were moving SharePoint data into personal Dropbox accounts.
307
00:11:50,760 –> 00:11:52,680
Not a Dropbox managed by the company.
308
00:11:52,680 –> 00:11:53,680
Personal Dropbox accounts.
309
00:11:53,680 –> 00:11:56,080
Someone’s individual cloud storage.
310
00:11:56,080 –> 00:11:58,440
When they traced the flow, the path was simple.
311
00:11:58,440 –> 00:12:02,560
An application was reading confidential data from a secure SharePoint library.
312
00:12:02,560 –> 00:12:04,520
The SharePoint connector accessed the data.
313
00:12:04,520 –> 00:12:07,320
The Dropbox connector moved the data to personal storage.
314
00:12:07,320 –> 00:12:09,720
No security warning, no policy violation detected.
315
00:12:09,720 –> 00:12:10,720
No audit alert.
316
00:12:10,720 –> 00:12:11,720
The connectors were approved.
317
00:12:11,720 –> 00:12:13,680
The user had the right to access SharePoint.
318
00:12:13,680 –> 00:12:15,480
The Dropbox connector moved the files.
319
00:12:15,480 –> 00:12:17,920
From the platform’s perspective, everything was legitimate.
320
00:12:17,920 –> 00:12:20,720
From a compliance perspective, it was a near catastrophe.
321
00:12:20,720 –> 00:12:24,600
Sensitive financial data was sitting in someone’s personal cloud account.
322
00:12:24,600 –> 00:12:25,920
Not encrypted by the company.
323
00:12:25,920 –> 00:12:28,240
Not secured by corporate DLP policies.
324
00:12:28,240 –> 00:12:30,560
Not subject to corporate retention policies.
325
00:12:30,560 –> 00:12:32,800
Accessible by whatever device that person used.
326
00:12:32,800 –> 00:12:35,400
Backed up by whatever backup service Dropbox uses.
327
00:12:35,400 –> 00:12:38,680
Potentially accessible to anyone who compromises that personal account.
328
00:12:38,680 –> 00:12:40,360
The root cause was not user-mallus.
329
00:12:40,360 –> 00:12:43,360
The person building the flow was trying to solve a real problem.
330
00:12:43,360 –> 00:12:44,720
They needed to get data somewhere.
331
00:12:44,720 –> 00:12:46,280
They needed to automate a process.
332
00:12:46,280 –> 00:12:47,960
They had access to a SharePoint library.
333
00:12:47,960 –> 00:12:49,480
They had a personal Dropbox account.
334
00:12:49,480 –> 00:12:50,440
They connected them.
335
00:12:50,440 –> 00:12:51,440
The system allowed it.
336
00:12:51,440 –> 00:12:52,440
So they did it.
337
00:12:52,440 –> 00:12:55,160
The organization believed Power Platform was secured by default.
338
00:12:55,160 –> 00:12:58,360
It is not security and Power Platform is permissive by default.
339
00:12:58,360 –> 00:13:02,040
If a connector is approved and a user has permission, the data moves.
340
00:13:02,040 –> 00:13:03,520
Here is the architectural problem.
341
00:13:03,520 –> 00:13:05,520
Data loss prevention policies exist.
342
00:13:05,520 –> 00:13:08,720
DLP and Power Platform can restrict connector combinations.
343
00:13:08,720 –> 00:13:12,720
You can create rules that say SharePoint connector cannot be used in the same flow as
344
00:13:12,720 –> 00:13:14,800
personal cloud storage connectors.
345
00:13:14,800 –> 00:13:16,760
You can enforce this at the environment level.
346
00:13:16,760 –> 00:13:18,360
You can audit violations.
347
00:13:18,360 –> 00:13:20,720
The DLP policies are not automatically applied.
348
00:13:20,720 –> 00:13:22,560
They require explicit configuration.
349
00:13:22,560 –> 00:13:26,720
They require an organization to think through which connector combinations are risky.
350
00:13:26,720 –> 00:13:31,640
They require someone to define data sensitivity levels and map those to connector restrictions.
351
00:13:31,640 –> 00:13:33,040
Most organizations never do this.
352
00:13:33,040 –> 00:13:36,800
They approve connectors and assume the user will make responsible choices.
353
00:13:36,800 –> 00:13:38,360
This is not architecture.
354
00:13:38,360 –> 00:13:39,600
This is hope.
355
00:13:39,600 –> 00:13:41,560
The consequence is straightforward.
356
00:13:41,560 –> 00:13:43,920
Sensitive data moves where it should not go.
357
00:13:43,920 –> 00:13:45,320
Sometimes to personal accounts.
358
00:13:45,320 –> 00:13:46,960
Sometimes to external services.
359
00:13:46,960 –> 00:13:49,400
To systems without encryption.
360
00:13:49,400 –> 00:13:54,560
Sometimes in violation of compliance requirements, the organization never documented in the first place.
361
00:13:54,560 –> 00:13:56,560
One near breach becomes multiple breaches.
362
00:13:56,560 –> 00:13:57,840
Multiple breaches become a pattern.
363
00:13:57,840 –> 00:13:59,640
A pattern becomes a compliance violation.
364
00:13:59,640 –> 00:14:04,600
This connector governance gap is the infrastructure underneath the default environment disaster.
365
00:14:04,600 –> 00:14:06,400
Both reveal the same underlying truth.
366
00:14:06,400 –> 00:14:11,240
Power Platform distributes capability without distributing the governance that capability requires.
367
00:14:11,240 –> 00:14:15,040
But the data movement problem is actually secondary to what comes next.
368
00:14:15,040 –> 00:14:17,720
Because the real sprawl happens in the automations.
369
00:14:17,720 –> 00:14:19,520
The flow explosion problem.
370
00:14:19,520 –> 00:14:21,600
Power Automate flows are automation pipelines.
371
00:14:21,600 –> 00:14:22,680
They trigger on events.
372
00:14:22,680 –> 00:14:23,920
They execute business logic.
373
00:14:23,920 –> 00:14:25,200
They integrate systems.
374
00:14:25,200 –> 00:14:27,560
A flow watches for a specific condition.
375
00:14:27,560 –> 00:14:28,800
A file is created.
376
00:14:28,800 –> 00:14:29,800
An email arrives.
377
00:14:29,800 –> 00:14:31,040
A record is modified.
378
00:14:31,040 –> 00:14:32,040
And then it acts.
379
00:14:32,040 –> 00:14:33,560
It sends a notification.
380
00:14:33,560 –> 00:14:35,360
It creates a record in another system.
381
00:14:35,360 –> 00:14:36,360
It moves data.
382
00:14:36,360 –> 00:14:39,000
It makes a decision and executes the consequence.
383
00:14:39,000 –> 00:14:40,320
Flows are easy to build.
384
00:14:40,320 –> 00:14:41,320
Extremely easy.
385
00:14:41,320 –> 00:14:42,320
You specify a trigger.
386
00:14:42,320 –> 00:14:43,320
You add actions.
387
00:14:43,320 –> 00:14:44,320
You save.
388
00:14:44,320 –> 00:14:45,320
No runs.
389
00:14:45,320 –> 00:14:46,600
No deployment process.
390
00:14:46,600 –> 00:14:47,600
No version control.
391
00:14:47,600 –> 00:14:48,880
No approval gate.
392
00:14:48,880 –> 00:14:53,400
A user with the right permissions can build a flow in 10 minutes that touches your entire enterprise
393
00:14:53,400 –> 00:14:54,400
architecture.
394
00:14:54,400 –> 00:14:56,320
This is where scale becomes a problem.
395
00:14:56,320 –> 00:14:58,160
Large tenants accumulate thousands of flows.
396
00:14:58,160 –> 00:14:59,160
Not hundreds.
397
00:14:59,160 –> 00:15:00,160
Thousands.
398
00:15:00,160 –> 00:15:01,240
A retail organization we mentioned.
399
00:15:01,240 –> 00:15:05,040
They ran an audit and found 11,000 power automate flows.
400
00:15:05,040 –> 00:15:09,640
11,000 automations running across their technology estate with no centralized visibility.
401
00:15:09,640 –> 00:15:10,640
No lifecycle management.
402
00:15:10,640 –> 00:15:11,960
No documented purpose.
403
00:15:11,960 –> 00:15:13,200
Most triggered every few minutes.
404
00:15:13,200 –> 00:15:14,200
But think about that scale.
405
00:15:14,200 –> 00:15:16,920
11,000 pipelines executing continuously.
406
00:15:16,920 –> 00:15:18,080
Each one making decisions.
407
00:15:18,080 –> 00:15:19,560
Each one integrating systems.
408
00:15:19,560 –> 00:15:22,760
Each one potentially failing in ways nobody anticipated.
409
00:15:22,760 –> 00:15:24,120
The consequence is straightforward.
410
00:15:24,120 –> 00:15:25,440
API throttling.
411
00:15:25,440 –> 00:15:28,440
The systems these flows connect to have rate limits.
412
00:15:28,440 –> 00:15:29,840
SharePoint has throttling.
413
00:15:29,840 –> 00:15:30,840
Dynamics has throttling.
414
00:15:30,840 –> 00:15:31,840
Exchange has throttling.
415
00:15:31,840 –> 00:15:35,840
When 11,000 flows trigger simultaneously, they hit those limits.
416
00:15:35,840 –> 00:15:36,840
Request queue.
417
00:15:36,840 –> 00:15:37,840
Request fail.
418
00:15:37,840 –> 00:15:41,000
The business experience is degraded performance during peak hours because automations
419
00:15:41,000 –> 00:15:45,720
created years ago are now running at scale against systems they were never designed to touch.
420
00:15:45,720 –> 00:15:47,120
Licensing over ages follow.
421
00:15:47,120 –> 00:15:48,840
Power platform licensing is metered.
422
00:15:48,840 –> 00:15:51,360
Some flows consume premium connector licenses.
423
00:15:51,360 –> 00:15:54,800
Some flows consume API calls against your tenant quota.
424
00:15:54,800 –> 00:15:59,640
When you have 11,000 flows, many redundant, many abandoned, many triggering, far more frequently
425
00:15:59,640 –> 00:16:03,600
than necessary, the licensing bill becomes unpredictable.
426
00:16:03,600 –> 00:16:07,960
Organizations often do not realize flow volume until costs start escalating.
427
00:16:07,960 –> 00:16:09,560
Here is the architectural issue.
428
00:16:09,560 –> 00:16:11,560
Those are invisible to governance until they fail.
429
00:16:11,560 –> 00:16:12,800
A flow runs silently.
430
00:16:12,800 –> 00:16:14,240
It executes its automation.
431
00:16:14,240 –> 00:16:15,920
If it succeeds, nobody notices.
432
00:16:15,920 –> 00:16:17,800
If it fails, it might trigger an alert.
433
00:16:17,800 –> 00:16:19,200
It might fail silently.
434
00:16:19,200 –> 00:16:20,760
It might retry automatically.
435
00:16:20,760 –> 00:16:23,200
It might leave data in an inconsistent state.
436
00:16:23,200 –> 00:16:28,000
But the flow itself, its existence, its purpose, its impact remains invisible until something
437
00:16:28,000 –> 00:16:29,000
breaks.
438
00:16:29,000 –> 00:16:31,000
The documentation gap is profound.
439
00:16:31,000 –> 00:16:35,040
In the retail organization audit, most of those 11,000 flows had no owner.
440
00:16:35,040 –> 00:16:36,440
No documented business purpose.
441
00:16:36,440 –> 00:16:37,880
No life cycle policy.
442
00:16:37,880 –> 00:16:39,120
No retirement date.
443
00:16:39,120 –> 00:16:40,760
No success criteria.
444
00:16:40,760 –> 00:16:44,040
Just flows that existed and executed.
445
00:16:44,040 –> 00:16:47,960
When someone asked why does this flow exist, the answer was often unknown.
446
00:16:47,960 –> 00:16:50,600
The person who created it had left the company.
447
00:16:50,600 –> 00:16:52,440
The business needed address had changed.
448
00:16:52,440 –> 00:16:54,960
The system it integrated with had been replaced.
449
00:16:54,960 –> 00:17:00,160
But the flow remained running, consuming API quota, potentially moving data or triggering
450
00:17:00,160 –> 00:17:02,560
actions based on logic nobody remembered.
451
00:17:02,560 –> 00:17:05,600
This is technical debt manifesting as operational drag.
452
00:17:05,600 –> 00:17:08,560
The organization paid for every flow through licensing costs.
453
00:17:08,560 –> 00:17:10,760
They paid for API calls, the flows consumed.
454
00:17:10,760 –> 00:17:11,960
They paid in system load.
455
00:17:11,960 –> 00:17:13,600
They paid in performance degradation.
456
00:17:13,600 –> 00:17:16,680
And they received no visibility into what that payment purchased.
457
00:17:16,680 –> 00:17:21,000
The hidden cost is that organizations often do not realize flow volume until performance
458
00:17:21,000 –> 00:17:22,960
degrades or licensing costs spike.
459
00:17:22,960 –> 00:17:24,240
There is no forcing function.
460
00:17:24,240 –> 00:17:27,120
No alert that says you now have 5,000 flows.
461
00:17:27,120 –> 00:17:31,240
No warning that says this flow has been dormant for six months and should be retired.
462
00:17:31,240 –> 00:17:35,120
No governance dashboard showing which flows are business critical and which are abandoned
463
00:17:35,120 –> 00:17:36,120
experiments.
464
00:17:36,120 –> 00:17:39,720
Those accumulate silently until they create a problem too large to ignore.
465
00:17:39,720 –> 00:17:41,200
This is the flow explosion problem.
466
00:17:41,200 –> 00:17:42,880
Not that flows are bad.
467
00:17:42,880 –> 00:17:44,120
Automation is valuable.
468
00:17:44,120 –> 00:17:47,880
Flows that orchestrate business processes correctly save labor and reduce error.
469
00:17:47,880 –> 00:17:53,360
But flows without life cycle management, without documented purpose, without ownership accountability,
470
00:17:53,360 –> 00:17:56,760
without retirement plans, those flows become hidden operational debt.
471
00:17:56,760 –> 00:17:59,040
The sprawl is invisible until it is catastrophic.
472
00:17:59,040 –> 00:18:01,560
The cost is invisible until it is unaffordable.
473
00:18:01,560 –> 00:18:04,440
The impact is invisible until systems degrade.
474
00:18:04,440 –> 00:18:08,720
And this pattern easy to build invisible until failure costly to remediate creates a specific
475
00:18:08,720 –> 00:18:11,560
financial consequence that organizations eventually discover.
476
00:18:11,560 –> 00:18:13,520
The licensing surprise.
477
00:18:13,520 –> 00:18:17,560
Organizations discover the true cost of unmanaged power platform when the bill arrives.
478
00:18:17,560 –> 00:18:19,240
Power platform licensing is tiered.
479
00:18:19,240 –> 00:18:22,200
There are per user licenses, per app licenses.
480
00:18:22,200 –> 00:18:24,400
Premium connectors carry additional cost.
481
00:18:24,400 –> 00:18:27,840
Dataverse storage is metered, you pay per gigabyte.
482
00:18:27,840 –> 00:18:30,480
Environments beyond a certain number require capacity add-ons.
483
00:18:30,480 –> 00:18:33,160
The pricing model is designed to scale with usage.
484
00:18:33,160 –> 00:18:37,680
And organizations do not anticipate is how quickly that usage scales when governance does not exist.
485
00:18:37,680 –> 00:18:40,040
A multinational company made a strategic decision.
486
00:18:40,040 –> 00:18:42,760
They would enable power platform for citizen development.
487
00:18:42,760 –> 00:18:44,880
They would democratize application building.
488
00:18:44,880 –> 00:18:46,920
They would accelerate digital transformation.
489
00:18:46,920 –> 00:18:48,560
They would reduce IT backlogs.
490
00:18:48,560 –> 00:18:49,800
All of this sounded correct.
491
00:18:49,800 –> 00:18:53,480
All of it aligned with the market narrative around local platforms.
492
00:18:53,480 –> 00:18:58,000
Within two years, power platform became one of the top five SaaS expenses in the organization’s
493
00:18:58,000 –> 00:18:59,200
IT budget.
494
00:18:59,200 –> 00:19:00,200
Here is what happened.
495
00:19:00,200 –> 00:19:01,720
Dataverse storage exploded.
496
00:19:01,720 –> 00:19:03,080
Power apps needed database.
497
00:19:03,080 –> 00:19:04,600
That database is dataverse.
498
00:19:04,600 –> 00:19:07,760
Every app that stores data uses dataverse capacity.
499
00:19:07,760 –> 00:19:12,000
When you have thousands of applications, many storing duplicate data because there is no
500
00:19:12,000 –> 00:19:14,800
data architecture, dataverse usage climbs exponentially.
501
00:19:14,800 –> 00:19:17,560
The organization hit storage limits they had not anticipated.
502
00:19:17,560 –> 00:19:20,680
They purchased additional capacity, then hit those limits again.
503
00:19:20,680 –> 00:19:23,160
Premium connector usage skyrocketed.
504
00:19:23,160 –> 00:19:26,160
Standard connectors, sharepoint teams, outlook are included.
505
00:19:26,160 –> 00:19:30,440
Premium connectors, the ones that connect to specialized systems, external services, API
506
00:19:30,440 –> 00:19:33,160
gateways, require additional licensing.
507
00:19:33,160 –> 00:19:35,920
The organization had approved premium connectors broadly.
508
00:19:35,920 –> 00:19:40,000
Flows that used premium connectors scaled, suddenly the organization needed far more premium
509
00:19:40,000 –> 00:19:43,040
connector licenses than they had budgeted for.
510
00:19:43,040 –> 00:19:45,480
Environments sprawl required additional licensing tiers.
511
00:19:45,480 –> 00:19:48,480
The organization realized they needed more than the default environments.
512
00:19:48,480 –> 00:19:49,880
They created team environments.
513
00:19:49,880 –> 00:19:51,880
They created project specific environments.
514
00:19:51,880 –> 00:19:53,840
They created sandbox environments.
515
00:19:53,840 –> 00:19:57,720
Each environment beyond the initial allocation requires a capacity add on.
516
00:19:57,720 –> 00:19:59,200
The licensing will climb again.
517
00:19:59,200 –> 00:20:01,560
The organization could not answer a basic question.
518
00:20:01,560 –> 00:20:03,080
Which of these costs were justified?
519
00:20:03,080 –> 00:20:05,520
Which applications justified their dataverse storage?
520
00:20:05,520 –> 00:20:07,160
The organization could not tell.
521
00:20:07,160 –> 00:20:09,280
Most applications had no documented business value.
522
00:20:09,280 –> 00:20:10,680
No success metrics.
523
00:20:10,680 –> 00:20:15,080
No measurement of whether the app was solving the problem it was supposed to solve.
524
00:20:15,080 –> 00:20:17,280
Which premium connectors were delivering value?
525
00:20:17,280 –> 00:20:18,760
The organization could not tell.
526
00:20:18,760 –> 00:20:20,560
The new premium connectors were being used.
527
00:20:20,560 –> 00:20:23,880
They did not know which flows used them or why those flows were necessary.
528
00:20:23,880 –> 00:20:25,360
Which environments were essential?
529
00:20:25,360 –> 00:20:26,920
The organization could not tell.
530
00:20:26,920 –> 00:20:30,520
Some environments were legacy created for pilots that had concluded.
531
00:20:30,520 –> 00:20:33,520
Some environments were test environments that had become production.
532
00:20:33,520 –> 00:20:36,920
Some environments were abandoned after projects completed but never deleted.
533
00:20:36,920 –> 00:20:38,240
The visibility gap was total.
534
00:20:38,240 –> 00:20:40,760
The organization had perfect financial visibility.
535
00:20:40,760 –> 00:20:41,680
They could see the bill.
536
00:20:41,680 –> 00:20:43,800
They had zero operational visibility.
537
00:20:43,800 –> 00:20:45,960
They could not map that bill to business value.
538
00:20:45,960 –> 00:20:49,720
The financial impact was approximately two million dollars in unexpected licensing costs
539
00:20:49,720 –> 00:20:50,800
over two years.
540
00:20:50,800 –> 00:20:54,480
Not catastrophic in the context of an enterprise IT budget.
541
00:20:54,480 –> 00:20:56,040
Significant enough to require explanation.
542
00:20:56,040 –> 00:21:00,680
It was possible to justify because the organization had no data connecting costs to outcomes.
543
00:21:00,680 –> 00:21:02,880
Here is the architectural lesson.
544
00:21:02,880 –> 00:21:06,320
Without life cycle management you are paying for assets that do not deliver value.
545
00:21:06,320 –> 00:21:11,800
The organization was paying per gigabyte for data worth storage consumed by abandoned applications.
546
00:21:11,800 –> 00:21:16,000
They were paying for premium connector licenses consumed by flows nobody remembered creating.
547
00:21:16,000 –> 00:21:20,360
They were paying for environments created for projects that had concluded years earlier.
548
00:21:20,360 –> 00:21:22,840
The licensing surprise is not actually about licensing.
549
00:21:22,840 –> 00:21:25,560
It is about the invisible consequence of unmanaged sprawl.
550
00:21:25,560 –> 00:21:29,120
When you deploy a platform without governance when you allow thousands of applications to
551
00:21:29,120 –> 00:21:32,200
accumulate without life cycle management.
552
00:21:32,200 –> 00:21:36,640
When you never retire anything because retirement requires effort you eventually discover that
553
00:21:36,640 –> 00:21:40,200
you are paying for a massive amount of unused capacity.
554
00:21:40,200 –> 00:21:41,360
The bill arrives.
555
00:21:41,360 –> 00:21:43,560
The organization realizes the cost.
