Edit

Share via

Use core components

The Center of Excellence (CoE) Starter Kit provides a set of core components to help you start building a Center of Excellence (CoE). The components sync your resources into tables and build administrative apps on top of them to help you get more visibility into the apps, flows, and makers in your environment. For example, the Manage Permissions app helps with administrative tasks related to permission management.

Learn how to get started in Set up inventory components. Watch an overview on how to use the core components solution.

Note

The core components solution contains assets relevant only to administrators.

Inventory components

The core components solution contains tables, security roles, flows, and apps.

Tables

Note

To easily explore and manage data stored in Dataverse, we recommend installing the Microsoft Power Apps Office Add-in. Learn more at Working with data in Dataverse using the Excel Add-in!.

Tenant objects

The sync flows of the CoE Starter Kit sync your tenant resources to the following Dataverse tables. All tables provide information about created by or created on and modified by or modified on, plus resource-specific information.

  • AiBuilderModel is an AI Builder model.

  • Business Process Flow is a business process flow.

  • CoE Connection Reference is the linking table for the many-to-many relationships among connectors (PowerApps Connector) and cloud flows (Flows) or apps (PowerApps App). This reference isn't currently available for data export architecture.

  • Desktop Flow is a desktop flow.

  • Environment is the Environment object, which contains apps, flows, and connectors.

  • Flow is the cloud flow in the tenant.

  • PowerApps App is an app, such as a canvas, model driven, or other type of app.

  • PowerApps Connector is a standard or custom connector.

  • Power Pages Site is a Power Page Site.

  • Power Platform Solution is a solution.

  • Microsoft Copilot Studio is a bot in Copilot Studio.

  • Microsoft Copilot Studio Component is a Copilot Studio component, such as a topic.

  • Microsoft Copilot Studio Component Flow Lookup is a flow triggered as part of Copilot Studio.

Users

There are several concepts of users in the inventory.

  • Connection Reference Identity stores a list of a single instance of all user connections for each environment.

  • Environment Security Role Permission is a permission to an environment. Including the user, the security role, the environment, and other properties.

  • Maker is a user who creates an object, such as an app, flow, custom connector, or other item.

  • Power Platform User is a user an app is shared with.

  • Power Platform User Role represents the role a Microsoft Power Platform user has for a specific app. This role has a one-to-many relationship with the Power Platform User and PowerApps App tables. The following information is available for each role:

    • App
    • Microsoft Power Platform user
    • Role name (Owner, CanEdit, CanView)
    • Friendly role name (Owner, Co-Owner, Viewer)

  • Microsoft Copilot Studio represents a bot (or agent) in Microsoft Copilot Studio. The following information is available for each bot:

    • Display name
    • ID
    • Created on
    • Owner
    • Modified on
    • Last launched on
    • Total number of sessions
    • Number of components (rollup)
    • Number of flows (rollup)
    • Status
    • Environment
    • Is bot orphaned (yes/no)

  • Microsoft Copilot Studio Component represents a Microsoft Copilot Studio component, such as a topic. The following information is available for each bot component:

    • Name
    • ID
    • Component created on
    • Description
    • Display name
    • Environment
    • Modified on
    • State
    • Type (topic, table)
    • Uses flow (yes/no)

  • Microsoft Copilot Studio Component Flow Lookup represents a flow triggered as part of Microsoft Copilot Studio. The following information is available for each bot component flow:

    • Name
    • ID
    • Created on/by

  • Desktop Flow represents a desktop flow. The following information is available for each desktop flow:

    • Display name
    • ID
    • Created on
    • Owner
    • Modified on
    • Desktop flow type (Power Automate Desktop, Selenium IDE)
    • Status
    • Environment
    • Is desktop flow orphaned (yes/no)

  • RPA Session represents a desktop flow session. The following information is available for each bot:

    • ID
    • Desktop Flow
    • Status Code
    • Started On
    • Completed On
    • Error Code
    • Error Message

Inventory management features

These tables store information about usage for management.

