A few weeks ago, I had a conversation with a client who asked, “Do we really need governance in Power Platform? I mean, we already have governance around Microsoft 365 and Azure. Isn’t that enough?” That question really hit because I’ve heard it so many times.
A lot of organizations I work with do understand the need for governance. The tricky part is that their focus is usually on the more traditional areas like email, Teams, identity and infrastructure not on the Power Platform. And yet, Power Platform introduces a whole new layer of tools, users and risks that aren’t covered by those existing policies.
Implementing Power Platform governance is often a complex, layered process and even organizations with strong foundations in Microsoft 365 and Azure can find themselves overwhelmed by the new concepts and responsibilities that Power Platform brings.
In todays post I will try to break down the 3 most common challenges I’ve encountered when working with Power Platform governance and I’ll provide my ways to overcome them.
Challenge 1: IT Admins are unfamiliar with Power Platform concepts
Many IT administrators are comfortable with Microsoft 365 and Azure, but the Power Platform introduces new paradigms: environments, Power Platform DLP (Data Loss Prevention) policies, custom connectors, solutions, makers, and more. It's not uncommon to see IT professionals struggle with the admin interfaces or how it brings new things to the table. Some admins find it tricky at first.
Why this happens?
Power Platform lives in that space between IT and business users. The platform gives business users (makers) powerful tools, which introduces risks if not understood or managed properly. If IT doesn't have a clear understanding, they often can't provide appropriate guardrails.
What you/your org can do?
Start with Education: Encourage your IT team to engage with the Power Platform Community, blogs and Microsoft's documentation to stay updated on best practices and when possible.
Use the Power Platform Admin Center: Familiarize yourself with the Admin Center, it’s your control tower for managing environments, capacity, analytics, and policies.
- Join the Community: Engage with the Power Platform Community, blogs and Microsoft's documentation to stay updated on best practices.
Challenge 2: No one knows what has been built, by whom, or why
In an open, ungoverned environment, apps and flows get created organically. Over time, people in different departments build apps and flows. But without governance, nobody tracks who built what, where it’s running or even if it’s still needed.
Why this happens?
Power Platform is easy to adopt, which is its strength and weakness. Without governance from the start, users create apps to solve local problems without oversight or documentation.
What you/your org can do?
Implement the Center of Excellence (CoE) Starter Kit (read more here) this solution helps you track app and flow inventory, maker activity and usage trends. It includes:
- App/Flow inventory
- Environment insights
- Orphaned resources reporting
- Nurture communications to support makers
…and maybe, implement a 'request process', I mean ask users to submit a short form describing the purpose, owner, and data used before publishing solutions to production.
Challenge 3: Responsibilities for managing the Platform have not been defined
In many organizations, it's unclear who is responsible for different aspects of Power Platform governance. Who’s in charge of what? Who handles support? Who approves new environments? If you don’t define this early, things can slip through the cracks.
Why this happens?
Power Platform is used by both IT and business teams. That’s great for collaboration, but it also causes confusion over who’s responsible for what.
What you/your org can do?
Define roles and responsibilities using a RACI (Responsible, Accountable, Consulted, Informed) Matrix model.
Here’s what those roles mean:
Responsible: The person (or team) who actually do the work.
Accountable: The one who makes sure the work gets done and signs off on decisions.
Consulted: People who should be asked for input or advice before things move forward.
Informed: People who just need to be kept in the loop.
For example:
Designate a Platform Owner. This person or team will be responsible for maintaining platform strategy, alignment and overall governance. They bridge the gap between business needs and IT control.
In big companies, let each department have their own mini-admins while still following central rules.
Conclusion
Governance isn’t about restricting users, it’s about empowering them with the right support and boundaries to innovate safely and sustainably.
While it’s tempting to delay governance until you "have more apps" or "understand more," starting small with visibility and education will put you miles ahead.
BONUS: If you’re just getting started, begin with visibility like the CoE Starter Kit and define a few simple rules. You don’t need a perfect setup from day one just a direction and some small wins.
Top comments (1)
Top!!!!