556
00:21:43,560 –> 00:21:46,320
They ask which applications justify that cost.
557
00:21:46,320 –> 00:21:49,800
Nobody can answer because nobody has been tracking which applications exist much less
558
00:21:49,800 –> 00:21:51,400
which ones are essential.
559
00:21:51,400 –> 00:21:53,880
This is when organizations typically make a decision.
560
00:21:53,880 –> 00:21:57,840
They either invest in serious governance to clean up the mess or they accept that this is
561
00:21:57,840 –> 00:22:00,080
the cost of enabling citizen development.
562
00:22:00,080 –> 00:22:02,120
Most organizations choose neither immediately.
563
00:22:02,120 –> 00:22:03,120
They freeze spending.
564
00:22:03,120 –> 00:22:05,760
They demand ROI justification for new applications.
565
00:22:05,760 –> 00:22:06,880
They hire a consultant.
566
00:22:06,880 –> 00:22:10,960
They launch a cleanup project and then they discover that cleaning up the mess is far harder
567
00:22:10,960 –> 00:22:13,040
than preventing the mess would have been.
568
00:22:13,040 –> 00:22:14,640
The zombie app problem.
569
00:22:14,640 –> 00:22:17,160
Here is a pattern that appears in every tenant audit.
570
00:22:17,160 –> 00:22:21,280
30 to 50% of applications show zero usage after creation.
571
00:22:21,280 –> 00:22:24,560
Zero, not low usage, not declining usage, no usage at all.
572
00:22:24,560 –> 00:22:25,800
For months, for years.
573
00:22:25,800 –> 00:22:28,480
The application was built, deployed, then abandoned.
574
00:22:28,480 –> 00:22:29,480
But it was never retired.
575
00:22:29,480 –> 00:22:31,400
This is the zombie app problem.
576
00:22:31,400 –> 00:22:34,160
Applications that exist but serve no function.
577
00:22:34,160 –> 00:22:37,160
Applications that consume resources but deliver no value.
578
00:22:37,160 –> 00:22:40,920
Applications that persist in your environment connected to live data, retaining security permissions
579
00:22:40,920 –> 00:22:43,080
creating permanent attack surface.
580
00:22:43,080 –> 00:22:44,080
Why do they persist?
581
00:22:44,080 –> 00:22:45,560
The answer is architectural.
582
00:22:45,560 –> 00:22:48,000
Power Platform has no forced deprecation mechanism.
583
00:22:48,000 –> 00:22:49,920
There is no automatic retirement policy.
584
00:22:49,920 –> 00:22:54,200
There is no system that says this application has had zero usage for 90 days.
585
00:22:54,200 –> 00:22:55,760
It will be deactivated.
586
00:22:55,760 –> 00:22:57,960
There is no enforcement that requires ownership.
587
00:22:57,960 –> 00:23:00,320
There is no policy that forces a business justification.
588
00:23:00,320 –> 00:23:03,760
The application simply remains connected, accessible, running.
589
00:23:03,760 –> 00:23:06,200
Zombie apps exist for predictable reasons.
590
00:23:06,200 –> 00:23:08,560
A team builds an application to solve a specific problem.
591
00:23:08,560 –> 00:23:09,640
The problem gets solved.
592
00:23:09,640 –> 00:23:10,960
The business need changes.
593
00:23:10,960 –> 00:23:13,560
The person who built the application leaves the company.
594
00:23:13,560 –> 00:23:16,200
The project concludes the application becomes irrelevant.
595
00:23:16,200 –> 00:23:20,800
But it is never formally retired because retirement requires administrative action.
596
00:23:20,800 –> 00:23:24,320
Retirement requires someone to decide the application is no longer needed.
597
00:23:24,320 –> 00:23:27,160
Retirement requires someone to take responsibility for deactivation.
598
00:23:27,160 –> 00:23:31,080
In the absence of a formal life cycle policy, retirement does not happen.
599
00:23:31,080 –> 00:23:32,880
The application remains in the environment.
600
00:23:32,880 –> 00:23:35,040
Accessible, connected to data sources.
601
00:23:35,040 –> 00:23:37,000
Retaining the permissions it was created with.
602
00:23:37,000 –> 00:23:38,360
A permanently dormant asset.
603
00:23:38,360 –> 00:23:39,600
The risk is straightforward.
604
00:23:39,600 –> 00:23:42,120
A zombie application remains connected to live data.
605
00:23:42,120 –> 00:23:46,280
If that application is ever re-activated because a user remembers it exists or because someone
606
00:23:46,280 –> 00:23:51,280
restores it or because an automated process re-enables it, it connects to whatever data
607
00:23:51,280 –> 00:23:54,160
sources it was originally configured to reach.
608
00:23:54,160 –> 00:23:58,280
Those data sources may have changed in the years since the application was abandoned.
609
00:23:58,280 –> 00:24:00,520
The application may now have permission to access data.
610
00:24:00,520 –> 00:24:02,400
It was never intended to touch.
611
00:24:02,400 –> 00:24:05,160
Zombie applications retain security permissions.
612
00:24:05,160 –> 00:24:08,000
The application was created with specific access rights.
613
00:24:08,000 –> 00:24:11,920
Those permissions remain if the application is inadvertently activated or if someone
614
00:24:11,920 –> 00:24:14,360
modifies it, those permissions are still in place.
615
00:24:14,360 –> 00:24:18,040
A security review may have been performed when the application was created.
616
00:24:18,040 –> 00:24:20,240
No review occurred in the years it was dormant.
617
00:24:20,240 –> 00:24:23,160
The security posture of the surrounding systems may have changed.
618
00:24:23,160 –> 00:24:26,000
The application’s permissions may no longer be appropriate.
619
00:24:26,000 –> 00:24:27,920
This creates long-term attack surface.
620
00:24:27,920 –> 00:24:30,800
Every zombie application is a potential vector for compromise.
621
00:24:30,800 –> 00:24:34,520
An attacker who gains access to the application gains the permissions that application was
622
00:24:34,520 –> 00:24:35,520
granted.
623
00:24:35,520 –> 00:24:39,800
An attacker who understands what data the application can reach gains visibility into sensitive
624
00:24:39,800 –> 00:24:40,960
systems.
625
00:24:40,960 –> 00:24:44,960
An attacker who activates a dormant application may trigger automations or data movements
626
00:24:44,960 –> 00:24:47,040
that have not been validated in years.
627
00:24:47,040 –> 00:24:48,400
The operational cost is hidden.
628
00:24:48,400 –> 00:24:50,720
It must maintain zombie applications.
629
00:24:50,720 –> 00:24:53,560
Must patch them if they are part of a managed solution.
630
00:24:53,560 –> 00:24:55,560
Must monitor them for compliance audits.
631
00:24:55,560 –> 00:24:58,680
Must answer questions about what they do and why they exist.
632
00:24:58,680 –> 00:25:01,600
Must eventually decide whether to keep them or delete them.
633
00:25:01,600 –> 00:25:05,960
All of this effort is consumed by applications delivering zero business value.
634
00:25:05,960 –> 00:25:10,320
The architectural failure is that power platform treats application lifecycle as optional.
635
00:25:10,320 –> 00:25:14,280
An application created in PowerApps exists forever unless explicitly deleted.
636
00:25:14,280 –> 00:25:15,960
There is no concept of deprecation.
637
00:25:15,960 –> 00:25:19,360
No concept of automatic retirement based on usage metrics.
638
00:25:19,360 –> 00:25:22,800
No concept of mandatory review after a period of inactivity.
639
00:25:22,800 –> 00:25:25,800
The platform allows applications to accumulate indefinitely.
640
00:25:25,800 –> 00:25:29,240
This is fundamentally different from enterprise software systems.
641
00:25:29,240 –> 00:25:32,520
Traditional application portfolios have lifecycle management.
642
00:25:32,520 –> 00:25:34,160
Applications are flagged for review.
643
00:25:34,160 –> 00:25:37,640
Applications showing no usage trigger notifications to stakeholders.
644
00:25:37,640 –> 00:25:39,880
Applications are retired after they reach end of life.
645
00:25:39,880 –> 00:25:43,600
The organization actively manages what runs and what does not.
646
00:25:43,600 –> 00:25:45,640
Power platform inverts this.
647
00:25:45,640 –> 00:25:49,240
Applications are created and persist forever unless actively removed.
648
00:25:49,240 –> 00:25:54,440
The organization must continuously expand effort to clean up applications nobody uses.
649
00:25:54,440 –> 00:25:59,840
The zombie app problem is the consequence of treating power platform as a tool rather than a platform.
650
00:25:59,840 –> 00:26:01,640
A tool you use and discard.
651
00:26:01,640 –> 00:26:04,160
A platform you must actively manage for its lifetime.
652
00:26:04,160 –> 00:26:09,240
These individual failures, the default environment sprawl, the connector governance gap, the flow explosion,
653
00:26:09,240 –> 00:26:13,360
the licensing surprises, the zombie applications are not isolated problems.
654
00:26:13,360 –> 00:26:15,840
They are symptoms of a deeper architectural issue.
655
00:26:15,840 –> 00:26:19,360
An organization has distributed development authority without distributing the governance
656
00:26:19,360 –> 00:26:20,560
that development requires.
657
00:26:20,560 –> 00:26:25,680
It is enabling unlimited application creation without any mechanism for application deprecation.
658
00:26:25,680 –> 00:26:29,880
It is building a platform on the assumption that users will self-regulate their behavior.
659
00:26:29,880 –> 00:26:32,240
That assumption is not architecture, that is hope.
660
00:26:32,240 –> 00:26:33,520
And hope does not scale.
661
00:26:33,520 –> 00:26:38,480
When these patterns compound when they interact with each other, the system reaches a critical threshold.
662
00:26:38,480 –> 00:26:43,360
An organization with thousands of applications, thousands of flows, hundreds of zombie assets,
663
00:26:43,360 –> 00:26:48,480
all consuming licensing costs, all creating security surface, all requiring governance effort,
664
00:26:48,480 –> 00:26:51,680
reaches a point where the platform becomes unmanageable.
665
00:26:51,680 –> 00:26:53,080
Shadow IT 2.0.
666
00:26:53,080 –> 00:26:54,880
Shadow IT has a traditional definition.
667
00:26:54,880 –> 00:26:59,560
Unauthorized test tools, dropbox when IT standardized on one drive, slack when the organization
668
00:26:59,560 –> 00:27:00,560
approved teams.
669
00:27:00,560 –> 00:27:05,120
Trello, when IT said to use project online, sales force when the company mandated dynamics,
670
00:27:05,120 –> 00:27:07,760
these were the classic Shadow IT violations.
671
00:27:07,760 –> 00:27:13,080
So these used tools IT did not approve because those tools solved problems faster than approved solutions.
672
00:27:13,080 –> 00:27:17,400
The security and compliance teams fought Shadow IT for decades, blocked the tool, disabled
673
00:27:17,400 –> 00:27:21,280
the account, right policy prohibiting unsanctioned applications.
674
00:27:21,280 –> 00:27:24,440
Shadow IT persisted because the underlying motivation was real.
675
00:27:24,440 –> 00:27:25,680
Users had genuine problems.
676
00:27:25,680 –> 00:27:28,880
Approved solutions were too slow, too expensive, too rigid.
677
00:27:28,880 –> 00:27:31,760
So they used unauthorized tools and hope nobody noticed.
678
00:27:31,760 –> 00:27:35,880
By 2024, Shadow IT accounted for 30% to 40% of enterprise IT spending.
679
00:27:35,880 –> 00:27:40,900
Shadow rounding error, 30% to 40% of the entire IT budget was consumed by tools and services
680
00:27:40,900 –> 00:27:42,600
nobody formally approved.
681
00:27:42,600 –> 00:27:44,120
That is the scale of the problem.
682
00:27:44,120 –> 00:27:46,600
Power Platform creates a new variant of Shadow IT.
683
00:27:46,600 –> 00:27:48,920
The platform is authorized, the governance is not.
684
00:27:48,920 –> 00:27:50,880
Here is the distinction that matters.
685
00:27:50,880 –> 00:27:53,840
Shadow IT traditionally meant unauthorized tools.
686
00:27:53,840 –> 00:27:57,600
Shadow IT 2.0 means an authorized platform used without authorization.
687
00:27:57,600 –> 00:27:58,840
The platform is approved.
688
00:27:58,840 –> 00:28:02,280
Power Platform is part of Microsoft 365, the organization enabled it.
689
00:28:02,280 –> 00:28:03,280
Users can build in it.
690
00:28:03,280 –> 00:28:07,900
The applications themselves, the ways the platform is used, the integrations users create,
691
00:28:07,900 –> 00:28:10,600
the data they move, those operate without governance.
692
00:28:10,600 –> 00:28:12,920
This is authorized Shadow IT, the platform is legitimate.
693
00:28:12,920 –> 00:28:14,400
The usage is uncontrolled.
694
00:28:14,400 –> 00:28:17,400
Consider what happens when a user creates a Power Apps environment.
695
00:28:17,400 –> 00:28:20,920
Not the default environment, a dedicated personal environment they request.
696
00:28:20,920 –> 00:28:24,360
The organization approves the request because Power Platform is approved.
697
00:28:24,360 –> 00:28:28,160
The user now has their own development environment, their own dataverse database, their own
698
00:28:28,160 –> 00:28:30,840
connector integrations, their own automation rules.
699
00:28:30,840 –> 00:28:34,800
A single free trial workspace generates roughly three API tokens.
700
00:28:34,800 –> 00:28:39,360
Two unmanaged credentials stored somewhere, possibly in the app, possibly in a notes application,
701
00:28:39,360 –> 00:28:44,320
possibly written on a sticky note, one-oh-orth grant that bypasses multi-factor authentication
702
00:28:44,320 –> 00:28:48,760
because the grant was created before MFA policies existed and nobody reviewed the grant
703
00:28:48,760 –> 00:28:49,760
afterward.
704
00:28:49,760 –> 00:28:55,200
An organization with 291 hidden Power Platform workspaces, not in the tenants official inventory
705
00:28:55,200 –> 00:28:57,640
but discoverable if you know where to look.
706
00:28:57,640 –> 00:29:02,240
There are 1700 secrets floating around in unmanaged environments.
707
00:29:02,240 –> 00:29:06,560
Credentials, API tokens, O-orth grants, all outside normal credential management, all
708
00:29:06,560 –> 00:29:10,720
potentially accessible to compromised users, all potentially exposed if someone backs
709
00:29:10,720 –> 00:29:13,200
up the application and sends it to the wrong person.
710
00:29:13,200 –> 00:29:15,080
The governance gap is profound.
711
00:29:15,080 –> 00:29:18,920
Organizations believe Power Platform is governed because it is inside Microsoft 365.
712
00:29:18,920 –> 00:29:20,680
It is subject to security policies.
713
00:29:20,680 –> 00:29:22,440
It is covered by compliance frameworks.
714
00:29:22,440 –> 00:29:23,440
It is IT approved.
715
00:29:23,440 –> 00:29:24,440
None of this is false.
716
00:29:24,440 –> 00:29:27,000
Power Platform is governed at the platform level.
717
00:29:27,000 –> 00:29:30,840
But the individual applications and integrations users create inside the platform are not
718
00:29:30,840 –> 00:29:32,200
necessarily governed.
719
00:29:32,200 –> 00:29:35,520
Default environment access means most users are effectively developers.
720
00:29:35,520 –> 00:29:39,240
They can create applications, integrations, automations, they can store secrets, they
721
00:29:39,240 –> 00:29:42,240
can move data, they can connect external services.
722
00:29:42,240 –> 00:29:46,960
All of this is possible without security review, without compliance assessment, without IT
723
00:29:46,960 –> 00:29:49,480
oversight, without anyone knowing it is happening.
724
00:29:49,480 –> 00:29:51,560
The consequence is that shadow it evolved.
725
00:29:51,560 –> 00:29:52,520
It did not disappear.
726
00:29:52,520 –> 00:29:53,520
It transformed.
727
00:29:53,520 –> 00:30:00,920
Shadow it is now authorised platform, unauthorised usage.
728
00:30:00,920 –> 00:30:04,760
The organisation approved Power Platform uses are using Power Platform to do things the
729
00:30:04,760 –> 00:30:06,280
organisation never intended.
730
00:30:06,280 –> 00:30:07,760
They are creating integrations.
731
00:30:07,760 –> 00:30:09,680
The organisation never assessed.
732
00:30:09,680 –> 00:30:11,480
They are moving data in patents.
733
00:30:11,480 –> 00:30:12,480
Nobody documented.
734
00:30:12,480 –> 00:30:16,120
They are storing credentials in patents that violate security policy.
735
00:30:16,120 –> 00:30:17,440
This is shadow IT 2.0.
736
00:30:17,440 –> 00:30:18,600
The platform is legitimate.
737
00:30:18,600 –> 00:30:20,360
The governance is missing.
738
00:30:20,360 –> 00:30:23,760
It is respond by treating Power Platform like a productivity tool.
739
00:30:23,760 –> 00:30:28,360
They believe that because Power Platform is inside Microsoft 365, the security of Microsoft
740
00:30:28,360 –> 00:30:29,760
365 covers it.
741
00:30:29,760 –> 00:30:31,240
That DLP policy is protected.
742
00:30:31,240 –> 00:30:33,000
That conditional access controls it.
743
00:30:33,000 –> 00:30:34,800
That audit logs capture what matters.
744
00:30:34,800 –> 00:30:38,280
None of these assumptions are wrong, but they are incomplete.
745
00:30:38,280 –> 00:30:43,640
Because users are building applications and applications require application level governance.
746
00:30:43,640 –> 00:30:47,200
Security at the platform level does not prevent poorly designed applications.
747
00:30:47,200 –> 00:30:52,760
DLP at the tenant level does not prevent individual flows from moving data inappropriately.
748
00:30:52,760 –> 00:30:58,160
Conditional access controls user identity, not what an automated process does after authenticating.
749
00:30:58,160 –> 00:31:03,520
Shadow IT 2.0 is the gap between platform level governance and application level governance.
750
00:31:03,520 –> 00:31:05,360
The organisation governs the platform.
751
00:31:05,360 –> 00:31:06,440
Users build applications.
752
00:31:06,440 –> 00:31:11,120
The applications operate in the gap between those two layers, visible to neither.
753
00:31:11,120 –> 00:31:12,760
Technical debt in low code.
754
00:31:12,760 –> 00:31:14,640
Technical debt is a financial metaphor.
755
00:31:14,640 –> 00:31:18,720
It can’t have introduced to describe the future costs of shortcuts in software development.
756
00:31:18,720 –> 00:31:20,320
You prioritize speed today.
757
00:31:20,320 –> 00:31:21,320
You cut corners.
758
00:31:21,320 –> 00:31:22,320
You defer design work.
759
00:31:22,320 –> 00:31:23,640
You skip documentation.
760
00:31:23,640 –> 00:31:25,120
You build something that works now.
761
00:31:25,120 –> 00:31:26,560
In exchange, you incur a debt.
762
00:31:26,560 –> 00:31:27,720
That debt accrues interest.
763
00:31:27,720 –> 00:31:30,040
The interest is paid in maintenance costs.
764
00:31:30,040 –> 00:31:32,400
The interest is paid in bugs that multiply.
765
00:31:32,400 –> 00:31:37,360
The interest is paid in the effort required to change things that were never designed to change.
766
00:31:37,360 –> 00:31:41,000
In traditional software development, technical debt manifests as code debt.
767
00:31:41,000 –> 00:31:45,440
Poorly written functions, missing test coverage, brittle architectures, deprecated libraries.
768
00:31:45,440 –> 00:31:47,480
When you have code debt, developers see it.
769
00:31:47,480 –> 00:31:48,560
The code is right there.
770
00:31:48,560 –> 00:31:49,800
The complexity is visible.
771
00:31:49,800 –> 00:31:54,720
A developer reading a function with poor structure recognizes the debt immediately.
772
00:31:54,720 –> 00:31:56,640
Compiler warning surface the problem.
773
00:31:56,640 –> 00:31:59,600
Static analysis tools identify code smell.
774
00:31:59,600 –> 00:32:00,600
That is visible.
775
00:32:00,600 –> 00:32:01,920
Low code technical debt is different.
776
00:32:01,920 –> 00:32:03,920
It is implementation debt, not code debt.
777
00:32:03,920 –> 00:32:08,640
Poor solution structures, inconsistent patterns, missing documentation, data models that were
778
00:32:08,640 –> 00:32:09,960
never normalised.
779
00:32:09,960 –> 00:32:13,840
Regulations that were never architected, automations that were never designed to work at scale.
780
00:32:13,840 –> 00:32:16,480
The debt is invisible because the code is invisible.
781
00:32:16,480 –> 00:32:18,480
The platform hides the implementation.
782
00:32:18,480 –> 00:32:20,200
Users see the app, they see it works.
783
00:32:20,200 –> 00:32:23,880
They have no sense, they just accumulated years of maintenance burden.
784
00:32:23,880 –> 00:32:25,600
Here is what this looks like in practice.
785
00:32:25,600 –> 00:32:27,960
An application works beautifully on day one.
786
00:32:27,960 –> 00:32:29,840
A citizen developer built it in two weeks.
787
00:32:29,840 –> 00:32:31,840
The business user who requested it is delighted.
788
00:32:31,840 –> 00:32:33,200
The app solves the problem.
789
00:32:33,200 –> 00:32:35,200
It is performant, it is clean, it does the job.
790
00:32:35,200 –> 00:32:36,720
By day 90, the app still works.
791
00:32:36,720 –> 00:32:39,920
By day 365, the app is a fragile house of cards.
792
00:32:39,920 –> 00:32:43,960
Adding a single new feature requires understanding a tangle of undocumented logic.