  • Data Policy Drafts is a draft data policy that you're working through in the DLP Impact Analysis app.

  • DLP Impact Analysis is an instance violating a draft data policy that you're working through with a Maker in the DLP Impact Analysis app.

  • Environment Business Area is the owning business area of an environment, if cross-charging is required.

  • Flow Action Detail is the set of actions that occur in a cloud flow. This table has a many-to-one link with the Flow table.

Solution management

These tables are used to manage the CoE solution itself.

  • CoE Solution Metadata stores metadata in table format about flows and apps that are part of the CoE Starter Kit. The CoE Admin Command Center uses this metadata.

  • Command Center Config stores bookmark information for the Bookmarks page of the CoE Admin Command Center.

  • Customized Email stores metadata about emails sent from flows in the Core Solution. Admins use this metadata to tailor emails without adding unmanaged layers on the flows.

  • Setup Wizard State metadata shows the current state of the user in the Setup Wizard. The solution uses this metadata to guide users through the steps.

  • Sync Flow Errors shows the daily occurrence of sync flow errors to provide a summary email to an admin. Each sync flow error includes the following information:

    • Flow instance URL
    • Environment
    • Created on

  • Tenant Security Roles are all the security roles in the tenant. Use this table to determine which ones you want to gather.

Security roles

These security roles only grant permissions to the custom tables but not to the environment as a whole. If you want users to view apps and flows in the environment, grant them access individually to each object. You can add them to another security role (SR) like System Admin or Environment Maker. Learn more in Security roles and privileges.

  • Power Platform Admin SR grants full access to create, read, write, and delete operations on the custom tables.

  • Power Platform Maker SR grants read and write access to the custom tables, such as environments or apps.

  • Power Platform User SR grants read-only access to resources in the custom tables.

