Learnings from scaling Power Apps

for whole organization

Rui Santos
Senior Program Manager, Microsoft
Thank you!
Where do you start ?
 I have Power Apps, now what?

• How“My manager
do I protect just told me;
my environments weconnectors
against have this new thing
misusage ? called
• Power
How Platform
do I protect to manage
my environments I need
against Appsto learn how
oversharing ? to protect it”
• Everyone has Environment Maker Role in Default, what does it mean ?
• My users want to create an Approval process and requires Dataverse, what’s that ?
• Are users importing Solutions with errors in production Environments ?
• How users deploy their App to Production ? Can I have a proper ALM since day one ?
 I have Power Apps, now what?

• Should I have Dataverse in Default Environment ?

• Why Apps and Flows created in SharePoint show up in Default Environment ?
• I’m using Project for Web and Approvals, which required Dataverse in Default Environment,
now what ?
• How Dataverse Security works ?
• I have my Apps and Flows using SharePoint, how can I migrate to Dataverse ?
• What would be the best Environment Strategy to my organization ?
• What are the different roles and responsibilities needed for CoE ?
• How can I keep my Environments cleaned, and archive Apps not being used ?
• What kind of trainings/activities should my users do ?
• Are users using Power Apps in meaningful ways ?
Majority of the questions end up in these boxes

Administration Privacy & Nurture &

& governance security adoption

Strategy & business

values
Admin & Governance is the most concerning topic
• How do I protect my environments against connectors misusage ?
Administration & • How do I protect my environments against Apps oversharing ?
Governance • Are users importing Solutions with errors in production Environments ?
• How users deploy their App to Production ? Can I have a proper ALM since day one ?
• Should I have Dataverse in Default Environment ?

Privacy & • Why Apps and Flows created in SharePoint end up in Default Environment ?

security • I’m using Project for Web and Approvals, which required Dataverse in Default Environment, now
what ?
• What would be the best Environment Strategy to my organization ?
• What are the different roles and responsibilities needed for CoE ?
Nurture & • How can I keep my Environments cleaned, and archive Apps not being used ?
Adoption • Everyone is Environment Maker in Default, what does it mean ?
• How Dataverse Security works ?
• I have my Apps and Flows using SharePoint, how can I migrate to Dataverse ?
• Everyone is Environment Maker in Default, what does it mean ?
Strategy and • What kind of trainings/activities should my users do ?
business values • Are users using Power Apps in meaningful ways ?
Managed Environments
5

1
1. Usage insights

2. Admin digest

3. License reports

4. Data policy view

6
2
5. Sharing limits

6. Solution checker

7. Maker onboarding
7
8. Easy activation

3
9. Pipelines

managedenvforpower 4 9
 Default Environment Routing (private preview)

With Env routing, admins have the option to direct

new makers to Dev envs vs. Default env
• New makers: those who have no MRU environment
• Route to existing dev environment if maker has one;
else JIT new dev environment
• Requires ME turned on in Default env

MRU: Most Recently used Environment

 Developer Envs are Managed by default


Granular admin controls


Support DLP Policy per Env Type 
Scaling Dev Ability to Preconfigure ME Settings

Environment

Pipeline Auto Attachment 
Management Time based Env Reset
(Planned) 

Power Pages Support


Power Automate Support 
Lift-and-shift tools for existing Default assets 
More visibility
More control
Less effort
Maturity model
Strategy, vision and business value
Measuring ROI, business value,
Executive sponsor,
Clear strategy and vision,
Where Power Platform fits into overall technology landscape
Budget and personnel
Business challenges
License assignment strategy

Governance, administration and support

Environment strategy
Resourcing for support
Support effectiveness
Processes for requesting access, new environments, DLP, etc
DLP strategy
Support artifacts

Nurture and adoption

Success stories
Hackathons and events
Community support
Career opportunities
CoE feedback
Certifications
Maturity model & assessment platform

https://aka.ms/ppassessment
Power Platform @ DB Group
Learnings from scaling to all DB employees

Andreas Exter / Christian Handt

Head of Group Common IT Platforms & Services
Deutsche Bahn AG, Germany
Unit Product Owner DB Collaboration & Communication
DB Systel GmbH, Germany
Who‘s speaking
Andreas Exter
• Head of
Group Common IT Platforms &
Services
• Responsible for demand and
provider mgt for O365, PP,
Workplace Services, platform
services
• 20 people in 2 teams
Christian Handt
• Unit Product Owner DB
Collaboration & Communication
• Responsible for operation of
Office 365, digital signature,
power platform, unified
communication
• Appr. 80 people in 11 teams
DB Group
a domestic and an international mobility and logistics company
DB Systel GmbH
a digital partner for all DB Group companies
Why the Power Platform
LCNC is a promising technology for DB, PP is a smart start