793
00:32:43,960 –> 00:32:47,680
Performance is degrading because the database was never normalised.
794
00:32:47,680 –> 00:32:49,600
The data model was never reviewed.
795
00:32:49,600 –> 00:32:53,480
The app stores duplicate data across three different dataverse tables because the original
796
00:32:53,480 –> 00:32:55,720
builder did not understand relational design.
797
00:32:55,720 –> 00:32:57,800
Changing anything risks breaking something else.
798
00:32:57,800 –> 00:32:59,640
The organization faces a choice.
799
00:32:59,640 –> 00:33:02,160
Maintain the fragile application or rewrite it.
800
00:33:02,160 –> 00:33:03,720
Most organizations choose rewrite.
801
00:33:03,720 –> 00:33:05,880
They lose years of accumulated functionality.
802
00:33:05,880 –> 00:33:08,880
They lose the tribal knowledge about what the application actually does.
803
00:33:08,880 –> 00:33:10,280
They rebuild from scratch.
804
00:33:10,280 –> 00:33:14,160
And the rebuilt application, absent proper governance, follows the same pattern.
805
00:33:14,160 –> 00:33:15,680
Works beautifully at first.
806
00:33:15,680 –> 00:33:17,000
Accumulates that silently.
807
00:33:17,000 –> 00:33:18,640
Becomes unmentable within two years.
808
00:33:18,640 –> 00:33:21,680
Here is the compounding effect that most organizations do not anticipate.
809
00:33:21,680 –> 00:33:23,320
The first application accumulates that.
810
00:33:23,320 –> 00:33:24,800
The maintenance burden grows.
811
00:33:24,800 –> 00:33:27,680
The organization does not notice because the application still works.
812
00:33:27,680 –> 00:33:29,280
The second application is built.
813
00:33:29,280 –> 00:33:30,280
Same pattern.
814
00:33:30,280 –> 00:33:31,800
The third application, the fourth.
815
00:33:31,800 –> 00:33:35,600
By the tenth application, the organization now has ten fragile systems.
816
00:33:35,600 –> 00:33:38,240
Each accumulating maintenance burden independently.
817
00:33:38,240 –> 00:33:40,400
It’s requiring exponential effort to modify.
818
00:33:40,400 –> 00:33:43,440
Each becoming more expensive to maintain than to replace.
819
00:33:43,440 –> 00:33:47,360
The real pattern organizations observe is that critical failures happen after two to
820
00:33:47,360 –> 00:33:49,680
three years of unmanaged power platform growth.
821
00:33:49,680 –> 00:33:50,680
Not immediately.
822
00:33:50,680 –> 00:33:52,560
The first six months are glorious.
823
00:33:52,560 –> 00:33:54,120
The platform works.
824
00:33:54,120 –> 00:33:55,320
Applications are built in weeks.
825
00:33:55,320 –> 00:33:56,320
Users love the speed.
826
00:33:56,320 –> 00:33:57,600
Leadership loves the velocity.
827
00:33:57,600 –> 00:34:02,760
Then gradually, systems that worked perfectly start requiring more and more effort to change.
828
00:34:02,760 –> 00:34:06,240
Features that should take a week now take a month because understanding the existing application
829
00:34:06,240 –> 00:34:09,000
requires reverse engineering undocumented logic.
830
00:34:09,000 –> 00:34:12,200
The architectural issue is that low-code platforms hide the debt.
831
00:34:12,200 –> 00:34:15,680
In traditional development, a compiler forces you to confront problems.
832
00:34:15,680 –> 00:34:18,320
A type system catches errors before runtime.
833
00:34:18,320 –> 00:34:20,480
Static analysis identifies complexity.
834
00:34:20,480 –> 00:34:22,080
Code review surface issues.
835
00:34:22,080 –> 00:34:24,320
None of these mechanisms exist in low-code.
836
00:34:24,320 –> 00:34:27,280
An application compiles successfully because there is no compiler.
837
00:34:27,280 –> 00:34:29,560
The platform does not enforce naming conventions.
838
00:34:29,560 –> 00:34:31,320
The platform does not require documentation.
839
00:34:31,320 –> 00:34:33,280
The platform does not flag complexity.
840
00:34:33,280 –> 00:34:37,440
An application can be a complete architectural disaster and still run without warnings.
841
00:34:37,440 –> 00:34:38,840
This is why the debt is invisible.
842
00:34:38,840 –> 00:34:39,840
The system works.
843
00:34:39,840 –> 00:34:42,120
There is no signal that debt is accumulating.
844
00:34:42,120 –> 00:34:43,120
No compilation errors.
845
00:34:43,120 –> 00:34:44,120
No performance warnings.
846
00:34:44,120 –> 00:34:45,760
No architectural alerts.
847
00:34:45,760 –> 00:34:47,000
The application functions.
848
00:34:47,000 –> 00:34:49,760
So the organization assumes the application is healthy.
849
00:34:49,760 –> 00:34:53,440
Then two years later, the organization discovers that maintaining the application costs more
850
00:34:53,440 –> 00:34:57,160
than rebuilding it and the knowledge required to rebuild it has walked out the door with
851
00:34:57,160 –> 00:34:59,200
departed staff members.
852
00:34:59,200 –> 00:35:02,760
Technical debt in low-code is perhaps the most pernicious form of technical debt because
853
00:35:02,760 –> 00:35:08,320
it accrues silently invisibly until the organization discovers it is no longer paying for maintenance.
854
00:35:08,320 –> 00:35:11,120
The organization is paying for architectural rewrite.
855
00:35:11,120 –> 00:35:15,080
This debt accumulates because governance models systematically fail to prevent it.
856
00:35:15,080 –> 00:35:18,120
Most organizations implement governance that is reactive, not preventive.
857
00:35:18,120 –> 00:35:19,520
They observe problems and respond.
858
00:35:19,520 –> 00:35:22,120
By that point, the debt is already embedded in the system.
859
00:35:22,120 –> 00:35:24,480
Why standard governance models fail?
860
00:35:24,480 –> 00:35:28,200
Most organizations understand that power platform requires governance.
861
00:35:28,200 –> 00:35:30,000
They recognize the problems we have described.
862
00:35:30,000 –> 00:35:33,560
They respond by implementing what the market calls a center of excellence.
863
00:35:33,560 –> 00:35:35,560
A center of excellence is a governance team.
864
00:35:35,560 –> 00:35:40,040
Typically staffed by a power platform admin, a security lead and a few advocates from
865
00:35:40,040 –> 00:35:41,040
the business.
866
00:35:41,040 –> 00:35:42,480
The COE publishes policies.
867
00:35:42,480 –> 00:35:44,360
The COE maintains a governance dashboard.
868
00:35:44,360 –> 00:35:46,360
The COE tracks application inventory.
869
00:35:46,360 –> 00:35:48,000
The COE runs training programs.
870
00:35:48,000 –> 00:35:50,880
The COE tries to establish standards and encourage compliance.
871
00:35:50,880 –> 00:35:51,880
This is reasonable.
872
00:35:51,880 –> 00:35:53,720
The COE provides real value.
873
00:35:53,720 –> 00:35:57,800
Organizations with mature centers of excellence achieve meaningful improvements in visibility.
874
00:35:57,800 –> 00:35:59,480
They know how many applications exist.
875
00:35:59,480 –> 00:36:00,560
They know who owns them.
876
00:36:00,560 –> 00:36:03,080
They can see which flows are consuming API quota.
877
00:36:03,080 –> 00:36:05,000
They can track data of a storage consumption.
878
00:36:05,000 –> 00:36:06,800
They can identify zombie applications.
879
00:36:06,800 –> 00:36:08,320
They can measure adoption velocity.
880
00:36:08,320 –> 00:36:09,400
All of this is useful.
881
00:36:09,400 –> 00:36:10,400
It is observability.
882
00:36:10,400 –> 00:36:12,480
Visibility into what is happening.
883
00:36:12,480 –> 00:36:16,240
But here is the critical distinction that most organizations miss.
884
00:36:16,240 –> 00:36:17,920
Observability is not enforcement.
885
00:36:17,920 –> 00:36:20,120
A center of excellence is an observability tool.
886
00:36:20,120 –> 00:36:21,120
It sees the problem.
887
00:36:21,120 –> 00:36:22,120
It does not prevent the problem.
888
00:36:22,120 –> 00:36:25,240
Here is the failure pattern that repeats across enterprises.
889
00:36:25,240 –> 00:36:27,320
An organization implements a mature COE.
890
00:36:27,320 –> 00:36:28,880
They build governance dashboards.
891
00:36:28,880 –> 00:36:29,880
They create policies.
892
00:36:29,880 –> 00:36:32,040
They define life cycle management processes.
893
00:36:32,040 –> 00:36:33,040
They train makers.
894
00:36:33,040 –> 00:36:34,360
They do everything right.
895
00:36:34,360 –> 00:36:37,040
And then they discover that sprawl continues.
896
00:36:37,040 –> 00:36:38,040
Application still accumulate.
897
00:36:38,040 –> 00:36:39,200
Flow still proliferate.
898
00:36:39,200 –> 00:36:42,080
The default environment still fills with unmanaged applications.
899
00:36:42,080 –> 00:36:43,080
Why?
900
00:36:43,080 –> 00:36:44,800
Because the COE has no authority to prevent these things.
901
00:36:44,800 –> 00:36:47,040
The COE can identify a zombie application.
902
00:36:47,040 –> 00:36:49,040
The COE cannot automatically retire it.
903
00:36:49,040 –> 00:36:51,120
The COE can recommend environment strategy.
904
00:36:51,120 –> 00:36:53,600
The COE cannot force makers to use the strategy.
905
00:36:53,600 –> 00:36:56,160
The COE can ask for application documentation.
906
00:36:56,160 –> 00:36:59,200
The COE cannot block an undocumented application from running.
907
00:36:59,200 –> 00:37:00,960
COE recommendations are advisory.
908
00:37:00,960 –> 00:37:03,000
They lack enforcement.
909
00:37:03,000 –> 00:37:06,400
An organization with a mature COE still experiences sprawl.
910
00:37:06,400 –> 00:37:08,440
Because COE governance assumes compliance.
911
00:37:08,440 –> 00:37:11,160
COE assumes that if you tell people the right way to behave,
912
00:37:11,160 –> 00:37:12,280
people will behave that way.
913
00:37:12,280 –> 00:37:13,920
This assumption fails consistently.
914
00:37:13,920 –> 00:37:15,360
Consider environment strategy.
915
00:37:15,360 –> 00:37:18,640
Most organizations understand that they should segment environments,
916
00:37:18,640 –> 00:37:22,160
default for personal productivity, team environments for shared solutions,
917
00:37:22,160 –> 00:37:24,880
production environments for business critical applications,
918
00:37:24,880 –> 00:37:27,720
clean separation, clear boundaries, good architecture.
919
00:37:27,720 –> 00:37:28,720
Then they implement it.
920
00:37:28,720 –> 00:37:30,040
They create the environments.
921
00:37:30,040 –> 00:37:31,160
They publish the strategy.
922
00:37:31,160 –> 00:37:32,880
They tell makers where to build.
923
00:37:32,880 –> 00:37:35,240
And they leave the default environment accessible.
924
00:37:35,240 –> 00:37:38,400
Because restricting the default environment requires effort.
925
00:37:38,400 –> 00:37:39,880
Requires updating environment roles.
926
00:37:39,880 –> 00:37:42,520
Requires communicating to users that the default environment
927
00:37:42,520 –> 00:37:44,840
is no longer available for shared applications.
928
00:37:44,840 –> 00:37:46,840
Requires managing the exceptions and requests
929
00:37:46,840 –> 00:37:48,280
that will inevitably follow.
930
00:37:48,280 –> 00:37:52,080
So the default environment remains open, accessible, frictionless.
931
00:37:52,080 –> 00:37:55,080
And makers, when faced with the choice between following the strategy
932
00:37:55,080 –> 00:37:58,240
and taking the frictionless path, choose friction avoidance.
933
00:37:58,240 –> 00:37:59,800
They build in the default environment.
934
00:37:59,800 –> 00:38:02,120
The environment strategy collapses in practice
935
00:38:02,120 –> 00:38:05,080
because the organization never enforced it architecturally.
936
00:38:05,080 –> 00:38:06,760
DLP policies follow the same pattern.
937
00:38:06,760 –> 00:38:08,560
Organizations create DLP rules.
938
00:38:08,560 –> 00:38:11,800
No high-risk connectors in the same flow as sensitive data connectors.
939
00:38:11,800 –> 00:38:14,560
No personal cloud storage connectors moving sharepoint data.
940
00:38:14,560 –> 00:38:15,480
Good rules.
941
00:38:15,480 –> 00:38:17,000
Reasonable restrictions.
942
00:38:17,000 –> 00:38:18,840
Then the organization implements them.
943
00:38:18,840 –> 00:38:21,040
And discovers that enforcement is inconsistent.
944
00:38:21,040 –> 00:38:24,240
DLP policies apply in some environments and not others.
945
00:38:24,240 –> 00:38:26,960
They apply to new flows, but not to existing flows.
946
00:38:26,960 –> 00:38:30,120
A maker violates a DLP rule and the policy blocks the flow,
947
00:38:30,120 –> 00:38:31,800
so the maker requests an exception.
948
00:38:31,800 –> 00:38:33,520
The COE reviews the exception.
949
00:38:33,520 –> 00:38:34,520
The exception is granted.
950
00:38:34,520 –> 00:38:36,120
The DLP policy is circumvented.
951
00:38:36,120 –> 00:38:39,080
The organization now has a DLP policy that is technically enforced,
952
00:38:39,080 –> 00:38:40,480
but practically circumvented.
953
00:38:40,480 –> 00:38:43,640
The policy exists, but exceptions have undermined the policy.
954
00:38:43,640 –> 00:38:45,880
One policy exception becomes two becomes 10.
955
00:38:45,880 –> 00:38:48,200
The policy that was supposed to prevent data leakage
956
00:38:48,200 –> 00:38:51,320
is now advisory because exceptions made it unenforceable.
957
00:38:51,320 –> 00:38:53,640
ALM pipelines follow the same pattern.
958
00:38:53,640 –> 00:38:55,960
Organizations understand that production applications
959
00:38:55,960 –> 00:38:58,720
should use managed solutions and deployment pipelines.
960
00:38:58,720 –> 00:38:59,240
Good practice.
961
00:38:59,240 –> 00:39:00,320
So they build the pipelines.
962
00:39:00,320 –> 00:39:02,280
They configure dev test-prod environments.
963
00:39:02,280 –> 00:39:03,680
They set up the automation.
964
00:39:03,680 –> 00:39:05,840
They tell makers use the pipeline.
965
00:39:05,840 –> 00:39:07,880
And they discover that citizen developers
966
00:39:07,880 –> 00:39:11,480
think the pipeline is too complex, too many steps, too much overhead.
967
00:39:11,480 –> 00:39:13,320
The pipeline process feels like bureaucracy.
968
00:39:13,320 –> 00:39:14,680
So makers skip the pipeline.
969
00:39:14,680 –> 00:39:16,120
They export the solution manually.
970
00:39:16,120 –> 00:39:17,960
They import it directly into production.
971
00:39:17,960 –> 00:39:19,680
They bypass the governance process.
972
00:39:19,680 –> 00:39:22,480
The organization now has a pipeline that exists,
973
00:39:22,480 –> 00:39:25,120
but is unused because the makers chose to bypass it.
974
00:39:25,120 –> 00:39:26,640
The governance infrastructure is there.
975
00:39:26,640 –> 00:39:28,120
The governance is not enforced.
976
00:39:28,120 –> 00:39:29,480
The root cause is architectural.
977
00:39:29,480 –> 00:39:31,120
These governance models all assume
978
00:39:31,120 –> 00:39:32,520
that compliance is a choice.
979
00:39:32,520 –> 00:39:35,120
Organizations assume that if you provide the right information,
980
00:39:35,120 –> 00:39:37,320
publish the right policies and build the right tools,
981
00:39:37,320 –> 00:39:39,240
people will comply voluntarily.
982
00:39:39,240 –> 00:39:41,200
But compliance is not a choice in architecture.
983
00:39:41,200 –> 00:39:43,040
Architecture enforces outcomes.
984
00:39:43,040 –> 00:39:45,480
A firewall does not ask packets to stay out.
985
00:39:45,480 –> 00:39:46,200
It blocks them.
986
00:39:46,200 –> 00:39:48,200
The database constraint does not recommend
987
00:39:48,200 –> 00:39:49,520
referential integrity.
988
00:39:49,520 –> 00:39:50,280
It enforces it.
989
00:39:50,280 –> 00:39:52,480
A compiler does not suggest type safety.
990
00:39:52,480 –> 00:39:54,520
It prevents non-type safe code from running.
991
00:39:54,520 –> 00:39:56,240
When you move from governance to architecture,
992
00:39:56,240 –> 00:39:58,280
you move from advisory to enforcement.
993
00:39:58,280 –> 00:40:00,120
You move from, we recommend this,
994
00:40:00,120 –> 00:40:02,520
to the system prevents the alternative.
995
00:40:02,520 –> 00:40:04,320
This is the distinction that matters.
996
00:40:04,320 –> 00:40:05,880
The governance reality check.
997
00:40:05,880 –> 00:40:08,320
Organizations need to reframe power platform,
998
00:40:08,320 –> 00:40:11,400
not as a productivity layer, not as a democratization tool,
999
00:40:11,400 –> 00:40:13,240
not as something you enable for the business
1000
00:40:13,240 –> 00:40:15,400
and hope users operate responsibly.
1001
00:40:15,400 –> 00:40:17,120
Power platform is a development platform
1002
00:40:17,120 –> 00:40:18,840
that reframing changes everything.
1003
00:40:18,840 –> 00:40:21,520
A development platform requires architecture discipline.
1004
00:40:21,520 –> 00:40:23,520
You would not allow developers to deploy code
1005
00:40:23,520 –> 00:40:25,440
to production without version control.
1006
00:40:25,440 –> 00:40:27,400
You would not allow them to skip testing.
1007
00:40:27,400 –> 00:40:29,800
You would not allow them to bypass code review.
1008
00:40:29,800 –> 00:40:32,040
You would not allow them to deploy directly to production
1009
00:40:32,040 –> 00:40:33,160
whenever they felt like it.
1010
00:40:33,160 –> 00:40:34,400
These are not suggestions.
1011
00:40:34,400 –> 00:40:37,200
These are fundamentals of responsible software engineering.
1012
00:40:37,200 –> 00:40:39,000
Yet, Power Platform allows exactly this.
1013
00:40:39,000 –> 00:40:41,000
A citizen developer can build an application
1014
00:40:41,000 –> 00:40:43,520
in the default environment and move it to production
1015
00:40:43,520 –> 00:40:46,560
without version control, without testing requirement,
1016
00:40:46,560 –> 00:40:49,080
without approval gates, without documentation.
1017
00:40:49,080 –> 00:40:50,600
The system does not prevent this.
1018
00:40:50,600 –> 00:40:51,720
The system enables it.
1019
00:40:51,720 –> 00:40:53,000
Here is the uncomfortable truth
1020
00:40:53,000 –> 00:40:54,760
that most organizations avoid.
1021
00:40:54,760 –> 00:40:56,960
Citizen developers are software engineers.
1022
00:40:56,960 –> 00:40:58,600
They are architecting databases.
1023
00:40:58,600 –> 00:41:00,200
They are building business logic.
1024
00:41:00,200 –> 00:41:01,600
They are integrating systems.
1025
00:41:01,600 –> 00:41:03,200
They are making security decisions.
1026
00:41:03,200 –> 00:41:04,560
They are implementing data flows.
1027
00:41:04,560 –> 00:41:06,400
They are doing software engineering work.
1028
00:41:06,400 –> 00:41:09,400
Treating them as users is an architectural error.
1029
00:41:09,400 –> 00:41:11,520
When an organization enables Power Platform,
1030
00:41:11,520 –> 00:41:13,120
they enable a development platform.
1031
00:41:13,120 –> 00:41:15,200
When they leave the default environment open,
1032
00:41:15,200 –> 00:41:17,280
they enable unmanage development.
1033
00:41:17,280 –> 00:41:19,800
When they do not enforce environment strategy,
1034
00:41:19,800 –> 00:41:22,280
they enable development in uncontrolled spaces.
1035
00:41:22,280 –> 00:41:24,840
When they do not require managed solutions and pipelines,
1036
00:41:24,840 –> 00:41:27,160
they enable deployment without governance.
1037
00:41:27,160 –> 00:41:29,240
When they do not document application ownership
1038
00:41:29,240 –> 00:41:32,400
and lifecycle, they enable unaccountable software engineering.
1039
00:41:32,400 –> 00:41:34,480
The organization then acts surprised
1040
00:41:34,480 –> 00:41:36,800
when the platform behaves like what it is.
1041
00:41:36,800 –> 00:41:38,640
An unmanaged development environment,
1042
00:41:38,640 –> 00:41:40,400
the consequences that organizations
1043
00:41:40,400 –> 00:41:43,200
apply user-level governance to platform-level problems.
1044
00:41:43,200 –> 00:41:44,680
They focus on access control.
1045
00:41:44,680 –> 00:41:45,960
Who can create environments?
1046
00:41:45,960 –> 00:41:46,960
Who can create flows?
1047
00:41:46,960 –> 00:41:48,040
Who can access data?
1048
00:41:48,040 –> 00:41:49,680
These are important questions.
1049
00:41:49,680 –> 00:41:50,760
But they are not sufficient.
1050
00:41:50,760 –> 00:41:52,880
They are necessary conditions for governance.
1051
00:41:52,880 –> 00:41:54,520
They are not sufficient conditions.