Flows

Flow name Type Interval Description
Admin | Add Maker to Group Automated New makers added This flow adds a user who created an app, flow, custom connector, or environment for the first time to your Maker group. This flow gets triggered when a new record is created in the maker table.
Admin | Excuse Non-Inventoried Envts from Governance Flows Automated When the Excuse from Inventory column of an environment is changed If you're only doing inventory for a subset of environments (not the default behavior), this flow ensures ignored environments have their excuse from flags set correctly.
Admin | Excuse Support Envts from Governance Flows Automated When an environment record is created in the Environments table This flow checks if support environments exist and excludes these environments from the inactivity processes and compliance processes governance processes.
Admin | Gather Tenant SRs Schedule Monthly This flow retrieves the security roles in your tenant and ensures they're in the Tenant Security Roles table for management.
Admin | Sync Template v3 (Call Updates) Scheduled Weekly Used to trigger other flows to run on a weekly schedule. Needed so that those flows can be of type button and be used to run on demand or on a schedule.
Admin | Sync Template v3 (Connectors) Button Triggered from Admin | Sync Template v3 (call updates) and manually from apps This flow gets connector information, by using Get Connectors, and stores information such as the connector name, publisher, and tier.
Admin | Sync Template v3 (Flow Action Details) Automated Triggered by Admin | Sync Template v4 (driver) This flow gets the actions and triggers for all flows. This flow uses Get Flow as Admin to get action and trigger details for each flow in your tenant, so it can be time-consuming and resource-consuming to run. Turning on this flow is optional. Turn on to perform action-level reporting or analysis, such as reporting on who's using the Send Email action of the Microsoft 365 Outlook connector.
Admin | Sync Template v3 (Sync Flow Errors) Scheduled Daily This flow sends an email to the admin about environments that failed to sync (with a link to the flow instance).
Admin | Sync Template v3 CoE Solution Metadata Button Triggered from Admin | Sync Template v3 (Call Updates) and manually from apps Updates the CoE Solution Metadata table with values from CoE team after upgrades in order to track the solution contents of the CoE solutions.
Admin | Sync Template v3 (Desktop Flow - Runs) Scheduled Daily This flow gets desktop flow run history and session details. Turning on this flow is optional, only turn on this flow if a tenant-level overview of desktop flows is important.
Admin | Sync Template v3 (Desktop Flow) Automated Triggered by Admin | Sync Template v3 (Driver) This flow retrieves desktop flow information. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional. Only turn on this flow if a tenant-level overview of desktop flows is important.
Admin | Sync Template v3 (Environment Properties) Automated Triggered by Admin | Sync Template v3 (Driver) This flow retrieves add-on, capacity, and security role information for environments. This information is retrieved from the Power Platform admin connector and from underlying Dataverse tables, and requires the user running the flow to have system administrator privileges in the environment.
Admin | Sync Template v3 (Flow Action Details) Scheduled Daily This flow gets the actions and triggers for all flows. This flow uses Get Flow as Admin to get action and trigger details for every individual flow in your tenant. Thus, it can be a time-consuming and resource-consuming flow to run. Turning on this flow is optional, only do so to perform action-level reporting or analysis, such as reporting on who's using the Send Email action of the Microsoft 365 Outlook connector.
Admin | Sync Template v3 (Flows) Automated Triggered by Admin | Sync Template v3 (Driver) This flow gets cloud flow information by using Power Automate Management. Also updates the record if flows have been deleted.
Admin | Sync Template v3 (Model Driven Apps) Automated Triggered by Admin | Sync Template v3 (Driver) This flow gets model-driven app information. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment.
Admin | Sync Template v3 (Portals) Automated Triggered by Admin | Sync Template v3 (Driver) This flow retrieves Power Pages information. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional. Only turn this flow if you're using portals in your tenant and are interested in getting a tenant-wide overview.
Admin | Sync Template v3 (Solutions) Automated Triggered by Admin | Sync Template v3 (Driver) This flow retrieves solution information. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional. Only turn on this flow if a tenant-level overview of solutions is important.
Admin | Sync Template v3 (AI Models) Automated Triggered by Admin | Sync Template v3 (Driver) This flow retrieves Power Platform AI model information. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional. Only turn on this flow if you're using AI Builder models in your tenant and are interested in getting a tenant-wide overview.
Admin | Sync Template v3 (Microsoft Copilot Studio) Automated Triggered by Admin | Sync Template v3 (Driver) This flow retrieves Microsoft Copilot Studio (bot) information. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional. Only turn on this flow if a tenant-level overview of chatbots is important.
Admin | Sync Template v3 (Microsoft Copilot Studio Usage) Scheduled Daily This flow retrieves Microsoft Copilot Studio (bot) usage information on a daily basis. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional, and we recommend that you do so only if you're using Microsoft Copilot Studio in your tenant and are interested in getting a tenant-wide overview.
Admin | Sync Template v3 (Sync Flow Errors) Scheduled Daily This flow sends an email to the admin about environments that failed to sync (with a link to the flow instance).
Admin | Sync Template v3 (Call Updates) Scheduled Daily Used to trigger these three flows to run on a schedule. Needed so that those flows can be of type button and be used to run on demand or on a schedule.
Admin | Excuse Support Envts from Governance Flows Automated When an environment record is created in the Environments table This flow checks if support environments exist, and excludes those environments from the inactivity and compliance governance processes.
CLEANUP - Admin | Sync Template v3 (Check Deleted) Scheduled Every two weeks This long running flow runs every other week, and compares CoE to the tenant to determine if any objects were deleted since last run. Either just marks them as deleted (if env var Also Delete from CoE = no) or deletes them from the CoE (if Also Delete from CoE = yes). The audit log solution is able to find this information in on a daily basis for apps and flows, but not for other resources such as environments, desktop flows, and chatbots. Run this flow periodically to check for deleted resources.
