M1 – Introduction to Power Platform

Power Platform:
Platform is a collection of various tools, applications, services, that
enable people to create their own apps, informational displays,
chatbots and automated processes.
The idea here is to support what Microsoft calls citizen developers.

Components:
1. Power BI is a data analytics service with which users can discover
and gather data from local or cloud sources, and then
visualize and share that data with other users in graphical form.
2. Power Apps is a development platform that enables users to work
with that same data they used in Power BI, but use it to create web
and mobile applications without having to know how to
write code.
3. Power Automate, which used to be called Microsoft Flow, is a tool
that users can use to trigger complex processes and create
automated workflows.
4. Power Virtual Agents is a tool for creating chatbots.

These four components are all services that are part of Power Platform,
and they work together with Microsoft Azure, which hosts the
services in the cloud.
All of the Power Platform components can interact with outside
applications.

Microsoft Dataverse:
 This is a cloud-based database manager service that stores
and secures data in units called tables.
 Any of the Power Platform services can use the Dataverse to store
data or retrieve it.
 CDM – the Dataverse uses a system of schema that are defined in
an open standard called the Common Data Model. This defines
standard units within the Dataverse databases using tables,
columns, and the relationships between them that enable apps
to utilize that data.
  Data connectors are the components that all of the Power Platform
services can use to access data from a variety of other
sources, including social media, cloud services, local files, and so
forth. There are over 200 connectors included with Power
Platform, and users can also define custom connectors for other
applications that haven't already been implemented.
 AI builder is a turnkey solution that enables users to enhance
Power Platform apps and flows by integrating pre-made
artificial intelligence functions such as object detection, text
classification, and form processing.
 A Dataverse implementation can have multiple database instances,
just like other database managers such as SQL. So you can create
multiple databases in one Dataverse hosted in the cloud.

Power BI:
 Power BI can create dashboards, reports and apps, and configure
them for display on a variety of devices, including standard
monitors, tablets, and smartphones.
 It is a cloud-based service and that cloud enables users to work
with their data directly right through the cloud interface access
through a web browser.
 The Power BI home page, access through a web browser,
provides the tools needed to create and work with Power BI
reports and dashboards and apps. There are a variety of
templates available that simplify the process of creating these
dashboards and apps.
 You could create apps to package multiple reports and dashboards
and share it with consumers. Or you can export the Power BI
content by printing it or exporting it to an Excel or CSV file or
create a PDF or a PowerPoint of the entire report

1. A Power BI dashboard is the most basic of the forms that users can
create with their data. A dashboard consists of a number of tiles,
each of which contains a graphical element, and this example
provides a variety of different graphical forms, including column
graphs, bar graphs, pie graphs and simple text.
Dashboards are also interactive. By clicking on an individual
element, you can display information about it from within the graph.
 2. A Power BI report is larger than a dashboard. It essentially consists
of multiple pages and provides filters to control the data
displayed.
3. Power BI apps, (different from the apps created in the Power Apps
tool) are essentially apps that contain multiple reports and are
able to be published and saved in a variety of ways to make
them available to outside users.
4. Power BI Desktop is a Windows application that is somewhat
more powerful than the service in the sense that it enables users
to transform and work with their data in more detail and perform
elaborate data transformations.

When the Power BI Desktop creates a report or a dashboard, the

user must then publish it to the Power BI service in the cloud to
make it available to other users.

The Power BI Desktop is the more powerful tool as far as creating

content is concerned, but it is not essential. You can create a basic
dashboard or report right in the Power BI service without even
installing the desktop application.

Power Apps:
 It creates actual applications of three types:
a. Canvas apps which use a basic development paradigm in
which the user starts with a blank canvas.
 b. Model-driven app which creates an app based on a
particular model that already exists. In other words, you
would choose a model and then plug in the data and Power
Apps would decide how it appears on the screen.
c. Portal is an app created to be a website that will provide
content to users anywhere on the Internet.

 The Power Apps app designer consists of a workspace and a list

of the components and properties that you can use to create an
app. You create apps using a drag and drop method.
 You can also modify the properties of the individual
components, enabling you to create apps of varying complexity.
 There are simple little apps that show data, and there are more
complicated ones that interact with the data and the source.
 Unlike Power BI, which is essentially read-only when it comes to its
data sources, Power Apps can interact with a data source.
 Design interface in Power Apps enables you to see a replica of the
app in the centre pane of the screen.