1052
00:41:54,520 –> 00:41:56,080
A user with appropriate access
1053
00:41:56,080 –> 00:41:58,600
can still build a poorly designed application.
1054
00:41:58,600 –> 00:42:00,120
A user with appropriate access
1055
00:42:00,120 –> 00:42:01,560
can still create an integration
1056
00:42:01,560 –> 00:42:03,520
that violates security policy.
1057
00:42:03,520 –> 00:42:05,000
A user with appropriate access
1058
00:42:05,000 –> 00:42:07,760
can still design a data model that was never meant to exist.
1059
00:42:07,760 –> 00:42:09,440
A user with appropriate access
1060
00:42:09,440 –> 00:42:11,200
can still move data in patents
1061
00:42:11,200 –> 00:42:13,160
that create compliance violations.
1062
00:42:13,160 –> 00:42:16,080
User-level governance controls identity and access.
1063
00:42:16,080 –> 00:42:18,840
Platform-level governance controls what the platform allows.
1064
00:42:18,840 –> 00:42:20,720
Application-level governance controls
1065
00:42:20,720 –> 00:42:23,800
how applications are designed, reviewed, deployed, and maintained.
1066
00:42:23,800 –> 00:42:26,880
Most organizations implement user-level governance.
1067
00:42:26,880 –> 00:42:28,840
Some implement platform-level governance.
1068
00:42:28,840 –> 00:42:31,120
Few implement application-level governance.
1069
00:42:31,120 –> 00:42:33,240
Application-level governance is what is missing.
1070
00:42:33,240 –> 00:42:34,960
This is architectural governance.
1071
00:42:34,960 –> 00:42:36,400
Enforcing design patterns,
1072
00:42:36,400 –> 00:42:38,960
preventing lock-in through standardized integrations.
1073
00:42:38,960 –> 00:42:41,760
Managing dependencies through documented relationships.
1074
00:42:41,760 –> 00:42:43,880
Requiring documentation of business purpose.
1075
00:42:43,880 –> 00:42:46,040
Requiring security reviews before deployment.
1076
00:42:46,040 –> 00:42:48,000
Requiring performance assessment before release.
1077
00:42:48,000 –> 00:42:50,000
Requiring ownership accountability.
1078
00:42:50,000 –> 00:42:51,800
Requiring lifecycle management.
1079
00:42:51,800 –> 00:42:53,280
Standard IT governance.
1080
00:42:53,280 –> 00:42:56,040
Access control, compliance, monitoring is necessary.
1081
00:42:56,040 –> 00:42:57,040
It is not sufficient.
1082
00:42:57,040 –> 00:42:58,600
It handles the outer boundary.
1083
00:42:58,600 –> 00:43:00,280
It determines who can access what.
1084
00:43:00,280 –> 00:43:01,520
It ensures audit trails.
1085
00:43:01,520 –> 00:43:02,840
It captures what happened.
1086
00:43:02,840 –> 00:43:05,360
But it does not prevent a poorly designed application
1087
00:43:05,360 –> 00:43:06,240
from being deployed.
1088
00:43:06,240 –> 00:43:10,320
It does not prevent a fragile data model from accumulating technical debt.
1089
00:43:10,320 –> 00:43:14,000
It does not prevent undocumented logic from becoming un-maintainable.
1090
00:43:14,000 –> 00:43:17,840
It does not prevent citizen developers from making architectural mistakes
1091
00:43:17,840 –> 00:43:20,320
because they lack training and architectural thinking.
1092
00:43:20,320 –> 00:43:22,000
What is needed is a reframing.
1093
00:43:22,000 –> 00:43:24,960
Organizations must treat power platform as what it is.
1094
00:43:24,960 –> 00:43:27,880
A development platform that requires development discipline.
1095
00:43:27,880 –> 00:43:30,760
This reframing is uncomfortable because it means admitting
1096
00:43:30,760 –> 00:43:33,240
that citizen development is not frictionless.
1097
00:43:33,240 –> 00:43:36,280
Citizen developers cannot simply build. They must build with discipline.
1098
00:43:36,280 –> 00:43:37,920
They must document business purpose.
1099
00:43:37,920 –> 00:43:39,640
They must undergo security review.
1100
00:43:39,640 –> 00:43:41,240
They must design for maintainability.
1101
00:43:41,240 –> 00:43:43,920
They must follow patterns established by the organization.
1102
00:43:43,920 –> 00:43:46,600
This sounds like bureaucracy to many citizen developers.
1103
00:43:46,600 –> 00:43:49,240
They enabled power platform because they wanted speed.
1104
00:43:49,240 –> 00:43:52,200
They wanted to avoid the friction of traditional software development.
1105
00:43:52,200 –> 00:43:56,440
Adding governance back into the process feels like they have lost the benefit of the platform.
1106
00:43:56,440 –> 00:43:59,440
This is the fundamental tension in power platform governance.
1107
00:43:59,440 –> 00:44:01,040
The platform promises speed.
1108
00:44:01,040 –> 00:44:04,440
The architecture requires discipline. Speed and discipline are not compatible
1109
00:44:04,440 –> 00:44:06,920
without structure that makes discipline efficient.
1110
00:44:06,920 –> 00:44:09,680
The organizations that succeed are the ones that accept this tension
1111
00:44:09,680 –> 00:44:11,480
and resolve it architecturally.
1112
00:44:11,480 –> 00:44:14,480
They create governance processes that are lightweight but enforced.
1113
00:44:14,480 –> 00:44:17,120
They create approval gates that are fast but meaningful.
1114
00:44:17,120 –> 00:44:19,800
They create standards that are restrictive but reasonable.
1115
00:44:19,800 –> 00:44:22,320
They create frameworks that enable rapid development
1116
00:44:22,320 –> 00:44:24,360
without sacrificing architectural discipline.
1117
00:44:24,360 –> 00:44:25,360
This is not easy.
1118
00:44:25,360 –> 00:44:27,680
This requires serious governance infrastructure.
1119
00:44:27,680 –> 00:44:30,280
This requires a center of excellence with real authority.
1120
00:44:30,280 –> 00:44:31,960
This requires enforcement mechanisms.
1121
00:44:31,960 –> 00:44:33,040
This requires training.
1122
00:44:33,040 –> 00:44:36,600
This requires a fundamental reframing of what power platform is and what it requires.
1123
00:44:36,600 –> 00:44:40,720
But it is the only path to sustainable power platform architecture.
1124
00:44:40,720 –> 00:44:42,520
Environment architecture strategy.
1125
00:44:42,520 –> 00:44:46,120
Proper environment segmentation treats power platform as what it actually is.
1126
00:44:46,120 –> 00:44:47,640
A tier development platform.
1127
00:44:47,640 –> 00:44:48,800
Not a productivity tool.
1128
00:44:48,800 –> 00:44:50,000
Not a monolithic system.
1129
00:44:50,000 –> 00:44:54,520
A tiered platform where different classes of applications operate under different governance rules.
1130
00:44:54,520 –> 00:44:58,520
This tiering is the foundation of sustainable power platform architecture.
1131
00:44:58,520 –> 00:45:02,680
Without it, everything collapses into the default environment disaster we described.
1132
00:45:02,680 –> 00:45:06,200
With it, you create clear boundaries that separate experimental work
1133
00:45:06,200 –> 00:45:10,040
from production impact, personal productivity from enterprise critical systems.
1134
00:45:10,040 –> 00:45:11,240
The model has three tiers.
1135
00:45:11,240 –> 00:45:13,000
Each tier serves a specific purpose.
1136
00:45:13,000 –> 00:45:16,040
Each tier has different permissions, different connector policies,
1137
00:45:16,040 –> 00:45:17,640
different lifecycle rules.
1138
00:45:17,640 –> 00:45:19,520
Tier one is personal productivity.
1139
00:45:19,520 –> 00:45:21,000
This is the default environment.
1140
00:45:21,000 –> 00:45:23,360
This tier exists for individuals to experiment,
1141
00:45:23,360 –> 00:45:26,240
to learn the platform, to build personal workflow automations,
1142
00:45:26,240 –> 00:45:28,320
to try ideas without impacting anyone else.
1143
00:45:28,320 –> 00:45:31,200
The default environment is restricted, no production data,
1144
00:45:31,200 –> 00:45:34,560
no business critical integrations, no shared applications,
1145
00:45:34,560 –> 00:45:37,040
a personal sandbox where anyone can build.
1146
00:45:37,040 –> 00:45:41,240
Knowing that the blast radius is limited to themselves access to tier one is open.
1147
00:45:41,240 –> 00:45:43,920
Everyone has makeup permissions in the default environment.
1148
00:45:43,920 –> 00:45:44,920
This is intentional.
1149
00:45:44,920 –> 00:45:47,600
The goal is to reduce friction for experimentation.
1150
00:45:47,600 –> 00:45:50,800
Users should be able to try power platform without asking permission,
1151
00:45:50,800 –> 00:45:54,320
without waiting for approval, without explaining to IT what they are building.
1152
00:45:54,320 –> 00:45:56,640
Connector policy in tier one is restrictive.
1153
00:45:56,640 –> 00:46:00,360
Standard business connectors are available, SharePoint, Teams, Outlook,
1154
00:46:00,360 –> 00:46:02,280
Personal Cloud Storage connectors are restricted.
1155
00:46:02,280 –> 00:46:04,200
External API connectors are restricted.
1156
00:46:04,200 –> 00:46:09,080
Anything that creates risk of moving sensitive data outside the organization is blocked.
1157
00:46:09,080 –> 00:46:11,920
The default environment is for learning and personal automation.
1158
00:46:11,920 –> 00:46:14,240
It is not for integrating critical systems.
1159
00:46:14,240 –> 00:46:18,880
Tier two is team solutions, dedicated environments for departmental applications.
1160
00:46:18,880 –> 00:46:21,920
For shared workflows, where a team collaborates on a solution.
1161
00:46:21,920 –> 00:46:25,760
These environments are not personal, they are shared, they require governance,
1162
00:46:25,760 –> 00:46:29,640
teams that want to build shared applications request a tier two environment.
1163
00:46:29,640 –> 00:46:31,600
The request includes business justification.
1164
00:46:31,600 –> 00:46:33,120
What problem does this team solve?
1165
00:46:33,120 –> 00:46:34,880
How many users will use the application?
1166
00:46:34,880 –> 00:46:36,640
What data does it access?
1167
00:46:36,640 –> 00:46:40,000
The organization approves tier two environments based on this justification.
1168
00:46:40,000 –> 00:46:43,200
Once approved, the environment is created with specific governance rules.
1169
00:46:43,200 –> 00:46:45,480
These environments allow standard connectors.
1170
00:46:45,480 –> 00:46:47,880
They allow premium connectors if justified.
1171
00:46:47,880 –> 00:46:50,080
They allow shared data stores in dataverse.
1172
00:46:50,080 –> 00:46:53,400
They allow multiple makers to collaborate on solutions.
1173
00:46:53,400 –> 00:46:56,640
The connectivity is broader than tier one because the scope is broader.
1174
00:46:56,640 –> 00:46:59,240
The impact is organizational, not personal.
1175
00:46:59,240 –> 00:47:01,680
Tier two environments have lifecycle management.
1176
00:47:01,680 –> 00:47:04,440
Applications in these environments have documented owners.
1177
00:47:04,440 –> 00:47:05,640
They have business purposes.
1178
00:47:05,640 –> 00:47:07,000
They have success metrics.
1179
00:47:07,000 –> 00:47:09,080
They have documented retention policies.
1180
00:47:09,080 –> 00:47:12,880
Applications that are no longer used are retired, not kept as zombies,
1181
00:47:12,880 –> 00:47:15,760
actually deactivated and removed from the environment.
1182
00:47:15,760 –> 00:47:17,840
Tier three is enterprise applications.
1183
00:47:17,840 –> 00:47:20,680
Production environments, these environments are restricted.
1184
00:47:20,680 –> 00:47:24,160
Creating an application in a tier three environment requires formal approval.
1185
00:47:24,160 –> 00:47:25,800
It requires architecture review.
1186
00:47:25,800 –> 00:47:27,600
It requires security assessment.
1187
00:47:27,600 –> 00:47:29,280
It requires documented ownership.
1188
00:47:29,280 –> 00:47:30,720
It requires a managed solution.
1189
00:47:30,720 –> 00:47:32,480
It requires deployment through a pipeline.
1190
00:47:32,480 –> 00:47:36,320
It requires testing in a dedicated test environment before production release.
1191
00:47:36,320 –> 00:47:39,480
Service accounts own tier three applications, not individual users.
1192
00:47:39,480 –> 00:47:40,560
Service accounts.
1193
00:47:40,560 –> 00:47:43,640
This prevents often applications when employees leave.
1194
00:47:43,640 –> 00:47:46,600
This prevents applications from becoming personal assets.
1195
00:47:46,600 –> 00:47:47,880
This ensures continuity.
1196
00:47:47,880 –> 00:47:49,720
The service account is the permanent owner.
1197
00:47:49,720 –> 00:47:51,720
Individual makers work within the framework,
1198
00:47:51,720 –> 00:47:53,880
but the service account owns the asset.
1199
00:47:53,880 –> 00:47:55,840
Connector policy in tier three is strict.
1200
00:47:55,840 –> 00:47:57,120
Only approved connectors.
1201
00:47:57,120 –> 00:47:59,840
Only connections authenticated with service accounts.
1202
00:47:59,840 –> 00:48:02,600
Only data flows that have been reviewed and documented.
1203
00:48:02,600 –> 00:48:06,040
Premium connectors in production require explicit justification.
1204
00:48:06,040 –> 00:48:08,960
External APIs in production require security review.
1205
00:48:08,960 –> 00:48:10,720
Tier three is not experimental.
1206
00:48:10,720 –> 00:48:12,200
It is not where you try things.
1207
00:48:12,200 –> 00:48:15,040
It is where you deploy things that matter.
1208
00:48:15,040 –> 00:48:17,320
Here is the critical implementation detail.
1209
00:48:17,320 –> 00:48:21,840
Environment admins enforce this tiering by controlling who can create applications in each tier.
1210
00:48:21,840 –> 00:48:23,080
Tier one is open to everyone.
1211
00:48:23,080 –> 00:48:25,400
Tier two is open to teams with approved environments.
1212
00:48:25,400 –> 00:48:28,480
Tier three is restricted to approved deployments through pipelines.
1213
00:48:28,480 –> 00:48:31,080
The platform itself prevents inappropriate usage.
1214
00:48:31,080 –> 00:48:34,040
Tier one makers cannot create applications in tier three.
1215
00:48:34,040 –> 00:48:37,720
Tier two teams cannot bypass the pipeline for production deployments.
1216
00:48:37,720 –> 00:48:39,240
The common failure is structural.
1217
00:48:39,240 –> 00:48:41,560
Organizations create this environment architecture.
1218
00:48:41,560 –> 00:48:42,640
They define the tiers.
1219
00:48:42,640 –> 00:48:43,760
They publish the policies.
1220
00:48:43,760 –> 00:48:45,000
They build the infrastructure.
1221
00:48:45,000 –> 00:48:48,240
Then they leave the default environment open for production applications.
1222
00:48:48,240 –> 00:48:51,800
They leave the governance recommendations as advisory rather than enforced.
1223
00:48:51,800 –> 00:48:55,480
They do not restrict tier one access to non-production applications.
1224
00:48:55,480 –> 00:48:58,440
They do not enforce tier three pipeline requirements.
1225
00:48:58,440 –> 00:49:01,240
When this happens, the entire architecture collapses.
1226
00:49:01,240 –> 00:49:04,160
The default environment again becomes the production platform.
1227
00:49:04,160 –> 00:49:07,160
The tiering provides visibility without preventing sprawl.
1228
00:49:07,160 –> 00:49:08,760
The governance looks good on paper.
1229
00:49:08,760 –> 00:49:10,240
The architecture fails in practice.
1230
00:49:10,240 –> 00:49:12,120
Proper environment architecture is necessary.
1231
00:49:12,120 –> 00:49:13,280
It is not sufficient.
1232
00:49:13,280 –> 00:49:15,080
You also need deployment discipline.
1233
00:49:15,080 –> 00:49:16,480
You need LM enforcement.
1234
00:49:16,480 –> 00:49:19,520
You need to make the pipeline mandatory, not optional.
1235
00:49:19,520 –> 00:49:21,160
ALM pipeline enforcement.
1236
00:49:21,160 –> 00:49:23,960
ALM stands for application lifecycle management.
1237
00:49:23,960 –> 00:49:27,320
It is a framework that treats applications as managed assets.
1238
00:49:27,320 –> 00:49:28,520
Assets with a lifecycle.
1239
00:49:28,520 –> 00:49:32,080
Assets that move through distinct stages, development, testing, production.
1240
00:49:32,080 –> 00:49:33,920
Each stage has specific requirements.
1241
00:49:33,920 –> 00:49:35,960
Each stage has different governance rules.
1242
00:49:35,960 –> 00:49:38,520
In traditional software development, ALM is enforced.
1243
00:49:38,520 –> 00:49:40,920
You do not deploy code directly to production.
1244
00:49:40,920 –> 00:49:42,760
Code goes through development environments.
1245
00:49:42,760 –> 00:49:44,200
It goes through test environments.
1246
00:49:44,200 –> 00:49:45,480
It goes through staging.
1247
00:49:45,480 –> 00:49:48,200
At each stage, specific gates are enforced.
1248
00:49:48,200 –> 00:49:52,520
Code review, automated testing, performance validation, security scanning.
1249
00:49:52,520 –> 00:49:55,040
Only after passing all gates does the code move forward.
1250
00:49:55,040 –> 00:49:56,520
This process is not optional.
1251
00:49:56,520 –> 00:49:58,840
It is enforced by version control systems.
1252
00:49:58,840 –> 00:50:00,120
By deployment automation.
1253
00:50:00,120 –> 00:50:03,960
By infrastructure as code policies that prevent direct production changes.
1254
00:50:03,960 –> 00:50:07,000
Power platform allows direct deployment without any of this discipline.
1255
00:50:07,000 –> 00:50:10,080
A citizen developer can build an application in the default environment
1256
00:50:10,080 –> 00:50:12,440
and move it to production without version control.
1257
00:50:12,440 –> 00:50:15,840
Without testing, without approval, without documentation.
1258
00:50:15,840 –> 00:50:17,400
The platform does not prevent this.
1259
00:50:17,400 –> 00:50:18,520
The platform enables it.
1260
00:50:18,520 –> 00:50:20,600
ALM pipeline enforcement changes this.
1261
00:50:20,600 –> 00:50:22,720
It makes the development lifecycle mandatory.
1262
00:50:22,720 –> 00:50:25,000
It creates gates that cannot be bypassed.
1263
00:50:25,000 –> 00:50:25,960
Here is how it works.
1264
00:50:25,960 –> 00:50:28,440
Production applications must use managed solutions.
1265
00:50:28,440 –> 00:50:29,880
Not unmanaged solutions.
1266
00:50:29,880 –> 00:50:31,080
Managed solutions.
1267
00:50:31,080 –> 00:50:32,480
This distinction matters.
1268
00:50:32,480 –> 00:50:34,480
Managed solutions have version history.
1269
00:50:34,480 –> 00:50:35,520
They support rollback.
1270
00:50:35,520 –> 00:50:36,680
They support patches.
1271
00:50:36,680 –> 00:50:38,960
Unmanaged solutions are development artifacts.
1272
00:50:38,960 –> 00:50:41,240
They are meant for experimentation, not production.
1273
00:50:41,240 –> 00:50:44,880
A citizen developer in a development environment creates an application.
1274
00:50:44,880 –> 00:50:46,320
They build the functionality.
1275
00:50:46,320 –> 00:50:47,680
They add the business logic.
1276
00:50:47,680 –> 00:50:49,320
They test locally when they are ready.
1277
00:50:49,320 –> 00:50:51,760
They package the application into an unmanaged solution.
1278
00:50:51,760 –> 00:50:53,240
They export that solution.
1279
00:50:53,240 –> 00:50:55,520
The solution file goes into a git repository.
1280
00:50:55,520 –> 00:50:57,560
Now the application has version control.
1281
00:50:57,560 –> 00:50:59,040
The export is tracked.
1282
00:50:59,040 –> 00:51:00,400
Changes are documented.
1283
00:51:00,400 –> 00:51:03,320
From Git, an automated pipeline picks up the solution.
1284
00:51:03,320 –> 00:51:05,040
The pipeline runs automated tests.
1285
00:51:05,040 –> 00:51:08,040
It validates that the solution is properly structured.
1286
00:51:08,040 –> 00:51:09,360
It checks for common errors.
1287
00:51:09,360 –> 00:51:10,640
It runs security scanning.
1288
00:51:10,640 –> 00:51:13,440
If test passes, the pipeline promotes the solution to a test environment.
1289
00:51:13,440 –> 00:51:15,840
In test, real users validate the application.
1290
00:51:15,840 –> 00:51:17,400
They confirm it works as intended.
1291
00:51:17,400 –> 00:51:18,400
They identify issues.
1292
00:51:18,400 –> 00:51:19,760
Issues go back to the developer.
1293
00:51:19,760 –> 00:51:21,160
The developer makes changes.
1294
00:51:21,160 –> 00:51:23,600
The updated solution goes back to the pipeline.
1295
00:51:23,600 –> 00:51:26,120
When testing is complete and the application is approved,
1296
00:51:26,120 –> 00:51:29,800
the pipeline imports the solution into production as a managed solution.
1297
00:51:29,800 –> 00:51:32,000
This managed solution becomes the production version.
1298
00:51:32,000 –> 00:51:33,000
It has version history.
1299
00:51:33,000 –> 00:51:36,640
If something goes wrong, the organization can roll back to the previous version.