CLEANUP - Admin | Sync Template v3 (Connection Status) Scheduled Weekly This flow runs weekly, and checks if any apps or flows have unresolved connections.
CLEANUP - Admin | Sync Template v3 (Delete Bad Data) Scheduled Daily This flow runs daily, and looks for data in the inventory that isn't complete, for example flows without an environment, and removes this data.
CLEANUP - Admin | Sync Template v3 (Orphaned Makers) Scheduled Weekly This flow runs weekly, and checks if any makers have left the organization. If maker information can't be found in Microsoft Entra/Office 365 Users, any resources created by the maker (apps, cloud and desktop flows, environments, chatbots) are marked as orphaned.
CLEANUP - Admin | Sync Template v3 (Apps User Shared With) Scheduled Every two weeks This long running flow runs every other week, and gets who the app is shared with by using Get App Role Assignments as Admin.
CLEANUP - Admin | Sync Template v3 (Microsoft Copilot StudioVA Usage) Scheduled Monthly This flow rolls up Microsoft Copilot Studio (bot) information on a monthly basis. This information is retrieved from underlying Dataverse tables and requires the user running the flow to have system administrator privileges in the environment. Turning on this flow is optional, and we recommend that you do so only if you're using Microsoft Copilot Studio in your tenant and are interested in getting a tenant-wide overview.
CLEANUP HELPER - Check Deleted (Business Process Flows) Child flow Called from Check Deleted Does the check deleted work for a given environment for business process flows
CLEANUP HELPER - Check Deleted (Canvas Apps) Child flow Called from Check Deleted Does the check deleted work for a given environment for canvas apps
CLEANUP HELPER - Check Deleted (Cloud Flows) Child flow Called from Check Deleted Does the check deleted work for a given environment for cloud flows
CLEANUP HELPER - Check Deleted (Model Driven Apps) Child flow Called from Check Deleted Does the check deleted work for a given environment for model driven apps
CLEANUP HELPER - Check Deleted (Microsoft Copilot Studio) Child Flow Called from Check Deleted Does the check deleted work for a given environment for chatbots
CLEANUP HELPER - Check Deleted (Solutions) Child Flow Called from Check Deleted Does the check deleted work for a given environment for solutions
CLEANUP HELPER - Check Deleted (Custom Connectors) Child Flow Called from Check Deleted Does the check deleted work for a given environment for custom connectors
CLEANUP HELPER - Check Deleted (Ai Models) Child Flow Called from Check Deleted Does the check deleted work for a given environment for Ai Models
CLEANUP HELPER - Power Apps User Shared With Child Flow Called from CLEANUP - Admin | Sync Template v3 (Power Apps User Shared With) Runs once per environment to check
HELPER - Add User to Security Role Child Flow Instant This flow adds users to security roles. This flow currently supports adding Microsoft Entra ID groups to security roles in the main organization of the current environment.
HELPER - CanvasAppOperations Child Flow Instant This flow takes in the environment, app, and operation to perform and the GUID for the new maker if the operation is to reassign ownership. The operations supported are Delete and Assign (which reassigns owner). It performs the action on the actual object in the tenant and also updates the inventory.
HELPER - CloudFlowOperations Child Flow Instant This flow takes in the environment, flow, and operation to perform and the GUID for the new maker if the operation is to reassign ownership. The operations supported are Delete and Assign (which reassigns owner). It performs the action on the actual object in the tenant and also updates the inventory.
HELPER - ObjectOperations Child Flow Instant This flow takes in the environment, flow, and operation to perform and the GUID for the new maker if the operation is to reassign ownership. It calls that the operations supported are Delete and Assign (which reassigns owner). It calls either the HELPER - CloudFlowOperations or the HELPER - CanvasAppOperations child flow depending on its last parameter, objectType. Required due to a product bug that prevents calling child flows with the Dataverse connector from Canvas Apps.
HELPER - Send Email Child Flow Instant This flow is called from all other flows and handles sending emails.
SetupWizard > CallOrphan Child Flow Instant This flow is triggered by a state in the Setup Wizard and calls the CLEANUP - Admin | Sync Template v3 (orphaned makers) to identify orphaned makers immediately after setup.
SetupWizard > CreateGroup Child Flow Instant This flow is triggered from the Setup Wizard if a new group is created when communication methods get configured. This flow creates a new Microsoft Entra security group and returns the group ID and email to the app.
SetupWizard > GetCurrentEnvironment Child Flow Instant This flow triggers from the Setup Wizard and uses the workflow() expression in Power Automate to return the current environment ID to the app.
SetupWizard > GetTenantID Child Flow Instant This flow triggers from the Setup Wizard and calls the Graph API to return the current tenant ID to the app.
SetupWizard > GetUserDetails Child Flow Instant This flow triggers from the Setup Wizard and calls the Graph API to return which licenses are assigned to the current user (the user running the Setup Wizard) to the app.
SetupWizard > RunInitialFlows Child Flow Instant This flow triggers from the Setup Wizard and runs the flows required for the initial setup of the core components: Admin | Sync Template v3 CoE Solution Metadata, Admin | Sync Template v3 Configure Emails, Admin | Sync Template v3 (connectors)
SetupWizard > ShareApps Child Flow Instant This flow triggers if you share all apps from the Setup Wizard. This flow shares all apps, based on their persona, with the groups configured when setting up communication methods.
SetupWizard > UpdateDataflowEnvironment Child Flow Instant This flow triggers from the Setup Wizard. This flow updates the environment variables with the unique IDs of the data flows that are part of the core components solution.
SetupWizard > UpdateInventoryTypeAppSetting Child Flow Instant This flow triggers from the Setup Wizard. This flow configures what navigation options to show in the Power Platform Admin view app, based on your inventory data source.
SYNC HELPER - Apps Child Flow Called by Admin | Sync Template v4 (apps) This flow updates the inventory for a specific app based on current tenant properties for that app.
SYNC HELPER - Cloud Flows Child Flow Called by Admin | Sync Template v4 (flows) This flow updates the inventory for a specific flow based on current tenant properties for that flow.
SYNC HELPER - Get Security Role Users Child Flow Called by Admin | Sync Template v4 (security roles) Gets the System Admin SR users into inventory for a given environment.