Power Automate:
 Power Automate is essentially a tool that creates macros,
automated processes that can occur when an event occurs
or when a user triggers the action.
 Power Automate creates automated events called flows. That's
why the tool was originally called Microsoft Flow.
 Power Automate comes with a large collection of templates.
Each of the tiles on this screen is a template that performs a
particular task, and the little icons on the screen display the
 connectors, the data sources that are needed in order to perform
that task.
PA flow types –
1. Automated flows are ones that occur when a specific event
happens.
2. An instant flow, also called a button flow, as the name implies, is
triggered when a user clicks a button or some other control
that causes the flow to begin.
3. A scheduled flow is one that is designed to occur at a specific
date and time.
4. A business process flow is more complicated sort of element in
which the flow leads users through a process to complete a
task that consists of multiple stages, each of which has
multiple steps.
5. UI flows, user interface flows, which provide robotic process
automation (RPA) for tasks that require mouse and keyboard
input.

Connectors:
 Power Platform tools all can work with connectors that enable
them to access data in a variety of outside sources. Eg: social
media, local applications like Excel, cloud services and SQL servers
etc.
 In order to access data from an outside source using a connector,
the user of the Power Platform tool has to have appropriate
credentials for that service or application. This causes some issues
later in the development process when it comes to publishing
material to other users who may not have the same credentials.
 A connector is essentially a proxy that is an intermediary between
the Power Platform tool and the remote data source.

 The data sources have an API, an application programming

interface, that enables outside users to connect to it, and Power
Platform uses connectors that take advantage of those APIs.
 When running Power BI, data runs in one direction only from the
source to Power Platform. The users of Power BI can access that
data and manipulate it, and display it, but they cannot change it.
They can't write changes back to the original source. However,
Power Apps and Power Automate are both tools that can
work bidirectionally with the data sources.
  While it's possible to access data from remote sources using a
connector, it's also possible to store data and access it through
a database hosted by the Microsoft Dataverse.

Power Virtual Agents:

 What you're essentially doing when you create a Power Virtual
Agent is creating a conversation between the website,
between the agent itself and the user who's accessing it.
 There are trigger phrases at the beginning of a Power Virtual
Agent that are essentially listening to what users are saying or
typing.
 Power Virtual Agents can be very simple or they can get quite
complex. Power Virtual Agents have branching logic.

 It is also possible to add Power Virtual Agents as an app in

Microsoft Teams. This enables users to create chatbots for Teams
users that address Teams issues. After adding and launching the
Power Virtual Agents app, a user creates a new chatbot by selecting
the team that will be its audience.
Once Power Virtual Agents creates the chatbot, as shown here, the
interface creating the bot's conversation is roughly the same as that
in the Power Virtual Agents portal.

Business Value
Integrating Apps into MS Teams and other services:
 First, find the app ID, which is 128-bit value, called a globally
unique identifier or GUID. This is the type of code that's used
 throughout the Windows operating systems to identify elements,
software or hardware.
 Then, look at Microsoft Teams and embed the app into a Teams
page using the app studio pasting the GUID into that
identification text box.
 Now, you have a connection established between Teams and Power
Apps that enables users of Teams looking at the particular page you
chose to see that app embedded in the page.
 The same thing is possible with SharePoint and other
Microsoft 365 services.

Power Apps with Dynamics 365 Apps:

 Dynamics 365 is a Microsoft product that consists of a collection
of applications that use a different paradigm for collecting
and utilizing data in the enterprise.
 Dynamics 365 collects data constantly from all of the
components involved in the enterprise affairs and using that data
to proactively take action that would prevent problems from
causing excessive downtime or loss of productivity. This is
something that Microsoft likes to call the digital feedback loop.
 Unlike Microsoft 365, Dynamics 365 was built from the start,
using the Microsoft Dataverse as its storage medium. This
means that all of the Power Platform tools have constant access to
all of the Dynamics 365 data.
 Dynamics 365 consists of a number of applications; sales,
customer service, field service. All of these can work together using
the Microsoft Dataverse to feed data to the Power Platform services
as needed.
 The Power Platform tools were created later as essentially
an extensibility platform for Dynamics 365.

Power Platform and Azure:

 Microsoft Azure is a cloud-based service that is the central hub of
the Power Platform tools and almost every other Microsoft
product.
 The Power Platform tools are all cloud-based services hosted by
Azure, which makes them accessible to users from any location. The
Power Platform tools can also access data through Microsoft
Azure.
 Azure hosts the Microsoft Dataverse and stores all of that
data there, and when Power Platform tools connect to other data
sources, they can store that data in the Dataverse again hosted by
Azure.
  In addition to the Power Platform tools, Azure contains a host of
other services and products that can be integrated into Power
Platform apps and flows.