1300
00:51:36,640 –> 00:51:39,720
The pipeline enforces that every production change is traceable.
1301
00:51:39,720 –> 00:51:40,960
Every change has a record.
1302
00:51:40,960 –> 00:51:42,200
Every change can be reversed.
1303
00:51:42,200 –> 00:51:43,600
This is ALM enforcement.
1304
00:51:43,600 –> 00:51:45,080
The pipeline is mandatory.
1305
00:51:45,080 –> 00:51:46,440
There is no alternative path.
1306
00:51:46,440 –> 00:51:50,960
Citizen developers cannot bypass the pipeline by importing solutions directly.
1307
00:51:50,960 –> 00:51:53,440
Cannot skip testing by moving to production manually.
1308
00:51:53,440 –> 00:51:56,920
Cannot deploy without approval because the pipeline enforces approval gates.
1309
00:51:56,920 –> 00:51:58,480
The pipeline is not a recommendation.
1310
00:51:58,480 –> 00:52:01,840
The pipeline is the only way production deployments happen.
1311
00:52:01,840 –> 00:52:03,560
Here is the trade-off this creates.
1312
00:52:03,560 –> 00:52:05,880
ALM pipelines introduce process overhead.
1313
00:52:05,880 –> 00:52:08,840
They reduce the instant gratification of power platform development.
1314
00:52:08,840 –> 00:52:12,120
A citizen developer cannot make a change and see it in production immediately.
1315
00:52:12,120 –> 00:52:13,880
The change must go through the pipeline.
1316
00:52:13,880 –> 00:52:14,960
It must pass testing.
1317
00:52:14,960 –> 00:52:15,840
It must be approved.
1318
00:52:15,840 –> 00:52:16,520
This takes time.
1319
00:52:16,520 –> 00:52:17,880
It introduces friction.
1320
00:52:17,880 –> 00:52:22,600
Citizen developers who build applications in two weeks suddenly find that deployment takes two more weeks.
1321
00:52:22,600 –> 00:52:26,840
The business users who loved the speed of power platform suddenly face delays.
1322
00:52:26,840 –> 00:52:32,600
The entire value proposition of local development, rapid iteration, quick time to value, appears to be lost.
1323
00:52:32,600 –> 00:52:34,680
This is where organizations often fail.
1324
00:52:34,680 –> 00:52:35,840
They implement pipelines.
1325
00:52:35,840 –> 00:52:37,920
Citizen developers complain about the friction.
1326
00:52:37,920 –> 00:52:40,440
The organization decides the friction is too high.
1327
00:52:40,440 –> 00:52:41,480
They create exceptions.
1328
00:52:41,480 –> 00:52:44,200
They allow manual deployments for certain applications.
1329
00:52:44,200 –> 00:52:46,320
They skip testing for low-risk changes.
1330
00:52:46,320 –> 00:52:47,920
The pipeline gradually becomes optional.
1331
00:52:47,920 –> 00:52:48,920
Exceptions accumulate.
1332
00:52:48,920 –> 00:52:51,400
The pipeline collapses into advisory governance.
1333
00:52:51,400 –> 00:52:54,800
Organizations that succeed treat ALM pipeline enforcement as non-negotiable.
1334
00:52:54,800 –> 00:52:56,360
Yes, the pipeline adds process.
1335
00:52:56,360 –> 00:52:58,040
Yes, it reduces instant gratification.
1336
00:52:58,040 –> 00:52:58,840
That is the point.
1337
00:52:58,840 –> 00:53:01,280
Production applications should not be deployed instantly.
1338
00:53:01,280 –> 00:53:02,080
They should be tested.
1339
00:53:02,080 –> 00:53:03,080
They should be reviewed.
1340
00:53:03,080 –> 00:53:04,000
They should be managed.
1341
00:53:04,000 –> 00:53:05,360
The friction is not a bug.
1342
00:53:05,360 –> 00:53:06,800
The friction is the feature.
1343
00:53:06,800 –> 00:53:07,800
The frame matters.
1344
00:53:07,800 –> 00:53:12,360
If you frame the pipeline as bureaucracy that slows development, developers will bypass it.
1345
00:53:12,360 –> 00:53:16,960
If you frame the pipeline as a safety net that prevents production failures, enables rollback
1346
00:53:16,960 –> 00:53:19,520
and maintains audit trails, developers accept it.
1347
00:53:19,520 –> 00:53:21,360
The pipeline becomes not a restriction.
1348
00:53:21,360 –> 00:53:23,560
It becomes responsible engineering practice.
1349
00:53:23,560 –> 00:53:26,880
ALM pipeline enforcement requires this mindset shift.
1350
00:53:26,880 –> 00:53:30,160
Citizen developers must understand that production is not a testing ground.
1351
00:53:30,160 –> 00:53:31,440
Production is where users work.
1352
00:53:31,440 –> 00:53:32,960
Production is where data lives.
1353
00:53:32,960 –> 00:53:35,640
Production is where the organization operates.
1354
00:53:35,640 –> 00:53:39,000
Deploying to production without discipline risks production failures.
1355
00:53:39,000 –> 00:53:40,520
Risks data loss.
1356
00:53:40,520 –> 00:53:41,840
Risks security breaches.
1357
00:53:41,840 –> 00:53:44,080
The pipeline is how you prevent these outcomes.
1358
00:53:44,080 –> 00:53:45,600
Connector governance segmentation.
1359
00:53:45,600 –> 00:53:48,360
ALM pipelines enforce the deployment process.
1360
00:53:48,360 –> 00:53:52,520
They ensure that applications move through development, testing and production with appropriate
1361
00:53:52,520 –> 00:53:53,960
gates at each stage.
1362
00:53:53,960 –> 00:53:57,560
But pipelines alone do not control what an application does after it deploys.
1363
00:53:57,560 –> 00:54:02,480
A flow that passes all tests and deploys to production can still move data in ways the
1364
00:54:02,480 –> 00:54:04,160
organization never intended.
1365
00:54:04,160 –> 00:54:09,040
A flow that follows good LM discipline can still connect to services that violate compliance
1366
00:54:09,040 –> 00:54:10,040
policy.
1367
00:54:10,040 –> 00:54:12,520
This is where connector governance becomes critical.
1368
00:54:12,520 –> 00:54:13,800
Connectors are the integration layer.
1369
00:54:13,800 –> 00:54:15,320
They determine what data flows where.
1370
00:54:15,320 –> 00:54:19,160
A connector is a pre-built integration that Power Platform provides.
1371
00:54:19,160 –> 00:54:20,160
Connect to SharePoint.
1372
00:54:20,160 –> 00:54:21,520
Connect to Salesforce.
1373
00:54:21,520 –> 00:54:23,200
Connect to a SQL database.
1374
00:54:23,200 –> 00:54:24,200
Connect to Dropbox.
1375
00:54:24,200 –> 00:54:26,080
Connect to any external API.
1376
00:54:26,080 –> 00:54:28,560
The connector abstracts the integration complexity.
1377
00:54:28,560 –> 00:54:30,800
A flow builder clicks on a connector.
1378
00:54:30,800 –> 00:54:32,000
Specifies what data to move.
1379
00:54:32,000 –> 00:54:36,200
The connector handles the authentication, the API calls, the data transformation.
1380
00:54:36,200 –> 00:54:38,400
The problem is architectural.
1381
00:54:38,400 –> 00:54:42,000
Connectors are approved at the tenant level, not enforced at the application level.
1382
00:54:42,000 –> 00:54:43,520
This is the distinction that matters.
1383
00:54:43,520 –> 00:54:47,160
When an administrator approves a connector that connector becomes available to every
1384
00:54:47,160 –> 00:54:51,520
application in the environment, every flow, every power app, every automation.
1385
00:54:51,520 –> 00:54:55,960
There is no mechanism that says this connector is approved only for this specific application
1386
00:54:55,960 –> 00:54:59,760
or this connector can only access this specific data source.
1387
00:54:59,760 –> 00:55:01,080
The approval is binary.
1388
00:55:01,080 –> 00:55:04,960
Either the connector is available everywhere or it is not available at all.
1389
00:55:04,960 –> 00:55:07,680
Connector governance requires three tier segmentation.
1390
00:55:07,680 –> 00:55:09,520
Not all connectors are equally risky.
1391
00:55:09,520 –> 00:55:11,640
Some connectors touch only internal services.
1392
00:55:11,640 –> 00:55:13,000
Some touch external services.
1393
00:55:13,000 –> 00:55:14,440
Some should be blocked entirely.
1394
00:55:14,440 –> 00:55:16,080
Tier one is low risk connectors.
1395
00:55:16,080 –> 00:55:17,080
SharePoint.
1396
00:55:17,080 –> 00:55:18,080
Teams.
1397
00:55:18,080 –> 00:55:19,080
Outlook.
1398
00:55:19,080 –> 00:55:20,080
Dynamics.
1399
00:55:20,080 –> 00:55:21,080
Internal services that the organization controls.
1400
00:55:21,080 –> 00:55:22,880
These connectors are approved by default.
1401
00:55:22,880 –> 00:55:25,080
Users can use them without additional justification.
1402
00:55:25,080 –> 00:55:26,080
They connect to systems.
1403
00:55:26,080 –> 00:55:27,760
The organization manages.
1404
00:55:27,760 –> 00:55:30,000
The data is subject to organizational controls.
1405
00:55:30,000 –> 00:55:32,200
Tier two is high risk connectors.
1406
00:55:32,200 –> 00:55:36,680
External storage services like Dropbox, Google Drive, Personal OneDrive accounts.
1407
00:55:36,680 –> 00:55:37,960
Social media connectors.
1408
00:55:37,960 –> 00:55:40,000
Generic HTTP APIs.
1409
00:55:40,000 –> 00:55:43,440
Connectors that move data outside the organization or to external services.
1410
00:55:43,440 –> 00:55:45,880
These connectors require explicit approval.
1411
00:55:45,880 –> 00:55:50,440
A flow that uses a high risk connector must be reviewed before deployment.
1412
00:55:50,440 –> 00:55:54,240
The review assesses whether the connector is being used appropriately, whether it is
1413
00:55:54,240 –> 00:55:57,280
moving sensitive data, whether it violates compliance policy.
1414
00:55:57,280 –> 00:55:59,160
Tier three is blocked connectors.
1415
00:55:59,160 –> 00:56:01,160
Colleagues that violate compliance requirements.
1416
00:56:01,160 –> 00:56:03,360
Services that violate data residency policies.
1417
00:56:03,360 –> 00:56:07,520
Services that the organization has determined should never be accessible from power platform.
1418
00:56:07,520 –> 00:56:09,040
These connectors are not available.
1419
00:56:09,040 –> 00:56:10,040
Not in development.
1420
00:56:10,040 –> 00:56:11,040
Not in test.
1421
00:56:11,040 –> 00:56:12,040
Not in production.
1422
00:56:12,040 –> 00:56:15,160
A blocked connector cannot be used regardless of business justification.
1423
00:56:15,160 –> 00:56:18,000
The enforcement mechanism is data loss prevention policies.
1424
00:56:18,000 –> 00:56:21,320
DLP in power platform can restrict connector combinations.
1425
00:56:21,320 –> 00:56:25,720
You can create rules that prevent high risk connectors from accessing sensitive data.
1426
00:56:25,720 –> 00:56:29,920
You can enforce that high risk connectors cannot be used in the same flow as business data
1427
00:56:29,920 –> 00:56:30,920
connectors.
1428
00:56:30,920 –> 00:56:33,920
You can mandate that certain connector combinations are not allowed.
1429
00:56:33,920 –> 00:56:38,720
Third, the flows, thousands of them, were triggering automations across the entire technology
1430
00:56:38,720 –> 00:56:39,560
estate.
1431
00:56:39,560 –> 00:56:43,920
When a maker tries to create a flow that violates DLP policy, the platform blocks it.
1432
00:56:43,920 –> 00:56:45,000
The flow cannot be saved.
1433
00:56:45,000 –> 00:56:46,480
The flow cannot be deployed.
1434
00:56:46,480 –> 00:56:48,800
The policy enforcement is technical, not advisory.
1435
00:56:48,800 –> 00:56:50,400
DLP is not a recommendation.
1436
00:56:50,400 –> 00:56:52,000
DLP is an architecture boundary.
1437
00:56:52,000 –> 00:56:55,240
The real pattern that appears in enterprise audits is straightforward.
1438
00:56:55,240 –> 00:56:57,560
Most organizations have no connector segmentation.
1439
00:56:57,560 –> 00:57:01,120
All connectors are equally accessible, an administrator approves a connector.
1440
00:57:01,120 –> 00:57:02,800
The connector is available to everyone.
1441
00:57:02,800 –> 00:57:05,640
No tier, no restrictions, no enforcement against misuse.
1442
00:57:05,640 –> 00:57:09,800
The consequence is that a single poorly configured flow can expose sensitive data.
1443
00:57:09,800 –> 00:57:13,520
A developer with good intentions connects SharePoint to personal cloud storage.
1444
00:57:13,520 –> 00:57:14,520
The data moves.
1445
00:57:14,520 –> 00:57:17,400
The organization experiences a compliance breach.
1446
00:57:17,400 –> 00:57:20,520
Connector governance requires mapping every connector the organization uses into the
1447
00:57:20,520 –> 00:57:24,960
three-tier model, then enforcing through DLP which connectors can coexist.
1448
00:57:24,960 –> 00:57:28,960
The enforcement prevents architectural misconfigurations before they reach production.
1449
00:57:28,960 –> 00:57:33,240
But connector governance like environment architecture and ALM pipelines is enforced
1450
00:57:33,240 –> 00:57:34,600
through infrastructure policy.
1451
00:57:34,600 –> 00:57:35,600
It is not advisory.
1452
00:57:35,600 –> 00:57:36,600
It is not optional.
1453
00:57:36,600 –> 00:57:37,880
It is architectural.
1454
00:57:37,880 –> 00:57:41,840
And architecture enforcement requires organizational discipline, ownership and life cycle
1455
00:57:41,840 –> 00:57:42,840
policies.
1456
00:57:42,840 –> 00:57:45,640
Connector governance prevents inappropriate data flows.
1457
00:57:45,640 –> 00:57:48,440
ALM pipelines enforce deployment discipline.
1458
00:57:48,440 –> 00:57:50,960
Environment architecture separates development from production.
1459
00:57:50,960 –> 00:57:53,840
These mechanisms control how applications behave.
1460
00:57:53,840 –> 00:57:56,600
But they do not address a fundamental architectural problem.
1461
00:57:56,600 –> 00:57:59,120
Who is responsible for the application after it exists?
1462
00:57:59,120 –> 00:58:02,560
Power platform allows applications to be created without clear ownership.
1463
00:58:02,560 –> 00:58:04,400
A citizen developer builds an application.
1464
00:58:04,400 –> 00:58:05,520
The application deploys.
1465
00:58:05,520 –> 00:58:07,760
The developer becomes the owner by default.
1466
00:58:07,760 –> 00:58:09,960
The ownership is implicit, not explicit.
1467
00:58:09,960 –> 00:58:12,120
The application belongs to the person who built it.
1468
00:58:12,120 –> 00:58:14,320
This creates a specific architectural failure.
1469
00:58:14,320 –> 00:58:17,400
When that person leaves the organization, the application becomes orphaned.
1470
00:58:17,400 –> 00:58:18,400
It still runs.
1471
00:58:18,400 –> 00:58:19,400
It still accesses data.
1472
00:58:19,400 –> 00:58:21,120
It still has security permissions.
1473
00:58:21,120 –> 00:58:22,840
But nobody is responsible for maintaining it.
1474
00:58:22,840 –> 00:58:26,720
Nobody is accountable for ensuring it continues to meet its business purpose.
1475
00:58:26,720 –> 00:58:30,560
Nobody is tasked with retiring it if the business need no longer exists.
1476
00:58:30,560 –> 00:58:33,640
Often applications are technical debt in pure form.
1477
00:58:33,640 –> 00:58:34,920
They consume resources.
1478
00:58:34,920 –> 00:58:36,440
They create security surface.
1479
00:58:36,440 –> 00:58:38,000
They require maintenance effort.
1480
00:58:38,000 –> 00:58:39,720
They provide no measurable value.
1481
00:58:39,720 –> 00:58:44,280
Yet they persist because there is no mechanism that automatically retires them.
1482
00:58:44,280 –> 00:58:45,960
Ownership enforcement solves this.
1483
00:58:45,960 –> 00:58:49,320
Every application must have an explicit owner, not the person who built it.
1484
00:58:49,320 –> 00:58:52,600
An accountable owner responsible for the application’s life cycle.
1485
00:58:52,600 –> 00:58:57,120
For production applications, the owner is a service account, not a user, a service account.
1486
00:58:57,120 –> 00:58:58,800
This distinction is critical.
1487
00:58:58,800 –> 00:59:01,080
Service accounts do not leave the organization.
1488
00:59:01,080 –> 00:59:02,840
Service accounts do not change roles.
1489
00:59:02,840 –> 00:59:04,160
Service accounts remain stable.
1490
00:59:04,160 –> 00:59:06,480
They own the application permanently.
1491
00:59:06,480 –> 00:59:08,640
Individual developers can update the application.
1492
00:59:08,640 –> 00:59:12,200
Individual developers can modify the logic, but the service account owns the asset.
1493
00:59:12,200 –> 00:59:15,560
The service account ensures the application has a permanent steward.
1494
00:59:15,560 –> 00:59:19,040
For development and team environments, individual makers can own applications.
1495
00:59:19,040 –> 00:59:20,040
They are experimenting.
1496
00:59:20,040 –> 00:59:22,960
They are learning. They are building shared solutions for their teams.
1497
00:59:22,960 –> 00:59:25,960
Individual ownership is appropriate in lower tier environments.
1498
00:59:25,960 –> 00:59:30,120
But production applications require institutional ownership through service accounts.
1499
00:59:30,120 –> 00:59:34,400
Life cycle policy enforces accountability across the entire application portfolio.
1500
00:59:34,400 –> 00:59:36,560
Every application has a documented purpose.
1501
00:59:36,560 –> 00:59:38,520
What business problem does this application solve?
1502
00:59:38,520 –> 00:59:39,520
Who uses it?
1503
00:59:39,520 –> 00:59:40,520
What data does it access?
1504
00:59:40,520 –> 00:59:41,520
These are not optional details.
1505
00:59:41,520 –> 00:59:43,320
These are architectural requirements.
1506
00:59:43,320 –> 00:59:46,680
An application without documented purpose is an often waiting to happen.
1507
00:59:46,680 –> 00:59:48,680
Every application has success metrics.
1508
00:59:48,680 –> 00:59:50,800
How do we know if this application is delivering value?
1509
00:59:50,800 –> 00:59:52,400
Is usage growing or declining?
1510
00:59:52,400 –> 00:59:53,800
Are users satisfied?
1511
00:59:53,800 –> 00:59:57,200
Has the business problem it was supposed to solve actually been solved?
1512
00:59:57,200 –> 01:00:01,240
Success metrics give the organization data to assess whether an application deserves continued
1513
01:00:01,240 –> 01:00:03,440
investment or should be retired.
1514
01:00:03,440 –> 01:00:05,200
Quartular reviews make ownership meaningful.
1515
01:00:05,200 –> 01:00:07,720
The owner of each application reviews the application.
1516
01:00:07,720 –> 01:00:09,200
Is it still delivering value?
1517
01:00:09,200 –> 01:00:10,960
Is the business purpose still relevant?
1518
01:00:10,960 –> 01:00:11,960
Are there users?
1519
01:00:11,960 –> 01:00:14,560
Are there security or compliance issues that need attention?
1520
01:00:14,560 –> 01:00:16,280
The review is not a checkbox exercise.
1521
01:00:16,280 –> 01:00:20,240
The review is the point where ownership becomes active rather than passive.
1522
01:00:20,240 –> 01:00:23,760
Applications that show zero usage for 90 days enter a deprecation process.
1523
01:00:23,760 –> 01:00:25,240
This is not immediate retirement.
1524
01:00:25,240 –> 01:00:26,800
This is structured deprecation.
1525
01:00:26,800 –> 01:00:28,040
First notification.
1526
01:00:28,040 –> 01:00:31,720
The owner and stakeholders are notified that the application is showing no usage.
1527
01:00:31,720 –> 01:00:35,240
They have the opportunity to justify why the application should continue.
1528
01:00:35,240 –> 01:00:36,680
They can provide business context.
1529
01:00:36,680 –> 01:00:38,200
The metric does not capture.
1530
01:00:38,200 –> 01:00:40,480
They can commit to reactivating the application.
1531
01:00:40,480 –> 01:00:44,240
If no justification is provided, the application enters a remediation window.
1532
01:00:44,240 –> 01:00:48,600
30 days, the stakeholders have one month to demonstrate usage or provide documented business
1533
01:00:48,600 –> 01:00:51,640
justification for keeping the application dormant.
1534
01:00:51,640 –> 01:00:55,720
If the remediation window passes without justification, the application is retired.
1535
01:00:55,720 –> 01:00:57,400
Not deleted, retired.
1536
01:00:57,400 –> 01:00:59,240
It moves to a deactivated state.
1537
01:00:59,240 –> 01:01:00,920
The application is no longer accessible.
1538
01:01:00,920 –> 01:01:02,240
The connections are not active.
1539
01:01:02,240 –> 01:01:04,920
The application is archived, not erased.
1540
01:01:04,920 –> 01:01:07,920
Automatic retirement achieves what advisory governance cannot.
1541
01:01:07,920 –> 01:01:09,360
It reduces the attack surface.
1542
01:01:09,360 –> 01:01:12,600
Deactivated applications no longer consume security permissions.
1543
01:01:12,600 –> 01:01:13,840
It lowers licensing costs.