Apps

The following section describes the main apps.

CoE Setup and Upgrade Wizard

The CoE Setup and Upgrade Wizard is used by admins to set up and upgrade their CoE installs. Launch this app after each clean install or upgrade.

Use this app to:

  • Ensure you fill or expose all new environment variables.
  • Ensure you turn on all new flows in the correct order.
  • Choose between settings the kit offers for solution management.

Permission: Intended to be used only by the admin identity that owns the kit install.

Prerequisite: This CoE solution is installed or upgraded before you boot. The app doesn't assist with the upgrade of components, only the configuration afterwards.

Screenshot that shows the CoE Upgrade Wizard list of prerequisites for the user to confirm.

CoE Admin Command Center

CoE Admin Command Center is an app admins use to manage their CoE Starter Kit implementation.

Use this app to:

  • Launch CoE Starter Kit apps and other bookmarks.
  • Review CoE Starter Kit service health by checking sync flows that recently failed.
  • Manage the cloud flows used within the kit.
  • Update environment variables used in the CoE Starter Kit.
  • View Microsoft 365 Message center news related to Power Platform.
  • Download the latest CoE Starter Kit version and raise support tickets with the team.
  • Launch learning paths to learn more about Microsoft Power Platform.
  • Launch the latest posts of the Power Apps, Power Automate, Power BI, and Microsoft Copilot Studio blogs.
  • Configure email subject and body text for emails sent through the CoE Starter Kit.

Prerequisite: This app uses Dataverse and other premium connectors. A premium license is required for every app user.

Note

When you first launch the app, it creates bookmarks to all apps included in the CoE Starter Kit. Add other relevant bookmarks such as links to the Power BI dashboard, your Power Platform wiki, and community by selecting Edit bookmarks.

Screenshot showing the Bookmarks page of the CoE Admin Command Center.