• Reduced time-2-market for professional

developers and developments
• Reduced software development costs
• Enable a new group of personas, aka citizen
developers, to develop software by and for
themselves
• Ideal solution for IT-business-fusion
• Developers are a scarce workforce on the labour
market
Several reasons why the PP is a good pick

• O365 and PP are „close friends“

• Similar „look & feel“
• Good toolbox for little office helpers to ease the
work day, create shortcuts and automize routine
work
• Scalable solution for small, middle and more
complex use cases and applications
• Great variety of standardized connectors
• Attractive pricing for the PP licences
Power Platform specific
issues to handle
The value was easy to understand. It was the risk and the
governance questions that troubled us (1/2)
• Roles and responsibilities
• Environments
• Connectors (interfaces)
• IT risk management
The value was easy to understand. It was the risk and the
governance questions that troubled us (2/2)

• Data
• Data protection/ privacy
• Labour council
• Management and control
• Community/ Learning & Training

• …without suffocating the benefits of the PP

How did we succeed?
It took as a while. But finally, we made it…

• Three-stages-modell
• Slim, strict and understandable set of rules
• Technical enforcement of rules via PALM app
• Activate Managed Environments in the Default environment for
controlling sharing limits
• Use CoE starter kit for monitoring

• Continuous, trustful talks with the workers council

• Why is this the right way for DB? Why did we skip the other options?
In depth… the three-stages-model

Professional Usage
Power Automate

Team Usage Power Apps

Power BI
Power Automate
Power Apps

Personal Usage
Power Automate
Power Apps
 Differences between the three stages
Personal Usage
▪ Locked-in O365, no connectors, no
data in, no data out
▪ Single-stage-environment
▪ Connecting and integrating the
available services and data of O365
▪ The artefact (app) is not considered
to be an application (ID, risk
management etc.)
▪ Maintaining access rights and
privileges of the user in O365
▪ Responsibility for the app and the
data remains exclusively with the
user
▪ Data is stored on the personal
OneDrive
Team Usage
▪ Same as personal usage
Also:
▪ The artefact can be used by all
users assigned to the sharepoint
site or teams channel, serves as a
data storage
▪ Maintaining access rights and
privileges of all sharepoint / teams
channel users the artefact is
assigned to
▪ Responsibility the data remains
exclusively with the user, the
artefact itself needs an owner (=
sharepoint site/ teams channel
owner)
Professional Usage
▪ O365 as a basis, further connectors
can be used/ activated
▪ Multi-stage-environment
▪ Maintaining access rights and
privileges of the user in O365 +
further solution specific access
rights and privileges
▪ Responsibility for the app and the
data remains with the application
owner
▪ Data is stored on the personal
OneDrive
▪ The artefact (app) is considered to
be an application (further duties,
internal policies and obligations
apply)
The PALM App…
• Monitors the usage context of an app (artefact), e.g. the transition from
the personal usage to team usage is detected
• Monitors the usage of the connectors
• Automatically deletes artefacts leaving the usage context, apps without
acknowledged terms of use, apps without an owner etc.
The PALM App…
The PALM App…
Establishing a Center of Excellence (CoE)
CoE is designed to drive innovation and improvement
Power Platform CoE set up at DB
Areas of responsibilities
Power Platform CoE set up at DB
Areas of responsibilities
KPIs & statistics
What did we achieve since the rollout
(Professional since February 2021 / Personal since February 2023)

2.346 Power Apps

Usage (Professional vs. Personal)

Every week appr. 250 new
APPS: 65% vs. 35 %
Power Apps and Cloud-Flows
Cloud-Flow: 75% vs. 25%
Reports: 49% vs. 51%

May 2023: over 350 new activ Power

Apps and Automate Developer
Examples & Use Cases
Optimization of Q&A of Support Questions
OpenAI and Flow
Planning System of DB Netz AG
contract / planning volume of 2 billion EUR
OPUS – HR System of DB Netz AG
Projektmanagement
Status of Container
Feedback of Construction Sites
Q&A