1544
01:01:13,840 –> 01:01:17,800
The organization is not paying for dataverse capacity or connector licenses for inactive
1545
01:01:17,800 –> 01:01:18,800
applications.
1546
01:01:18,800 –> 01:01:19,800
It simplifies maintenance.
1547
01:01:19,800 –> 01:01:24,360
The organization is not monitoring, patching or supporting applications that deliver no value.
1548
01:01:24,360 –> 01:01:27,280
The resistance to lifecycle management is predictable.
1549
01:01:27,280 –> 01:01:30,920
Business stakeholders will argue that applications should not be retired.
1550
01:01:30,920 –> 01:01:35,040
Applications might become useful again, keeping dormant applications around preserves options.
1551
01:01:35,040 –> 01:01:39,880
The cost of retirement is not justified by the benefit of potential future reactivation.
1552
01:01:39,880 –> 01:01:40,880
This framing is backwards.
1553
01:01:40,880 –> 01:01:43,320
The benefit of retirement is not reclaiming costs.
1554
01:01:43,320 –> 01:01:45,720
The benefit is architectural clarity.
1555
01:01:45,720 –> 01:01:47,800
Applications that do not deliver value should not persist.
1556
01:01:47,800 –> 01:01:48,800
They should be retired.
1557
01:01:48,800 –> 01:01:53,160
If a business need emerges later that resembles the old application, it is cheaper to rebuild
1558
01:01:53,160 –> 01:01:56,840
with current architecture and current business understanding than to maintain a dormant
1559
01:01:56,840 –> 01:02:00,640
application for years, hoping it becomes useful again.
1560
01:02:00,640 –> 01:02:03,440
Frame retirement as freeing resources for innovation.
1561
01:02:03,440 –> 01:02:07,680
Every application the organization retires is a resource freed for building something that
1562
01:02:07,680 –> 01:02:09,960
delivers current business value.
1563
01:02:09,960 –> 01:02:14,320
These four mechanisms, Environment Architecture, ALM Pipelines, Connector Governance, Ownership
1564
01:02:14,320 –> 01:02:16,400
and Lifecycle policies work together.
1565
01:02:16,400 –> 01:02:19,920
They create a cohesive governance framework separately, each is insufficient.
1566
01:02:19,920 –> 01:02:23,880
Together they form sustainable power platform architecture.
1567
01:02:23,880 –> 01:02:26,320
The center of excellence is architecture enforcer.
1568
01:02:26,320 –> 01:02:30,920
These four mechanisms, Environment Architecture, ALM Pipelines, Connector Governance, Ownership
1569
01:02:30,920 –> 01:02:34,400
and Lifecycle policies require a function to enforce them.
1570
01:02:34,400 –> 01:02:38,400
They require someone to own the architecture, someone to make decisions, someone to say
1571
01:02:38,400 –> 01:02:39,640
no when necessary.
1572
01:02:39,640 –> 01:02:43,320
Someone to hold the line when political pressure mounts to circumvent the system.
1573
01:02:43,320 –> 01:02:45,320
That function is the center of excellence.
1574
01:02:45,320 –> 01:02:49,160
But the COE must operate differently than most organizations imagine.
1575
01:02:49,160 –> 01:02:52,760
Most organizations treat the COE as an observability and advisory function.
1576
01:02:52,760 –> 01:02:54,360
The COE publishes best practices.
1577
01:02:54,360 –> 01:02:57,240
The COE maintains dashboards, the COE trains makers.
1578
01:02:57,240 –> 01:02:59,000
The COE recommends governance patterns.
1579
01:02:59,000 –> 01:03:00,880
The COE is a resource center.
1580
01:03:00,880 –> 01:03:03,400
It advises, it guides, it educates.
1581
01:03:03,400 –> 01:03:05,400
This approach fails systematically.
1582
01:03:05,400 –> 01:03:06,880
Advisory governance is not governance.
1583
01:03:06,880 –> 01:03:08,120
It is suggestion.
1584
01:03:08,120 –> 01:03:12,240
For governance to work, the COE must shift from advisory to enforcement.
1585
01:03:12,240 –> 01:03:14,440
The COE owns the environment architecture.
1586
01:03:14,440 –> 01:03:16,320
The COE approves environment requests.
1587
01:03:16,320 –> 01:03:18,960
The COE has veto power over new environments.
1588
01:03:18,960 –> 01:03:23,400
If a business unit wants to create an environment, they request it through the COE.
1589
01:03:23,400 –> 01:03:27,680
The COE assesses whether the request is justified, whether the proposed environment follows
1590
01:03:27,680 –> 01:03:29,440
the tiered architecture.
1591
01:03:29,440 –> 01:03:32,400
Whether the business need cannot be met through existing environments.
1592
01:03:32,400 –> 01:03:34,480
The COE approves or denies the request.
1593
01:03:34,480 –> 01:03:35,760
This is not a recommendation.
1594
01:03:35,760 –> 01:03:37,120
This is architectural authority.
1595
01:03:37,120 –> 01:03:38,880
The COE owns connector policies.
1596
01:03:38,880 –> 01:03:43,080
The COE determines which connectors are in tier one, which are tier two, which are tier three.
1597
01:03:43,080 –> 01:03:45,000
The COE reviews connector requests.
1598
01:03:45,000 –> 01:03:46,280
Can we approve this connector?
1599
01:03:46,280 –> 01:03:47,880
Does it create compliance risk?
1600
01:03:47,880 –> 01:03:49,440
Does it violate data residency?
1601
01:03:49,440 –> 01:03:51,120
The COE makes the decision.
1602
01:03:51,120 –> 01:03:55,400
Connectors are approved or blocked based on architectural assessment, not stakeholder pressure.
1603
01:03:55,400 –> 01:03:57,000
The COE owns alarm pipelines.
1604
01:03:57,000 –> 01:03:59,640
The COE maintains the pipeline infrastructure.
1605
01:03:59,640 –> 01:04:02,720
The COE ensures that production deployments go through the pipeline.
1606
01:04:02,720 –> 01:04:05,960
The COE enforces that exceptions to the pipeline are rare and documented.
1607
01:04:05,960 –> 01:04:09,800
If a business unit wants to bypass the pipeline for a production deployment, they do not
1608
01:04:09,800 –> 01:04:10,800
bypass it.
1609
01:04:10,800 –> 01:04:12,200
They request an exception to the COE.
1610
01:04:12,200 –> 01:04:14,840
The COE assesses whether the exception is justified.
1611
01:04:14,840 –> 01:04:16,760
The COE approves or denies.
1612
01:04:16,760 –> 01:04:20,680
The exception does not happen without explicit COE authorization and documentation.
1613
01:04:20,680 –> 01:04:22,520
The COE owns lifecycle enforcement.
1614
01:04:22,520 –> 01:04:24,400
The COE monitors application usage.
1615
01:04:24,400 –> 01:04:27,880
The COE executes deprecation for applications showing no usage.
1616
01:04:27,880 –> 01:04:31,080
The COE does not ask permission to retire zombie applications.
1617
01:04:31,080 –> 01:04:33,240
The COE executes the policy.
1618
01:04:33,240 –> 01:04:36,800
Applications with zero usage for 90 days are deprecated according to policy.
1619
01:04:36,800 –> 01:04:38,720
The policy is enforcement, not suggestion.
1620
01:04:38,720 –> 01:04:41,720
The shift from advisory to enforcement requires resources.
1621
01:04:41,720 –> 01:04:43,960
The COE cannot be a part-time responsibility.
1622
01:04:43,960 –> 01:04:49,120
A power platform admin working 15% of their time on governance will advise but not enforce.
1623
01:04:49,120 –> 01:04:51,920
Enforcement requires dedicated capacity.
1624
01:04:51,920 –> 01:04:54,760
Organizations that succeed have a full-time platform owner.
1625
01:04:54,760 –> 01:04:58,560
A full-time security lead responsible for connector governance and DLP policy.
1626
01:04:58,560 –> 01:05:03,320
A full-time architect responsible for environment strategy and ALM pipeline maintenance.
1627
01:05:03,320 –> 01:05:05,240
These are not secondary responsibilities.
1628
01:05:05,240 –> 01:05:06,200
These are core functions.
1629
01:05:06,200 –> 01:05:08,480
The COE also requires authority structure.
1630
01:05:08,480 –> 01:05:10,160
The platform owner must have veto power.
1631
01:05:10,160 –> 01:05:12,600
Not influence, not recommendation authority.
1632
01:05:12,600 –> 01:05:13,600
Veto power.
1633
01:05:13,600 –> 01:05:18,000
The COE must be able to say no to environment requests that violate architecture.
1634
01:05:18,000 –> 01:05:19,720
Must be able to deny connector approvals.
1635
01:05:19,720 –> 01:05:23,720
Must be able to enforce retirement policies without requiring stakeholder consensus.
1636
01:05:23,720 –> 01:05:25,400
This authority creates tension.
1637
01:05:25,400 –> 01:05:26,560
Business units resist.
1638
01:05:26,560 –> 01:05:27,920
They want flexibility.
1639
01:05:27,920 –> 01:05:30,480
They want to build what they want when they want it.
1640
01:05:30,480 –> 01:05:33,240
Architectural enforcement limits that flexibility.
1641
01:05:33,240 –> 01:05:36,280
The COE becomes the boundary that prevents architectural chaos.
1642
01:05:36,280 –> 01:05:39,960
Organizations with well-resourced COEs that have genuine enforcement authority
1643
01:05:39,960 –> 01:05:43,880
achieve three to four times better outcomes in security, compliance,
1644
01:05:43,880 –> 01:05:48,440
and operational efficiency compared to organizations with advisory COEs.
1645
01:05:48,440 –> 01:05:49,520
This is not theoretical.
1646
01:05:49,520 –> 01:05:51,840
This is observed pattern across enterprise tenants.
1647
01:05:51,840 –> 01:05:54,800
The trade-off is political giving the COE enforcement authority
1648
01:05:54,800 –> 01:05:57,440
means the business units no longer have complete autonomy.
1649
01:05:57,440 –> 01:05:59,040
Means requests get denied.
1650
01:05:59,040 –> 01:06:01,280
Means policies are enforced even when inconvenient.
1651
01:06:01,280 –> 01:06:03,240
This requires executive sponsorship.
1652
01:06:03,240 –> 01:06:07,800
The CTO or the CIO must visibly champion the COE as a strategic function.
1653
01:06:07,800 –> 01:06:12,680
Must back the COE’s authority when business units complain that governance is slowing them down.
1654
01:06:12,680 –> 01:06:17,040
Must frame governance enforcement as enabling responsible innovation, not restricting it.
1655
01:06:17,040 –> 01:06:19,640
Without that executive alignment, the COE collapses.
1656
01:06:19,640 –> 01:06:21,880
Without authority, the COE becomes advisory.
1657
01:06:21,880 –> 01:06:24,560
Without advisory governance, architecture fails.
1658
01:06:24,560 –> 01:06:28,040
The organizations that succeed treat the COE as the control plane.
1659
01:06:28,040 –> 01:06:32,120
The authority structure that ensures power platform operates as a managed platform,
1660
01:06:32,120 –> 01:06:34,720
not an uncontrolled development environment.
1661
01:06:34,720 –> 01:06:36,960
The cultural and organizational requirements.
1662
01:06:36,960 –> 01:06:39,680
Architecture governance requires organizational alignment.
1663
01:06:39,680 –> 01:06:40,680
This is not technical.
1664
01:06:40,680 –> 01:06:41,480
This is structural.
1665
01:06:41,480 –> 01:06:46,240
You cannot enforce environment strategy if security and IT disagree on connector policy.
1666
01:06:46,240 –> 01:06:51,400
You cannot enforce ALM pipelines if the business units believe governance is IT overhead.
1667
01:06:51,400 –> 01:06:56,360
You cannot enforce life cycle management if the stakeholders who own the applications resist retirement.
1668
01:06:56,360 –> 01:07:00,040
Alignment requires a governance council, not a committee, not an advisory board,
1669
01:07:00,040 –> 01:07:01,880
a council with genuine authority.
1670
01:07:01,880 –> 01:07:06,080
Cross-functional representation from IT, security, compliance and business.
1671
01:07:06,080 –> 01:07:07,520
Each function brings a different lens.
1672
01:07:07,520 –> 01:07:09,240
IT brings operational perspective.
1673
01:07:09,240 –> 01:07:10,800
Security brings risk perspective.
1674
01:07:10,800 –> 01:07:12,720
Compliance brings regulatory perspective.
1675
01:07:12,720 –> 01:07:14,160
Business brings value perspective.
1676
01:07:14,160 –> 01:07:17,680
The council synthesizes these perspectives into binding decisions.
1677
01:07:17,680 –> 01:07:19,760
The platform owner represents IT.
1678
01:07:19,760 –> 01:07:24,840
Responsible for environment architecture, ALM pipelines and operational health.
1679
01:07:24,840 –> 01:07:27,520
The security lead represents security and compliance.
1680
01:07:27,520 –> 01:07:31,400
Responsible for connector governance, DLP policy and security enforcement.
1681
01:07:31,400 –> 01:07:33,920
The business sponsor represents the business units.
1682
01:07:33,920 –> 01:07:37,520
Responsible for ensuring governance enables rather than blocks value delivery.
1683
01:07:37,520 –> 01:07:39,200
Each role has equal authority.
1684
01:07:39,200 –> 01:07:40,520
Each role has veto power.
1685
01:07:40,520 –> 01:07:42,680
Decisions require consensus or escalation.
1686
01:07:42,680 –> 01:07:45,760
The governance council establishes decision frameworks.
1687
01:07:45,760 –> 01:07:48,200
Clear criteria for which applications can be built.
1688
01:07:48,200 –> 01:07:51,320
What types of problems is power platform intended to solve?
1689
01:07:51,320 –> 01:07:54,480
What problems should be solved through traditional development instead?
1690
01:07:54,480 –> 01:07:56,480
Criteria for which connectors are approved?
1691
01:07:56,480 –> 01:07:58,320
Which connectors create acceptable risk?
1692
01:07:58,320 –> 01:08:00,680
Which data can be combined with which connectors?
1693
01:08:00,680 –> 01:08:02,280
Criteria for environment requests.
1694
01:08:02,280 –> 01:08:04,320
What business justification is required?
1695
01:08:04,320 –> 01:08:05,760
What is the approval threshold?
1696
01:08:05,760 –> 01:08:07,280
These frameworks are not secret.
1697
01:08:07,280 –> 01:08:08,160
They are published.
1698
01:08:08,160 –> 01:08:09,080
Transparent.
1699
01:08:09,080 –> 01:08:11,800
Every maker in the organization knows the criteria.
1700
01:08:11,800 –> 01:08:13,480
Everyone knows what gets approved and why.
1701
01:08:13,480 –> 01:08:15,600
Everyone knows what gets denied and why.
1702
01:08:15,600 –> 01:08:20,200
This transparency prevents the perception that governance decisions are arbitrary or political.
1703
01:08:20,200 –> 01:08:22,000
Resistance management is unavoidable.
1704
01:08:22,000 –> 01:08:23,960
Business units will resist governance.
1705
01:08:23,960 –> 01:08:26,840
They will argue that approval processes slow them down.
1706
01:08:26,840 –> 01:08:30,080
That architectural restrictions prevent them from building what they need.
1707
01:08:30,080 –> 01:08:31,680
That the COE is bureaucracy.
1708
01:08:31,680 –> 01:08:33,200
This resistance is not malicious.
1709
01:08:33,200 –> 01:08:33,960
It is structural.
1710
01:08:33,960 –> 01:08:35,440
People naturally resist friction.
1711
01:08:35,440 –> 01:08:38,000
Naturally prefer the path of least resistance.
1712
01:08:38,000 –> 01:08:39,920
The response is not to remove the friction.
1713
01:08:39,920 –> 01:08:41,000
The friction is the point.
1714
01:08:41,000 –> 01:08:42,840
The response is to reframe the friction.
1715
01:08:42,840 –> 01:08:44,320
Governance is not restriction.
1716
01:08:44,320 –> 01:08:45,960
But governance is enablement.
1717
01:08:45,960 –> 01:08:48,600
Governance enables responsible innovation at scale.
1718
01:08:48,600 –> 01:08:50,280
Governance prevents technical debt.
1719
01:08:50,280 –> 01:08:52,200
Governance prevents security failures.
1720
01:08:52,200 –> 01:08:53,960
Governance prevents compliance breaches.
1721
01:08:53,960 –> 01:08:57,280
Governance enables the organization to build fast without breaking things.
1722
01:08:57,280 –> 01:09:00,160
This reframing requires executive sponsorship.
1723
01:09:00,160 –> 01:09:03,320
The CTO or the CIO must visibly champion governance.
1724
01:09:03,320 –> 01:09:07,720
Must communicate to the organization that power platform governance is a strategic priority.
1725
01:09:07,720 –> 01:09:10,800
Must back the COE’s decisions when business units complain.
1726
01:09:10,800 –> 01:09:13,280
Must frame governance as essential, not optional.
1727
01:09:13,280 –> 01:09:15,080
What executive sponsorship?
1728
01:09:15,080 –> 01:09:16,080
Governance collapses.
1729
01:09:16,080 –> 01:09:20,480
When the CTO remains silent on governance decisions, business units interpret that silence
1730
01:09:20,480 –> 01:09:21,480
as indifference.
1731
01:09:21,480 –> 01:09:22,480
They escalate.
1732
01:09:22,480 –> 01:09:23,480
They go around the COE.
1733
01:09:23,480 –> 01:09:24,480
They request exceptions.
1734
01:09:24,480 –> 01:09:25,960
The governance structure erodes.
1735
01:09:25,960 –> 01:09:28,480
With executive sponsorship governance holds.
1736
01:09:28,480 –> 01:09:33,000
When the CTO says governance is how we operate power platform responsibly, the organization
1737
01:09:33,000 –> 01:09:34,520
hears that message.
1738
01:09:34,520 –> 01:09:37,480
Governance becomes the expected operating model.
1739
01:09:37,480 –> 01:09:41,560
Violations become exceptions requiring escalation, not acceptable workarounds.
1740
01:09:41,560 –> 01:09:43,800
An additional pattern across enterprises.
1741
01:09:43,800 –> 01:09:47,480
Organizations without executive alignment treat governance as an IT checkbox, something
1742
01:09:47,480 –> 01:09:52,320
IT does, something to document for compliance, something that is optional when business pressure
1743
01:09:52,320 –> 01:09:53,320
mounts.
1744
01:09:53,320 –> 01:09:57,560
These organizations implement all the mechanisms we have described, environment architecture,
1745
01:09:57,560 –> 01:10:02,000
ALM pipelines, connector governance, life cycle policies, but none of them are enforced.
1746
01:10:02,000 –> 01:10:04,040
They exist in documentation and dashboards.
1747
01:10:04,040 –> 01:10:06,160
They do not exist in infrastructure.
1748
01:10:06,160 –> 01:10:09,840
Organizations with executive alignment treat governance as a platform requirement, something
1749
01:10:09,840 –> 01:10:14,000
that is built into how power platform operates, something that cannot be bypassed, something
1750
01:10:14,000 –> 01:10:16,560
that everyone understands is non-negotiable.
1751
01:10:16,560 –> 01:10:18,880
The difference in outcomes is profound.
1752
01:10:18,880 –> 01:10:22,920
Organizations with executive alignment report significantly better security posture,
1753
01:10:22,920 –> 01:10:28,120
lower sprawl, lower technical debt accumulation and lower unplanned maintenance burden.
1754
01:10:28,120 –> 01:10:29,120
Cultural change is slow.
1755
01:10:29,120 –> 01:10:31,000
This is not a three month implementation.
1756
01:10:31,000 –> 01:10:32,880
This is sustained organizational shift.
1757
01:10:32,880 –> 01:10:37,520
It requires repeated communication, repeated reinforcement, repeated demonstration that governance
1758
01:10:37,520 –> 01:10:39,520
is the expected operating model.
1759
01:10:39,520 –> 01:10:43,720
Cultural change is the only path to sustainable power platform architecture.
1760
01:10:43,720 –> 01:10:46,360
Architecture without cultural alignment is merely policy.
1761
01:10:46,360 –> 01:10:50,760
Policy without cultural alignment is never enforced and un-inforced policy is not governance.
1762
01:10:50,760 –> 01:10:54,600
Sustainable technical practices, architecture and governance create the framework.
1763
01:10:54,600 –> 01:10:58,720
They establish the boundaries, they enforce the rules, but within that framework individual
1764
01:10:58,720 –> 01:11:01,760
applications still need to be built with discipline.
1765
01:11:01,760 –> 01:11:06,120
Sustainable technical practices are how you operationalize governance, how you make the rules
1766
01:11:06,120 –> 01:11:09,120
actually prevent the problems they are designed to prevent.
1767
01:11:09,120 –> 01:11:11,280
Documentation standards are the first practice.
1768
01:11:11,280 –> 01:11:14,320
Every application must have documented business justification.
1769
01:11:14,320 –> 01:11:17,640
Not a summary, a documented statement of why this application exists.
1770
01:11:17,640 –> 01:11:19,160
What business problem does it solve?
1771
01:11:19,160 –> 01:11:20,160
Who are the users?
1772
01:11:20,160 –> 01:11:21,520
What is the success metric?
1773
01:11:21,520 –> 01:11:23,800
This documentation is not optional ceremony.
1774
01:11:23,800 –> 01:11:28,160
This documentation is how the organization later assesses whether the application is still
1775
01:11:28,160 –> 01:11:29,520
delivering value.
1776
01:11:29,520 –> 01:11:33,320
Without documented purpose, the organization cannot tell the difference between an essential
1777
01:11:33,320 –> 01:11:35,600
application and a zombie waiting for retirement.