Security and Administration:

Azure Active Directory:
 Power Platform can utilize Azure Active Directory for the user
accounts that are needed to access the Power Platform tools, and
for the users who will access the Power Platform content later.
 Azure Active Directory is administered through the Microsoft
365 admin center. On the user's page, there's a list of all the users
and controls for you to create and manage users there.
 Therefore, while you don't have to create user accounts in
each of the Power Platform tools, you do have to work with
those accounts to provide access to content consumers.
 For example, in Power BI, if you've created a dashboard, and you
want to share it with other people, you use this share dashboard
dialog box and the email addresses you specify are the addresses
associated with those Azure Active Directory accounts. And as you
can see, there are also checkboxes that enable the recipient of
these permissions to share the dashboard to other people or to build
new content using the underlying data sets or to receive email
notifications when they receive permissions. This is basic in Power BI
because data is one-directional.

Power BI Backend –
  In Power BI, there's a two backend services, a web front end and
a back end, and they work together to provide the service that we
know as Power BI.
 The browser that you see in the lower left here connects to the
web front end, and this is where authentication and
authorization take place. This is where the user supplies
credentials, and they're authenticated through Azure Active
Directory.
 Once the authentication and authorization are complete, the
communication is between the browser and the back end,
and that is where Power BI retrieves the dashboard data from
the Microsoft Dataverse or another location and provides it to the
user.

Power Apps –
 Power Apps has a multilayered security setup. As with Power BI,
Active Directory in Azure is the source for the user accounts.
 Within the environment that you're working, in Power Apps, there
are two built-in administrative security roles.
1. Environment admin, which can perform all administrative
tasks for an environment or environment maker which can
create resources in an existing environment. These are roles that
would be assigned to content developers depending on their
needs and the nature of the apps you're creating.
o Connector credentials are essential to access any
outside data source.
2. Environment Maker can create resources in the environment
like apps, flows, connections, etc.
 App sharing in Power Apps is essentially the same as it is in Power
BI.
 And there is also a handy data permissions area that shows
what connections are in use in that app and what
credentials the end users will need.
 There are also security roles for the Microsoft Dataverse
itself. Three standard security roles which are permissions that
administrators can assign to users and groups to determine what
operations the users can perform on the database entities.
1. There's Dataverse user, which is the default permission
assigned to users and provides them with permissions to
the records that they own themselves.
2. Delegate role which enables users to impersonate other
users and run code using their credentials.
3. Co-owners, which enables them to access all of the
connections configured in the flow. In other words, all the
 permissions that the developer uses to access outside sources
are passed down to the end users. Co-owners can also modify
the flow, change the credentials to their own credentials, but
they cannot use the shared credentials to create new flows.
4. The alternative to a co-owner is a run-only user, and this is an
option only when you have a triggered flow. You can
select whether the credentials, the permissions are supplied
by the end user or use the connection that the developer has
configured with the developer's permissions.

 Another tool in Microsoft 365 that's implemented in a lot of different

ways is data loss prevention. DLP policies are rules that enable
administrators to classify the connectors that they use in a
particular environment.
1. You can specify that a connector is a non-business connector.
This is the default setting for all of the connectors included with
Power Platform. It's intended that these connectors do not
access sensitive data so they are accessible to any user.
2. A business connector is one that can only share data with
other connectors in the business group. These you would
put into a special category, the business category when they
contain access to more sensitive data. Connectors in the
business group cannot share with connectors in the non-business
group.
3. Rule for blocking connectors that are used if you want users
to be unable to use certain connectors at all, you can
designate them as blocked.

Admin Portals
Microsoft 365 Admin Centre:
 In the Microsoft 365 admin center, there is a page that contains
links to all the other admin centers accessible to Microsoft 365
administrators.
 This is also the page where you create and manage users, and
work with your subscriptions for Microsoft 365 and other
products, and handle your billing and so forth.
 Users who need permission to access Power Platform content or to
create Power Platform content, work with accounts that are
managed in the Microsoft 365 admin center. These are the accounts
that are part of Azure which are implemented in the Azure Active
Directory Service.
  So these same users which you manage in the Microsoft 365
admin center are also the users you can select when
creating an app, for example, that you want to share with other
people.
 In the admin center, you can select a user and manage
everything about it, including its profile information and the
licenses that user possesses, and so forth.
 Here you could also create new users and assign them security
roles.

