Power Apps & Power Automate for the reluctant IT Pro

Power Apps & Power Automate for the reluctant IT Pro

ESPC 2019 in Prague, with Jussi Roine

9768eea42c648fc1dcd190e924deb59c?s=128

Thomas Vochten

December 03, 2019
Tweet

Transcript

  1. None
  2. Managing Power Apps & Power Automate for the reluctant IT

    Pro Jussi Roine Microsoft MVP & Regional Director Thomas Vochten Microsoft MVP
  3. None
  4. None
  5. Power to the people Power BI Business analytics Power Apps

    Application development Power Automate Process automation Power Virtual Agents Intelligent virtual agents Common Data Service Data connectors AI Builder
  6. Finding that perfect balance

  7. Security & Control Flexibility User Experience Finding that perfect balance

  8. A look at our governance toolbox MANAGING SECURING MONITORING LICENSING

  9. Managing Managing Power Apps & Power Automate for the reluctant

    IT Pro
  10. Admin Centers Power Automate Admin Center Power Apps Admin Center

    Power Platform Admin Center (Preview) https://admin.flow.microsoft.com/ Manage Environments, Data Policies and Data Integration https://admin.powerplatform.microsoft.com/ Manage Environments, Analytics, Data Integration, Data Gateways and Data Policies https://admin.powerapps.com/ Same as Power Automate Admin Center
  11. Environments • A space to store, manage, and share your

    organization’s business data, apps, and flows • They also serve as a boundary to separate apps that may have different roles, security requirements, or target audiences • Bound to a specific Azure region
  12. The default environment • Automatically created • In the region

    closest to the home Azure tenant • Shared by all users in the tenant • Maker rights for everyone
  13. Real admins use… PowerShell! • Download from the PowerShell Gallery:

    Install-Module -Name Microsoft.PowerApps.Administration.PowerShell Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber • You need to sign into the Power Apps Admin Center at least once before you can use these cmdlets • Essential commands: Add-PowerAppsAccount Get-AdminFlow Get-AdminPowerApp
  14. DEMO Admin Centers Environments PowerShell

  15. Securing Managing Power Apps & Power Automate for the reluctant

    IT Pro
  16. Office 365 Security & Compliance Protection.office.com

  17. Office 365 Security & Compliance Data Loss Prevention Policies are

    configured through https://admin.powerapps.com/apiPolicies
  18. Additional security settings Governance settings under Power Platform Admin Center

    (preview) Environment security settings under Power Apps Admin Center
  19. Cloud App Security An add-on security product, available in two

    editions depending on license: Office 365 Cloud App Security Microsoft Cloud App Security Cloud Discovery for Office 365 apps Manual log upload (from on-premises edge routers and devices) Conditional App Access Control for Office 365 apps Office 365 E5 / Azure AD P1/P2 (subset) Cloud Discovery for 16,000+ cloud apps Automatic log upload Extended threat detection Standalone / EMS E3 / EMS E5 / M365 E5 Security / M365 E5 / Azure AD P1/P2 (subset)
  20. DEMO Office 365 Protection Center Data Loss Prevention Policies Cloud

    App Security
  21. Monitoring Managing Power Apps & Power Automate for the reluctant

    IT Pro
  22. Admin Analytics

  23. Monitoring using Office 365 Management Activity API • All logs

    for Power Platform available from Office 365 Management Activity API from the past 90 days • Available from https://manage.office.com • Requires OAuth2 access tokens, and Azure AD for authentication & authorization • Exposes five content types: Audit.AzureActiveDirectory Audit.Exchange Audit.SharePoint Audit.General DLP.All
  24. Using PowerShell to retrieve logs $clientID = "a7cf766e-ca55-45b6-a9b1-123123123" $clientSecret =

    "p=8eOqYpRpO5w4@/123123123123" $tenant = “tenantName" $tenantdomain = "$tenant.onmicrosoft.com" $loginURL = "https://login.microsoftonline.com/" $resource = "https://manage.office.com" $body = @{grant_type="client_credentials";resource=$resource;client_id=$clientID ;client_secret=$clientSecret} $oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
  25. Using PowerShell to retrieve logs Invoke-WebRequest -Method Post -Headers $headerParams