1778
01:11:35,600 –> 01:11:39,080
Every production application must have technical architecture documentation.
1779
01:11:39,080 –> 01:11:41,080
Not implementation details.
1780
01:11:41,080 –> 01:11:42,640
Architecture, how is the data structured?
1781
01:11:42,640 –> 01:11:43,960
What are the integration points?
1782
01:11:43,960 –> 01:11:46,440
What external systems does this application depend on?
1783
01:11:46,440 –> 01:11:49,280
What dependencies do other systems have on this application?
1784
01:11:49,280 –> 01:11:52,880
This architecture documentation is how the organization understands the relationships
1785
01:11:52,880 –> 01:11:54,400
between applications.
1786
01:11:54,400 –> 01:11:56,240
How it assesses the impact of changes.
1787
01:11:56,240 –> 01:11:59,320
How it prevents fragile cascades of dependencies.
1788
01:11:59,320 –> 01:12:01,160
Data flow diagrams are mandatory.
1789
01:12:01,160 –> 01:12:02,240
Where does data come from?
1790
01:12:02,240 –> 01:12:03,240
What transformations happen?
1791
01:12:03,240 –> 01:12:04,240
Where does data go?
1792
01:12:04,240 –> 01:12:05,240
This is not a flow chart.
1793
01:12:05,240 –> 01:12:08,320
This is a clear diagram showing every place data touches.
1794
01:12:08,320 –> 01:12:11,840
Every connector, every external system, every storage location.
1795
01:12:11,840 –> 01:12:16,880
When the organization later discovers a compliance issue, the data flow diagram is what identifies
1796
01:12:16,880 –> 01:12:20,240
where the issue originated and what it impacted.
1797
01:12:20,240 –> 01:12:24,520
Code review discipline replaces the assumption that citizen developers automatically produce
1798
01:12:24,520 –> 01:12:25,920
maintainable solutions.
1799
01:12:25,920 –> 01:12:26,920
It does not.
1800
01:12:26,920 –> 01:12:30,200
Code review is how you catch architectural mistakes before they reach production.
1801
01:12:30,200 –> 01:12:34,240
A solution architect reviews every production application before deployment.
1802
01:12:34,240 –> 01:12:35,920
The review is not checking boxes.
1803
01:12:35,920 –> 01:12:39,800
The review is assessing whether the application follows architectural patterns, whether it
1804
01:12:39,800 –> 01:12:43,440
is designed for maintainability, whether it makes reasonable design decisions, whether
1805
01:12:43,440 –> 01:12:45,440
it avoids unnecessary complexity.
1806
01:12:45,440 –> 01:12:46,440
This creates friction.
1807
01:12:46,440 –> 01:12:48,120
Citizen developers want to deploy.
1808
01:12:48,120 –> 01:12:49,440
The code review adds delay.
1809
01:12:49,440 –> 01:12:51,520
The code review can result in rejection.
1810
01:12:51,520 –> 01:12:53,560
The solution architect can say, “Rebuild this.
1811
01:12:53,560 –> 01:12:54,960
The architecture does not work.”
1812
01:12:54,960 –> 01:12:55,960
And this is the point.
1813
01:12:55,960 –> 01:13:00,040
Not all applications are ready for production on first attempt, better to catch architectural
1814
01:13:00,040 –> 01:13:05,040
problems before deployment than after the application becomes critical and unmentainable.
1815
01:13:05,040 –> 01:13:06,640
Information requirements move beyond.
1816
01:13:06,640 –> 01:13:09,640
It works on my screen to structured validation.
1817
01:13:09,640 –> 01:13:13,080
Functional testing confirms the application does what it is supposed to do.
1818
01:13:13,080 –> 01:13:16,840
Security review assesses whether the application creates security vulnerabilities.
1819
01:13:16,840 –> 01:13:21,240
Connector security, data access patterns, authentication mechanisms.
1820
01:13:21,240 –> 01:13:23,320
Performance testing confirms the application scales.
1821
01:13:23,320 –> 01:13:26,320
Does the application degrade when users increase?
1822
01:13:26,320 –> 01:13:27,880
Dequiries run with an acceptable time?
1823
01:13:27,880 –> 01:13:29,440
Does the integration handle load?
1824
01:13:29,440 –> 01:13:30,920
These requirements add process.
1825
01:13:30,920 –> 01:13:31,920
They slow deployment.
1826
01:13:31,920 –> 01:13:33,200
They are supposed to.
1827
01:13:33,200 –> 01:13:35,160
And deployment should not be instant.
1828
01:13:35,160 –> 01:13:37,240
Production deployment should be validated.
1829
01:13:37,240 –> 01:13:39,600
Monitoring and alerting are the ongoing practices.
1830
01:13:39,600 –> 01:13:41,360
Production applications are instrumented.
1831
01:13:41,360 –> 01:13:42,360
Failures are detected.
1832
01:13:42,360 –> 01:13:44,320
Performance degradation is captured.
1833
01:13:44,320 –> 01:13:46,160
An anomalous behavior triggers alerts.
1834
01:13:46,160 –> 01:13:47,960
This monitoring is not passive observation.
1835
01:13:47,960 –> 01:13:49,280
This is active management.
1836
01:13:49,280 –> 01:13:52,480
When a flow fails more than expected and alert fires.
1837
01:13:52,480 –> 01:13:56,960
When a query response time degrades and alert fires, someone responsible for the application
1838
01:13:56,960 –> 01:13:57,960
is notified.
1839
01:13:57,960 –> 01:13:58,960
Someone investigates.
1840
01:13:58,960 –> 01:14:01,560
Someone either fixes the issue or escalates it.
1841
01:14:01,560 –> 01:14:04,560
And management establishes clear escalation parts.
1842
01:14:04,560 –> 01:14:07,920
When something goes wrong in production, the responsible party is notified immediately.
1843
01:14:07,920 –> 01:14:08,920
Not hours later.
1844
01:14:08,920 –> 01:14:10,680
Not after users report the problem.
1845
01:14:10,680 –> 01:14:11,680
Immediately.
1846
01:14:11,680 –> 01:14:12,680
The incident is documented.
1847
01:14:12,680 –> 01:14:13,680
The impact is assessed.
1848
01:14:13,680 –> 01:14:16,120
The organization mobilizes to fix it.
1849
01:14:16,120 –> 01:14:20,120
After the incident is resolved, a post-incident review examines what failed.
1850
01:14:20,120 –> 01:14:21,360
What could have prevented it?
1851
01:14:21,360 –> 01:14:24,600
What process should change to prevent recurrence?
1852
01:14:24,600 –> 01:14:28,440
Refactoring discipline treats technical debt as an ongoing liability rather than something
1853
01:14:28,440 –> 01:14:30,520
to address during crisis.
1854
01:14:30,520 –> 01:14:35,360
This allocate capacity 15 to 20% of development effort for refactoring.
1855
01:14:35,360 –> 01:14:40,040
For addressing technical debt incrementally, for improving maintainability, for modernizing
1856
01:14:40,040 –> 01:14:41,520
aging applications.
1857
01:14:41,520 –> 01:14:43,360
This allocation happens continuously.
1858
01:14:43,360 –> 01:14:47,240
It does not wait until the application becomes un-maintainable.
1859
01:14:47,240 –> 01:14:49,400
Reusability patterns accelerate this process.
1860
01:14:49,400 –> 01:14:51,200
Common patterns are packaged as templates.
1861
01:14:51,200 –> 01:14:53,680
Common integrations are packaged as components.
1862
01:14:53,680 –> 01:14:57,720
Instead of every application reinventing the same solutions, teams build on established
1863
01:14:57,720 –> 01:14:58,640
patterns.
1864
01:14:58,640 –> 01:15:00,000
This reduces duplication.
1865
01:15:00,000 –> 01:15:01,480
This accelerates development.
1866
01:15:01,480 –> 01:15:04,720
This creates consistency across the application portfolio.
1867
01:15:04,720 –> 01:15:08,520
Organizations that implement these practices systematically report maintenance cost reductions
1868
01:15:08,520 –> 01:15:09,840
of 20 to 50%.
1869
01:15:09,840 –> 01:15:10,840
This is not theoretical.
1870
01:15:10,840 –> 01:15:12,360
This is observed pattern.
1871
01:15:12,360 –> 01:15:15,320
Applications built with discipline cost less to maintain.
1872
01:15:15,320 –> 01:15:18,760
Applications that undergo consistent refactoring accumulate less debt.
1873
01:15:18,760 –> 01:15:21,640
Applications that follow established patterns scale more reliably.
1874
01:15:21,640 –> 01:15:26,480
These practices combined with architecture and governance create sustainable power platform
1875
01:15:26,480 –> 01:15:27,480
operation.
1876
01:15:27,480 –> 01:15:28,480
Not frictionless.
1877
01:15:28,480 –> 01:15:29,480
Not instant.
1878
01:15:29,480 –> 01:15:33,800
What sustainable power platform architecture actually looks like.
1879
01:15:33,800 –> 01:15:37,600
Sustainable power platform architecture is not governance as restriction.
1880
01:15:37,600 –> 01:15:40,160
Governance as restriction is what most organizations implement.
1881
01:15:40,160 –> 01:15:43,400
It is rules designed to prevent people from doing what they want to do.
1882
01:15:43,400 –> 01:15:44,400
It is bureaucracy.
1883
01:15:44,400 –> 01:15:45,400
It is friction.
1884
01:15:45,400 –> 01:15:46,400
It creates resentment.
1885
01:15:46,400 –> 01:15:49,120
Sustainable architecture is governance as enablement.
1886
01:15:49,120 –> 01:15:53,440
It is a framework that makes responsible innovation faster than irresponsible innovation.
1887
01:15:53,440 –> 01:15:56,280
It is rules designed to prevent certain kinds of failure.
1888
01:15:56,280 –> 01:16:00,080
It removes the uncertainty and friction that comes from unmanaged platforms.
1889
01:16:00,080 –> 01:16:03,600
It accelerates the path to production for applications that follow the rules.
1890
01:16:03,600 –> 01:16:06,640
Here is what the model actually looks like when implemented.
1891
01:16:06,640 –> 01:16:08,320
Environment architecture is tiered.
1892
01:16:08,320 –> 01:16:10,240
Default environment is locked down.
1893
01:16:10,240 –> 01:16:11,360
Personal experimentation only.
1894
01:16:11,360 –> 01:16:12,360
No production data.
1895
01:16:12,360 –> 01:16:13,600
No business critical connectors.
1896
01:16:13,600 –> 01:16:14,600
Makers can experiment.
1897
01:16:14,600 –> 01:16:15,920
Can learn the platform.
1898
01:16:15,920 –> 01:16:17,320
Can build personal automations.
1899
01:16:17,320 –> 01:16:20,440
They cannot accidentally move sensitive data to external services.
1900
01:16:20,440 –> 01:16:22,040
The platform architecture prevents it.
1901
01:16:22,040 –> 01:16:24,000
The default environment is restricted.
1902
01:16:24,000 –> 01:16:26,000
The two environments are for team solutions.
1903
01:16:26,000 –> 01:16:27,480
Clear business justification required.
1904
01:16:27,480 –> 01:16:28,480
Approval process.
1905
01:16:28,480 –> 01:16:32,040
Once approved, the environment is created with defined governance rules.
1906
01:16:32,040 –> 01:16:33,960
Teams can build shared applications.
1907
01:16:33,960 –> 01:16:35,200
Multiple makers can collaborate.
1908
01:16:35,200 –> 01:16:37,320
The environment allows standard connectors.
1909
01:16:37,320 –> 01:16:39,560
Tier 3 is enterprise production.
1910
01:16:39,560 –> 01:16:40,560
Restricted access.
1911
01:16:40,560 –> 01:16:42,360
Formal architecture review required.
1912
01:16:42,360 –> 01:16:43,640
Security assessment required.
1913
01:16:43,640 –> 01:16:44,640
Managed solutions.
1914
01:16:44,640 –> 01:16:45,640
Mandatory.
1915
01:16:45,640 –> 01:16:46,640
Deployment through pipelines.
1916
01:16:46,640 –> 01:16:47,640
Mandatory.
1917
01:16:47,640 –> 01:16:48,640
Service account ownership.
1918
01:16:48,640 –> 01:16:49,640
Mandatory.
1919
01:16:49,640 –> 01:16:52,040
The platform enforces these requirements at the infrastructure level.
1920
01:16:52,040 –> 01:16:55,160
Tier 1 makers cannot create applications in tier 3.
1921
01:16:55,160 –> 01:16:57,360
Tier 2 teams cannot bypass the pipeline.
1922
01:16:57,360 –> 01:16:59,120
Connector governance is 3 tier.
1923
01:16:59,120 –> 01:17:00,160
Low-risk connectors.
1924
01:17:00,160 –> 01:17:01,160
SharePoint teams.
1925
01:17:01,160 –> 01:17:03,200
Outlook are available in all environments.
1926
01:17:03,200 –> 01:17:04,520
High-risk connectors.
1927
01:17:04,520 –> 01:17:05,680
External storage.
1928
01:17:05,680 –> 01:17:06,600
Social media.
1929
01:17:06,600 –> 01:17:08,560
Generic HTTP APIs.
1930
01:17:08,560 –> 01:17:10,320
Require explicit approval.
1931
01:17:10,320 –> 01:17:12,600
Blocks connectors are not available anywhere.
1932
01:17:12,600 –> 01:17:15,640
DLP policies enforce the segmentation at creation time.
1933
01:17:15,640 –> 01:17:18,640
A maker tries to create a flow that violates DLP policy.
1934
01:17:18,640 –> 01:17:19,560
The platform blocks it.
1935
01:17:19,560 –> 01:17:20,840
The flow cannot be saved.
1936
01:17:20,840 –> 01:17:23,560
The violation is prevented, not detected after the fact.
1937
01:17:23,560 –> 01:17:26,200
ALM pipelines are mandatory for production.
1938
01:17:26,200 –> 01:17:30,200
Applications move through development testing, production through automated pipelines.
1939
01:17:30,200 –> 01:17:31,920
The pipeline runs automated tests.
1940
01:17:31,920 –> 01:17:33,800
The pipeline enforces security scanning.
1941
01:17:33,800 –> 01:17:35,560
The pipeline requires approval gates.
1942
01:17:35,560 –> 01:17:36,880
The pipeline is not optional.
1943
01:17:36,880 –> 01:17:38,240
There is no alternative path.
1944
01:17:38,240 –> 01:17:39,680
No manual imports.
1945
01:17:39,680 –> 01:17:41,760
No direct production deployments.
1946
01:17:41,760 –> 01:17:43,960
The pipeline is the only way to reach production.
1947
01:17:43,960 –> 01:17:47,600
This creates a two-week deployment cycle instead of instant deployment.
1948
01:17:47,600 –> 01:17:48,560
This is intentional.
1949
01:17:48,560 –> 01:17:50,720
Instant deployment to production is not responsible
1950
01:17:50,720 –> 01:17:51,720
for engineering.
1951
01:17:51,720 –> 01:17:53,680
Tested review tracked deployment is.
1952
01:17:53,680 –> 01:17:55,200
Ownership enforcement is clear.
1953
01:17:55,200 –> 01:17:58,000
Production applications are owned by service accounts.
1954
01:17:58,000 –> 01:17:59,000
Not users.
1955
01:17:59,000 –> 01:18:00,000
Service accounts.
1956
01:18:00,000 –> 01:18:01,800
This ensures continuity.
1957
01:18:01,800 –> 01:18:04,200
When the developer leaves, the service account remains.
1958
01:18:04,200 –> 01:18:05,960
The application has a permanent steward.
1959
01:18:05,960 –> 01:18:09,560
Quarantly reviews assess whether applications are delivering value.
1960
01:18:09,560 –> 01:18:12,240
Applications showing zero usage for 90 days are deprecated.
1961
01:18:12,240 –> 01:18:14,280
Not kept as often, actually retired.
1962
01:18:14,280 –> 01:18:16,840
The organization stops paying for infrastructure.
1963
01:18:16,840 –> 01:18:18,440
Stops maintaining connections.
1964
01:18:18,440 –> 01:18:20,360
Stops managing security permissions.
1965
01:18:20,360 –> 01:18:22,760
Stops managing applications that deliver no value.
1966
01:18:22,760 –> 01:18:24,680
The center of excellence is not advisory.
1967
01:18:24,680 –> 01:18:26,320
The QE has authority.
1968
01:18:26,320 –> 01:18:27,840
Environment requests go through the COE.
1969
01:18:27,840 –> 01:18:30,880
The COE approves or denies based on architecture.
1970
01:18:30,880 –> 01:18:32,440
Connector requests go through the COE.
1971
01:18:32,440 –> 01:18:35,000
The COE determines tier one, tier two, tier three.
1972
01:18:35,000 –> 01:18:37,160
LMP pipeline exceptions go through the COE.
1973
01:18:37,160 –> 01:18:38,480
The COE documents and approves.
1974
01:18:38,480 –> 01:18:39,840
The COE owns the architecture.
1975
01:18:39,840 –> 01:18:41,400
The COE enforces it.
1976
01:18:41,400 –> 01:18:42,400
Measurement is continuous.
1977
01:18:42,400 –> 01:18:43,880
Dashboards track adoption.
1978
01:18:43,880 –> 01:18:44,880
Track cost.
1979
01:18:44,880 –> 01:18:46,080
Track app portfolio health.
1980
01:18:46,080 –> 01:18:47,920
Track technical debt accumulation.
1981
01:18:47,920 –> 01:18:49,080
Track success metrics.
1982
01:18:49,080 –> 01:18:50,760
The organization knows what is running.
1983
01:18:50,760 –> 01:18:52,280
Know what is delivering value.
1984
01:18:52,280 –> 01:18:55,120
Know what is consuming resources without delivering benefit.
1985
01:18:55,120 –> 01:18:56,760
This measurement informs decisions.
1986
01:18:56,760 –> 01:18:59,320
This measurement makes life cycle management possible.
1987
01:18:59,320 –> 01:19:02,000
Real outcome is what differentiates sustainable
1988
01:19:02,000 –> 01:19:03,160
from aspirational.
1989
01:19:03,160 –> 01:19:05,160
Organizations that implement this architecture
1990
01:19:05,160 –> 01:19:07,480
report faster innovation, not slower.
1991
01:19:07,480 –> 01:19:08,920
Report lower costs, not higher.
1992
01:19:08,920 –> 01:19:10,800
Report better compliance, not worse.
1993
01:19:10,800 –> 01:19:12,160
This seems paradoxical.
1994
01:19:12,160 –> 01:19:14,200
More governance should slow innovation.
1995
01:19:14,200 –> 01:19:15,640
More rules should increase cost.
1996
01:19:15,640 –> 01:19:18,440
More restrictions should reduce compliance violations.
1997
01:19:18,440 –> 01:19:19,640
But here is what actually happens.
1998
01:19:19,640 –> 01:19:22,880
Governance removes the chaos that slows innovation.
1999
01:19:22,880 –> 01:19:25,280
Removes the rework that increases cost.
2000
01:19:25,280 –> 01:19:28,520
Removes the unmanaged sprawl that creates compliance violations.
2001
01:19:28,520 –> 01:19:31,840
A developer in a well-governed organization knows what the rules are.
2002
01:19:31,840 –> 01:19:33,160
Knows what gets approved.
2003
01:19:33,160 –> 01:19:35,440
Can iterate rapidly within defined boundaries.
2004
01:19:35,440 –> 01:19:36,840
Knows that once they reach production,
2005
01:19:36,840 –> 01:19:38,400
their application will be maintained.
2006
01:19:38,400 –> 01:19:40,000
Will be monitored, will be supported.
2007
01:19:40,000 –> 01:19:42,520
Innovation accelerates because the uncertainty is gone.
2008
01:19:42,520 –> 01:19:44,440
A developer in an unmanaged organization
2009
01:19:44,440 –> 01:19:48,360
faces constant friction, friction from unexpected production failures.
2010
01:19:48,360 –> 01:19:50,280
Friction from unsustainable technical debt.
2011
01:19:50,280 –> 01:19:51,800
Friction from unclear ownership.
2012
01:19:51,800 –> 01:19:55,440
Friction from applications that become unmentanable.
2013
01:19:55,440 –> 01:19:57,000
This friction slows innovation.
2014
01:19:57,000 –> 01:19:58,720
This friction increases cost.
2015
01:19:58,720 –> 01:20:00,560
This friction creates compliance violations
2016
01:20:00,560 –> 01:20:03,800
because people bypass governance to avoid the friction.
2017
01:20:03,800 –> 01:20:06,440
Sustainable architecture removes that friction
2018
01:20:06,440 –> 01:20:09,160
by making governance fast and automated.
2019
01:20:09,160 –> 01:20:12,200
Environment requests are processed in days, not weeks.
2020
01:20:12,200 –> 01:20:13,800
ALM pipelines are automated.
2021
01:20:13,800 –> 01:20:15,920
Connector governance is enforced by the platform,
2022
01:20:15,920 –> 01:20:17,400
not by manual review.
2023
01:20:17,400 –> 01:20:19,080
Lifecycle management is automatic.
2024
01:20:19,080 –> 01:20:22,320
The organization does not ask permission to retire zombie applications.
2025
01:20:22,320 –> 01:20:24,120
The organization executes the policy.
2026
01:20:24,120 –> 01:20:25,320
The rules are clear.
2027
01:20:25,320 –> 01:20:26,560
The enforcement is fast.
2028
01:20:26,560 –> 01:20:28,160
The path to compliance is efficient.
2029
01:20:28,160 –> 01:20:30,400
This is the architecture that succeeds.