Power Platform Admin Center:

 Power Platform admin center is now the main administrative

interface for the Power Platform tools.
 The first thing you have to do is select an environment to work
in. When you choose an environment, you are then able to see the
apps, the flows that have been created in that environment.
 The Power Apps and Power Automate admin centers have been
deprecated as of June 30th, 2020, and that functionality is
implemented in the Power Platform admin center. However, the
admin centers for Power Apps and Power Automate are still
available for users who prefer them.
 Power Platform also includes analytics that can display
information about the Dataverse resources currently in use.
Administrators can use this to monitor the usage and other
metrics for the Dataverse, for Power Apps, and Power Automate.
All the charts are updated in real time.

COE Starter Kit:

Because Power Platform uses a no code low code philosophy in its
development, the efficiency of the development process can be enhanced,
as can productivity, and development costs can be lowered. However, this
also raises governance issues. When individual users are creating their
own apps and flows and dashboards and other Power Platform elements,
who is ultimately responsible for that development process? Is it IT, or is it
the people in the individual departments actually doing it? How is IT
supposed to ensure that licensing and security procedures are observed
regarding any sensitive data being used by the apps or dashboards or
flows? In other words, who owns the apps? IT or the people in the
departments creating them? A lack of governance over Microsoft Power
Platform can lead to orphaned apps, compromise data, slow flows, and
other issues that complicate the whole process of developing these tools.
 Microsoft's solution for establishing governance policies in
Power Platform is called the Center of Excellence Starter Kit or COE
Starter Kit.
 It's a free download that consists of various dashboards, apps
and flows that take an inventory of the enterprise and
provide administrators with a detailed view of the Power
Platform resources in use as shown here.
 It's not a complete solution. It's just a framework for a governance
policy that has to be developed individually by every
organization.

Environments:
 An environment in Power Platform is a container in which the
apps and flows that users create are stored, as well as any
data that they store in the Microsoft Dataverse.
 When you are using a particular environment, the users have access
to everything stored in that environment, but no one else has
access to them if they don't have access to that environment.
 It's possible to create multiple environments in Microsoft Azure and
store different sets of apps, flows and data in individual
environments.
 When you look at the environments page in any of the portals, the
Power Platform admin portal or any of the individual administrative
portals for the Power Platform tools, you see a list of the
environments that currently exist in that tenancy, as well as other
information about them.
 There are four types of environments –
1. Production, which is the kind you would use for permanent use
and deployment.
2. Sandbox, which is for development and testing.
3. Trial environment limited to 30 days and one user.
4. Developer environment which requires a special license and is for
use only by the owner, who is presumably involved in
development of apps, flows, and so forth.
Service Trust Portal:
Microsoft has created a website they call the Service Trust portal, STP, and
it's essentially a library of information about different types of
compliance statutes.
1. There are audit reports of Microsoft's cloud services, evaluating their
compliance with published standards. It's important when dealing
with this issue that we're talking about both the compliance of
Microsoft in their cloud service implementations and of the users,
the company that is making use of the data.
2. There's also a library of documents and resources, including white
papers, facts, penetration test reports, compliance blueprints, and a
lot of other data protection resources.
3. STP also includes compliance manager, which is a risk assessment
tool that scores an organization's regulatory compliance based on
specific standards.
4. There is also a section on Industries and Regions which provides
documents containing compliance information for specific industries
and specific countries.
5. And finally, there's a trust center site, which provides
documentation on the means by which Microsoft supports
compliance, transparency, security, and privacy in its cloud
services.

Compliance Manager –
 Compliance manager is a tool that measures compliance of
specific elements running on the service in Microsoft Azure with
specified standards, and the compliance manager interface consists
of tiles that specifies what is being assessed, what standard it's
being compared with, and what score has been given that particular
test.
 The compliance managers enable you to zero in on a specific
service and a specific standard that the service has to
comply with.
Auditing –
 Power Platform also supports auditing, which is a means of tracking
who accesses data, what permissions they have, what
changes they have made to the data or to their permissions.
 Auditing functions in Power Platform, much as it does in Microsoft
Windows or any other software product. It tracks specific events
and writes them to a log file which administrators can
examine later to see who did what and when.
 The details of an audit log appear as a list of log entries, and
selecting one gives you more specific information about what
happened when it happened, and what access the particular user
took advantage of.