    -Uri ‘https://manage.office.com/api/v1.0/$tenant/activity/feed/subscriptions/ start?contentType=Audit.General’ Invoke-WebRequest -Headers $headerParams -Uri ‘https://manage.office.com/api/v1.0/$tenant/activity/feed/subscriptions/ list’ Invoke-WebRequest -Method GET -Headers $headerParams -Uri ‘https://manage.office.com/api/v1.0/$tenant/activity/feed/subscriptions/ content?contentType=Audit.General&startTime=2019-11- 19T00:00&endTime=2019-11-20T00:00’
  26. Monitoring and reacting to logs with Azure Log Analytics A

    more advanced solution is to retrieve the logs and push them as custom events to Azure Log Analytics → benefit from Azure Sentinel! Office 365 Management Activity API Azure Log Analytics Azure Sentinel
  27. DEMO Analytics Getting logs with PowerShell Getting logs and storing

    them in Azure Log Analytics
  28. Licensing Managing Power Apps & Power Automate for the reluctant

    IT Pro
  29. Licensing – the best part of Power Platform! ;-) Microsoft

    introduces two major changes to Power Apps and Power Automate licensing in 2019 HTTP custom actions, custom connectors and integration to On-Premises require P1/P2 license February New plans for Power Apps and Power Automate; essentially retiring P1/P2 plans in the future; new pricing October Note: Licensing is complex. It’s never black & white. There are edge cases. Yet, Power Apps & Power Automate licensing is challenging!
  30. Power Apps for Office 365 Power Apps Plan 1 Power

    Apps Per User Plan Power Apps Per App plan Power Automate for Office 365 AI Builder Capacity Add-on Need Power Apps? Need Power Automate? Need Custom/Premium connectors, access to on-premises or CDS? Yes Is it past April 2020? How do you want to publish your app? 2 apps, all users One user, unlimited apps Yes Power Automate Per User Plan Minimum 5 units to purchase Is it past April 2020? How do you want to publish your flow? Unlimited users One user, unlimited flows Yes Power Automate Per Flow Plan Need more subscription capacity? Common Data Service Capacity Add-on Power Apps and Power Automate Capacity Add-on Power Apps Plan 2 Need model driven apps or environments? Yes No No You’re good! No Flow Plan 1 Flow Plan 2 Need >4,500 runs per month, org policies or 1 minute checks? Yes No Need Custom/Premium connectors, access to on-premises or CDS? Yes Yes Yes Yes Power Apps Portals Need portal capabilities (anonymous /external access) Yes You’re good! No No No No Power Apps & Power Automate licensing (basics)
  31. Licensing: Standard scenarios 1 2 Power Automate running against a

    SharePoint Online list Power Apps retrieving data from on-premises, also uses the HTTP Connector and Azure Storage 3 SharePoint Timer Job triggers a Power Automate-based business process, that requires Premium Connectors Power Automate Office 365 / Power Automate Per User / Power Automate Per Flow Power Apps P1 for Maker + All Users / Power Apps Per App Plan / Power Apps Per User Plan Power Automate P1 for Maker + All Users / Power Automate Per Flow Plan
  32. Licensing: Complex scenarios 1 2 Power Automate triggered from a

    SharePoint Online list, requires HTTP Connector and data from Microsoft Graph Power Apps triggers a Power Automate-based business process, both need access to HTTP Connector & CDS 3 Flow P1 license purchased for Maker, and it’s past April 2020, and a new Power Automate process is added that requires Premium Connectors Power Automate P1 for Maker + All Users / Power Automate Per User / Power Automate Per Flow Power Apps Per App Plan It depends! May purchase additional P1 licenses; Can buy Power Automate Per User/App Plan
  33. DEMO Purchasing licenses Applying licenses

  34. Some light reading… https://aka.ms/powerappsadminwhitepaper

  35. Some more reading! https://go.microsoft.com/fwlink/?linkid=2085130

  36. Yes! More reading! https://flow.microsoft.com/en-us/blog/read-our- new-whitepaper-on-how-to-build-enterprise- ready-flows/

  37. And to make sense of it all https://jussiroine.com/2019/01/the- comprehensive-licensing-guide-to-microsoft-flow- and-powerapps/

  38. @jussiroine @thomasvochten

  39. None