2030
01:20:30,400 –> 01:20:32,000
The mindset shift required.
2031
01:20:32,000 –> 01:20:33,720
The entire framework we have described,
2032
01:20:33,720 –> 01:20:36,200
environment architecture, ALM pipelines,
2033
01:20:36,200 –> 01:20:38,280
connector governance, lifecycle policies,
2034
01:20:38,280 –> 01:20:41,600
centers of excellence, all of it depends on the single prerequisite.
2035
01:20:41,600 –> 01:20:44,880
A fundamental mindset shift about what power platform is.
2036
01:20:44,880 –> 01:20:47,280
The old narrative is, low code means less
2037
01:20:47,280 –> 01:20:48,120
governance.
2038
01:20:48,120 –> 01:20:49,720
This narrative is seductive.
2039
01:20:49,720 –> 01:20:51,960
Low code platforms are marketed on speed,
2040
01:20:51,960 –> 01:20:54,040
on accessibility, on democratization.
2041
01:20:54,040 –> 01:20:57,000
The narrative says that low code removes the IT backlog
2042
01:20:57,000 –> 01:20:59,680
by enabling non-technical users to build applications
2043
01:20:59,680 –> 01:21:01,200
without needing developers.
2044
01:21:01,200 –> 01:21:03,960
Removes the friction of traditional software development.
2045
01:21:03,960 –> 01:21:06,320
Removes the overhead of formal processes.
2046
01:21:06,320 –> 01:21:07,600
Low code means fast.
2047
01:21:07,600 –> 01:21:08,880
Low code means simple.
2048
01:21:08,880 –> 01:21:10,560
Low code means less governance.
2049
01:21:10,560 –> 01:21:12,440
This narrative is wrong.
2050
01:21:12,440 –> 01:21:16,200
The new reality is, low code means distributed governance.
2051
01:21:16,200 –> 01:21:18,600
Power platform is not replacing software engineering.
2052
01:21:18,600 –> 01:21:21,960
It is distributing software engineering across the organization.
2053
01:21:21,960 –> 01:21:25,360
Every citizen developer who builds an application in power platform
2054
01:21:25,360 –> 01:21:27,480
is performing software engineering work.
2055
01:21:27,480 –> 01:21:29,240
They are architecting data models.
2056
01:21:29,240 –> 01:21:30,640
They are building business logic.
2057
01:21:30,640 –> 01:21:32,000
They are integrating systems.
2058
01:21:32,000 –> 01:21:33,520
They are making security decisions.
2059
01:21:33,520 –> 01:21:35,240
They are handling sensitive information.
2060
01:21:35,240 –> 01:21:37,080
They are performing functions that have traditionally
2061
01:21:37,080 –> 01:21:39,640
been the domain of professional software engineers.
2062
01:21:39,640 –> 01:21:41,080
The governance did not disappear.
2063
01:21:41,080 –> 01:21:42,480
The governance became distributed.
2064
01:21:42,480 –> 01:21:45,000
The organization went from one team of developers
2065
01:21:45,000 –> 01:21:48,240
implementing one governance model to hundreds of makers
2066
01:21:48,240 –> 01:21:52,080
implementing governance or not implementing governance independently.
2067
01:21:52,080 –> 01:21:54,400
The complexity of governance increased exponentially.
2068
01:21:54,400 –> 01:21:57,800
The organization now needs governance discipline, not just in IT.
2069
01:21:57,800 –> 01:22:00,000
Governance discipline across the entire platform.
2070
01:22:00,000 –> 01:22:03,120
Across every maker, across every application.
2071
01:22:03,120 –> 01:22:06,360
This is the uncomfortable truth that most organizations avoid.
2072
01:22:06,360 –> 01:22:08,600
Citizen developers are software engineers.
2073
01:22:08,600 –> 01:22:10,040
They have different skill levels.
2074
01:22:10,040 –> 01:22:11,320
They have different backgrounds.
2075
01:22:11,320 –> 01:22:12,600
They have different training.
2076
01:22:12,600 –> 01:22:14,680
But they are performing software engineering work.
2077
01:22:14,680 –> 01:22:17,560
The organization that enables them without applying software engineering
2078
01:22:17,560 –> 01:22:20,080
discipline to their work is enabling architectural failure.
2079
01:22:20,080 –> 01:22:21,680
Here is what this actually requires.
2080
01:22:21,680 –> 01:22:22,880
It requires training.
2081
01:22:22,880 –> 01:22:26,480
Not here is how to click buttons in power apps, training, real training,
2082
01:22:26,480 –> 01:22:29,480
training in data modeling, training in integration architecture,
2083
01:22:29,480 –> 01:22:32,600
training in security principles, training in performance optimization,
2084
01:22:32,600 –> 01:22:36,280
training in documentation discipline, training that transform citizen developers
2085
01:22:36,280 –> 01:22:38,120
into competent software engineers.
2086
01:22:38,120 –> 01:22:39,520
It requires accountability.
2087
01:22:39,520 –> 01:22:42,600
Not you are responsible for your application accountability.
2088
01:22:42,600 –> 01:22:46,080
Real accountability, performance reviews that assess whether applications meet
2089
01:22:46,080 –> 01:22:47,200
architectural standards.
2090
01:22:47,200 –> 01:22:51,800
Career progression that rewards engineers who follow discipline and penalizes those who do not.
2091
01:22:51,800 –> 01:22:55,800
Accountability that makes clear that building without discipline is not acceptable.
2092
01:22:55,800 –> 01:22:57,400
It requires architecture discipline.
2093
01:22:57,400 –> 01:22:59,960
Not here are some guidelines, real discipline.
2094
01:22:59,960 –> 01:23:01,200
Standards that are enforced.
2095
01:23:01,200 –> 01:23:02,640
Patterns that are mandatory.
2096
01:23:02,640 –> 01:23:04,200
Approaches that are required.
2097
01:23:04,200 –> 01:23:05,800
Alternatives that are blocked.
2098
01:23:05,800 –> 01:23:09,000
Discipline that makes following the rules easier than breaking them.
2099
01:23:09,000 –> 01:23:11,880
It requires governance enforcement, not advisory governance.
2100
01:23:11,880 –> 01:23:15,000
Real enforcement, environment restrictions that cannot be bypassed.
2101
01:23:15,000 –> 01:23:16,840
Elm pipelines that are mandatory.
2102
01:23:16,840 –> 01:23:19,480
Connector policies that are technical boundaries.
2103
01:23:19,480 –> 01:23:22,000
Life cycle policies that automatically execute.
2104
01:23:22,000 –> 01:23:23,960
Governance that is built into the infrastructure.
2105
01:23:23,960 –> 01:23:26,120
The benefit of making this shift is real.
2106
01:23:26,120 –> 01:23:29,480
Organizations that treat power platform as a development platform
2107
01:23:29,480 –> 01:23:33,040
that requires development discipline, unlock genuine productivity gains.
2108
01:23:33,040 –> 01:23:34,960
They build faster. They build more reliably.
2109
01:23:34,960 –> 01:23:36,640
They build with lower technical debt.
2110
01:23:36,640 –> 01:23:37,960
They operate with lower risk.
2111
01:23:37,960 –> 01:23:39,200
They accumulate less sprawl.
2112
01:23:39,200 –> 01:23:40,680
They achieve sustainable growth.
2113
01:23:40,680 –> 01:23:43,040
The risk of not making this shift is equally real.
2114
01:23:43,040 –> 01:23:45,880
Organizations that pretend low code means less governance.
2115
01:23:45,880 –> 01:23:48,040
End up with everything we have described.
2116
01:23:48,040 –> 01:23:48,720
sprawl.
2117
01:23:48,720 –> 01:23:50,200
debt. Security exposure.
2118
01:23:50,200 –> 01:23:51,360
Compliance violations.
2119
01:23:51,360 –> 01:23:52,680
Escalating costs.
2120
01:23:52,680 –> 01:23:54,240
Unmanageable complexity.
2121
01:23:54,240 –> 01:23:56,440
They end up with uncontrolled development platforms
2122
01:23:56,440 –> 01:23:58,960
masquerading as productivity tools.
2123
01:23:58,960 –> 01:24:01,040
Real observation from enterprise audits.
2124
01:24:01,040 –> 01:24:04,760
The difference between successful and unsuccessful power platform implementations
2125
01:24:04,760 –> 01:24:05,680
is not tooling.
2126
01:24:05,680 –> 01:24:09,200
Both successful and unsuccessful organizations use the same platform.
2127
01:24:09,200 –> 01:24:10,880
They have access to the same features.
2128
01:24:10,880 –> 01:24:12,760
They have access to the same governance tools.
2129
01:24:12,760 –> 01:24:14,240
The difference is mindset.
2130
01:24:14,240 –> 01:24:18,080
Successful organizations understand that power platform is a development platform.
2131
01:24:18,080 –> 01:24:19,720
They apply development discipline.
2132
01:24:19,720 –> 01:24:21,200
They enforce architecture.
2133
01:24:21,200 –> 01:24:22,480
They measure outcomes.
2134
01:24:22,480 –> 01:24:25,000
They retire applications that do not deliver value.
2135
01:24:25,000 –> 01:24:28,720
They invest in the governance infrastructure required to operate at scale.
2136
01:24:28,720 –> 01:24:32,640
Unsuccessful organizations understand that power platform is a productivity tool.
2137
01:24:32,640 –> 01:24:33,560
They enable it.
2138
01:24:33,560 –> 01:24:34,600
They encourage use.
2139
01:24:34,600 –> 01:24:35,800
They avoid bureaucracy.
2140
01:24:35,800 –> 01:24:37,240
They treat governance as optional.
2141
01:24:37,240 –> 01:24:38,640
They accumulate debt and sprawl.
2142
01:24:38,640 –> 01:24:41,320
They eventually face crisis and attempt remediation.
2143
01:24:41,320 –> 01:24:44,600
The mindset shift is the prerequisite for everything else.
2144
01:24:44,600 –> 01:24:46,960
Without it governance is theatrical.
2145
01:24:46,960 –> 01:24:48,880
Infrastructure exists but is not enforced.
2146
01:24:48,880 –> 01:24:51,120
Rules are published but are not maintained.
2147
01:24:51,120 –> 01:24:53,040
Architecture is designed but is not implemented.
2148
01:24:53,040 –> 01:24:55,080
With it everything becomes possible.
2149
01:24:55,080 –> 01:24:56,600
Governance is enforced.
2150
01:24:56,600 –> 01:24:58,120
Infrastructure enables compliance.
2151
01:24:58,120 –> 01:24:59,440
Rules are maintained.
2152
01:24:59,440 –> 01:25:00,640
Architecture is sustainable.
2153
01:25:00,640 –> 01:25:02,440
This mindset shift is not technical.
2154
01:25:02,440 –> 01:25:03,440
It is cultural.
2155
01:25:03,440 –> 01:25:04,800
It requires executive sponsorship.
2156
01:25:04,800 –> 01:25:06,440
It requires sustained communication.
2157
01:25:06,440 –> 01:25:10,160
It requires visible commitment that power platform is a platform not a toy.
2158
01:25:10,160 –> 01:25:12,400
That governance is how the organization operates.
2159
01:25:12,400 –> 01:25:13,800
Not an optional layer.
2160
01:25:13,800 –> 01:25:17,560
The organizations that make this shift early gain competitive advantage.
2161
01:25:17,560 –> 01:25:18,560
They scale faster.
2162
01:25:18,560 –> 01:25:19,760
They operate with more confidence.
2163
01:25:19,760 –> 01:25:24,560
They unlock real value from low-code platforms without drowning in debt.
2164
01:25:24,560 –> 01:25:26,320
Immediate governance checklist.
2165
01:25:26,320 –> 01:25:28,200
Start with default environment lockdown.
2166
01:25:28,200 –> 01:25:29,200
Restrict connectors.
2167
01:25:29,200 –> 01:25:30,600
Disable production apps.
2168
01:25:30,600 –> 01:25:33,720
Create three tier environments personal team enterprise.
2169
01:25:33,720 –> 01:25:35,720
DLP policies and ALM pipelines.
2170
01:25:35,720 –> 01:25:37,720
In forced service account ownership.
2171
01:25:37,720 –> 01:25:40,400
Retire unused apps after 90 days of zero usage.
2172
01:25:40,400 –> 01:25:43,000
Establish a center of excellence with genuine authority.
2173
01:25:43,000 –> 01:25:44,760
Track adoption and cost.
2174
01:25:44,760 –> 01:25:46,520
Timeline 12 weeks.
2175
01:25:46,520 –> 01:25:47,960
Executive risk summary.
2176
01:25:47,960 –> 01:25:53,240
For IT leadership the power platform problem is not fundamentally a citizen developer initiative problem.
2177
01:25:53,240 –> 01:25:55,320
Citizen developers are symptoms not causes.
2178
01:25:55,320 –> 01:25:57,160
The problem is a platform governance problem.
2179
01:25:57,160 –> 01:26:00,280
You have deployed a development platform without development discipline.
2180
01:26:00,280 –> 01:26:03,680
You are operating that platform without architecture enforcement.
2181
01:26:03,680 –> 01:26:07,920
You are pretending governance is optional because the platform is popular and adoption is strong.
2182
01:26:07,920 –> 01:26:09,240
Reframed this in your mind.
2183
01:26:09,240 –> 01:26:11,200
Power platform is not a productivity tool.
2184
01:26:11,200 –> 01:26:13,120
It is not an alternative to spreadsheets.
2185
01:26:13,120 –> 01:26:17,520
It is a distributed development environment embedded inside Microsoft 365.
2186
01:26:17,520 –> 01:26:18,600
Treated accordingly.
2187
01:26:18,600 –> 01:26:20,440
The risk categories are concrete.
2188
01:26:20,440 –> 01:26:22,440
Architecture sprawl is the first category.
2189
01:26:22,440 –> 01:26:24,960
Unmanaged app proliferation creates visibility gaps.
2190
01:26:24,960 –> 01:26:26,560
It creates operational complexity.
2191
01:26:26,560 –> 01:26:28,520
It creates dependencies you cannot see.
2192
01:26:28,520 –> 01:26:31,400
An application in the default environment depends on a connector.
2193
01:26:31,400 –> 01:26:34,800
That connector depends on a service account that service account gets deprovisioned.
2194
01:26:34,800 –> 01:26:36,520
The application fails silently.
2195
01:26:36,520 –> 01:26:38,040
Nobody knows it failed for weeks.
2196
01:26:38,040 –> 01:26:39,360
The ripple effects cascade.
2197
01:26:39,360 –> 01:26:42,680
This is architecture sprawl creating operational risk.
2198
01:26:42,680 –> 01:26:45,320
Security exposure is the second category.
2199
01:26:45,320 –> 01:26:49,360
Overly permissive connectors move sensitive data outside the organization.
2200
01:26:49,360 –> 01:26:52,640
Missing the LP segmentation allows risky connector combinations.
2201
01:26:52,640 –> 01:26:56,680
Often applications retain security permissions for accounts that no longer exist.
2202
01:26:56,680 –> 01:27:00,680
Zombie flows continue running against business critical data nobody is monitoring.
2203
01:27:00,680 –> 01:27:02,360
Each of these creates an attack surface.
2204
01:27:02,360 –> 01:27:05,200
Each expands the pathways an attacker can exploit.
2205
01:27:05,200 –> 01:27:07,720
Each increases the likelihood of a breach.
2206
01:27:07,720 –> 01:27:10,520
Hidden operational costs are the third category.
2207
01:27:10,520 –> 01:27:13,600
Licensing surprises emerge when dataverse storage explodes.
2208
01:27:13,600 –> 01:27:15,680
Premium connector usage skyrockets.
2209
01:27:15,680 –> 01:27:18,320
Environment sprawl requires additional licensing tiers.
2210
01:27:18,320 –> 01:27:22,440
The organization suddenly discovers power platform is a top 5 SaaS cost.
2211
01:27:22,440 –> 01:27:25,960
But the organization cannot determine which applications justify the cost.
2212
01:27:25,960 –> 01:27:27,440
Cannot determine which are abandoned.
2213
01:27:27,440 –> 01:27:29,320
The cost is real but the value is invisible.
2214
01:27:29,320 –> 01:27:32,240
This is operational cost without operational insight.
2215
01:27:32,240 –> 01:27:34,040
Compliance issues are the fourth category.
2216
01:27:34,040 –> 01:27:37,160
Unmanaged data flows violate compliance requirements.
2217
01:27:37,160 –> 01:27:40,320
Missing audit trails prevent demonstrating regulatory compliance.
2218
01:27:40,320 –> 01:27:42,400
Often applications break compliance controls.
2219
01:27:42,400 –> 01:27:44,920
Shadowite in a power platform creates the same risks.
2220
01:27:44,920 –> 01:27:49,680
Shadowit in unapproved SaaS tools creates regulatory bodies do not distinguish between governance
2221
01:27:49,680 –> 01:27:52,760
failure in power platform and governance failure in other systems.
2222
01:27:52,760 –> 01:27:54,600
A compliance breach is a compliance breach.
2223
01:27:54,600 –> 01:27:56,480
A data exposure is a data exposure.
2224
01:27:56,480 –> 01:27:58,480
The quantified risk is stark.
2225
01:27:58,480 –> 01:28:02,760
Organizations without formal power platform governance face 3 to 4 times higher rates of security
2226
01:28:02,760 –> 01:28:08,600
violations and compliance breaches not statistically higher, not marginally higher, 3 to 4 times.
2227
01:28:08,600 –> 01:28:09,760
This is not a minor risk.
2228
01:28:09,760 –> 01:28:11,760
This is a material risk to the organization.
2229
01:28:11,760 –> 01:28:13,880
The business case for governance is straightforward.
2230
01:28:13,880 –> 01:28:17,240
The organization can invest in architecture and governance now.
2231
01:28:17,240 –> 01:28:20,240
The organization can implement environment segmentation.
2232
01:28:20,240 –> 01:28:22,120
The organization can enforce ALM pipelines.
2233
01:28:22,120 –> 01:28:26,000
The organization can establish a center of excellence with genuine authority.
2234
01:28:26,000 –> 01:28:30,920
This investment prevents exponentially larger costs in remediation and technical debt later.
2235
01:28:30,920 –> 01:28:32,920
Or the organization can defer governance.
2236
01:28:32,920 –> 01:28:36,160
The organization can continue enabling power platform without discipline.
2237
01:28:36,160 –> 01:28:40,240
The organization can continue accumulating sprawl debt and compliance exposure.
2238
01:28:40,240 –> 01:28:43,520
The organization can continue until crisis forces remediation.
2239
01:28:43,520 –> 01:28:46,000
At that point the cost is orders of magnitude higher.
2240
01:28:46,000 –> 01:28:48,320
The remediation is organizational disruption.
2241
01:28:48,320 –> 01:28:51,040
The recovery is measured in years, not months.
2242
01:28:51,040 –> 01:28:53,440
Real pattern from enterprise audits.
2243
01:28:53,440 –> 01:28:57,720
The organization can address power platform governance, proactively report better security outcomes,
2244
01:28:57,720 –> 01:29:04,400
lower compliance violation rates and lower total cost of ownership than organizations that attempt retroactive remediation.
2245
01:29:04,400 –> 01:29:07,040
Not slightly better outcomes, significantly better.
2246
01:29:07,040 –> 01:29:10,360
The investment in governance early prevents the crisis later.
2247
01:29:10,360 –> 01:29:13,360
For the executive making decisions about power platform governance.
2248
01:29:13,360 –> 01:29:15,960
The question is not whether governance is worth the investment.
2249
01:29:15,960 –> 01:29:18,960
The question is whether the organization can afford not to invest.
2250
01:29:18,960 –> 01:29:22,800
Whether the organization can sustain the risk of operating a distributed development platform
2251
01:29:22,800 –> 01:29:24,080
without development discipline.
2252
01:29:24,080 –> 01:29:27,480
Whether the organization can accept the compliance and security exposure.
2253
01:29:27,480 –> 01:29:30,480
Whether the organization can absorb the escalating costs.
2254
01:29:30,480 –> 01:29:33,880
The answer across every enterprise that has assessed this is no.
2255
01:29:33,880 –> 01:29:36,440
The organization cannot afford not to invest in governance.
2256
01:29:36,440 –> 01:29:40,480
The organization cannot afford to operate power platform without architecture discipline.
2257
01:29:40,480 –> 01:29:43,000
The central thesis power platform is not the problem.
2258
01:29:43,000 –> 01:29:46,200
The problem is pretending it isn’t a real development platform.
2259
01:29:46,200 –> 01:29:50,640
Organizations that treat it as a toy end up with low-code, debt, sprawl security exposure
2260
01:29:50,640 –> 01:29:52,760
and escalating costs.
2261
01:29:52,760 –> 01:29:56,080
The recommendations that treat it as a platform with architecture discipline,
2262
01:29:56,080 –> 01:29:59,120
governance enforcement and ownership accountability,
2263
01:29:59,120 –> 01:30:01,680
unlock real productivity and sustainable growth.
2264
01:30:01,680 –> 01:30:05,160
The choice is clear, invest in governance now or pay for sprawl later.
2265
01:30:05,160 –> 01:30:11,280
Subscribe to M365FM for more deep dives into Microsoft ecosystem architecture and strategy.
2266
01:30:11,280 –> 01:30:14,800
If this episode resonated, please leave a review on your podcast platform.
2267
01:30:14,800 –> 01:30:17,560
It helps us reach more IT leaders and architects.
2268
01:30:17,560 –> 01:30:19,640
Connect with me on LinkedIn and let me know.
2269
01:30:19,640 –> 01:30:23,120
Power platform governance challenges are you facing in your organization?
2270
01:30:23,120 –> 01:30:24,840
Your feedback shapes the next episodes.