When you first launch the app, you might have to establish a connection for HTTP with Microsoft Entra ID (preauthorized), and set Base Resource URL and Microsoft Entra Resource URI (Application ID URI) to https://graph.microsoft.com for commercial tenants. If your tenant is in GCC, GCC High, or DoD, check your service root endpoint for Microsoft Graph.

DLP Impact Analysis

DLP Impact Analysis is an app that allows you to experiment with changes to policy configurations. You can get a list of canvas apps and cloud flows impacted by those changes.

Use this app to:

  • Make draft data policies with changes.
  • See what effect each change has on existing canvas apps and cloud flows.
  • Mitigate risk by contacting and working with makers.

Learn more in Data policies.

Permission: Intended for use only by admins. Requires Power Platform Service Admin or user accounts with admin permissions. Share this app with your CoE admins.

Screenshot that shows the DLP Impact Analysis page of the Data policy impact analysis menu.

Note

This app can't detect or work with endpoint filtering in data policies. Learn more in Connector endpoint filtering.

This app can't check for DLP impact in other object types.

Manage Permissions

Manage Permissions is an app that admins use to manage various permissions across the tenant.

With this app, you can change permissions for:

  • Canvas app ownership
  • Cloud flow ownership
  • Security roles in tenant environments
  • Connections across the tenant

Permission: Intended for use only by admins. Requires Power Platform Service Admin or user accounts with admin permissions. Share this app with your CoE admins.

Power Platform Admin View

Power Platform Admin View is a model-driven app that provides an interface to browse items in Dataverse custom tables. The app gives you access to views and forms for the custom tables in the solution.

Use this app to:

  • Get a quick overview of resources in your tenant.
  • Learn about your makers, connectors, apps, and flows.
  • Find out to whom the apps are shared.
  • Add more information, such as notes and risk assessments, to your resources.
  • Set approved capacity for environments, and see capacity and add-on information per environment.
  • Complete app audits.
  • Manage capacity alerts.
  • Set app and flow permissions for individual resources.

Permission: Intended for use only by admins. Requires Power Platform Service Admin or user accounts with admin permissions. Share this app with your CoE admins.

Screenshot that shows the Power Platform Dashboard page from the Overview Dashboard menu of the Power Platform Admin View.

Use this app to see with whom an app is shared, what roles (editor or viewer) the users have, and for groups. You can check the size of the group.

Screenshot that shows a PowerApps App page with the App Shared With (list) section highlighted.

Use this app to manage permissions for apps and flows by selecting Manage Permissions from the command bar.

Screenshot that shows the Manage Permissions pane accessed from the Manage Permissions button in the command bar.

Use this app to email app owners and app users by selecting Email Users from the command bar.

Screenshot that shows the Email Users pane opened from the Email Users button on the command bar.

Power BI dashboard

With Power BI reports, you can get a holistic view of Dataverse data. You can understand visualizations and insights for Environment, PowerApps App, Flow, Connector, Connection Reference, Maker, and Audit Log tables.

Follow the setup instructions to set up the Power BI dashboard. Learn more in Gain insights into Power Platform adoption with the CoE Power BI dashboard.

Screenshot that shows how to filter your apps in the Overview - Power Apps page of Power BI.

Environment Request management components

Watch a walk-through of how the environment and DLP request process works.

Environment Request tables

  • Environment Creation Request is a request that non-admins submit to create a new environment. This request has a many-to-many relationship with the Maker and PowerApps Connector tables.

  • DLP Impact Analysis is an instance of an object that violates a draft data policy.

  • DLP Policy is a data policy you can offer to makers for selection in an environment request.

  • DLP Policy Change Request is a request to change the definition of an existing data policy in the tenant.

Environment Request flows

Flow name Type Interval Description
DLP Request | Apply Policy to Environment (Child) Instant When creating an environment with a given policy Helper function that takes the Power Platform Policy ID and an Environment ID as input and applies a policy to an environment. The function removes the environment from all other "Include" type policies and excludes it from all "Exclude" type policies.
DLP Request | Process Approved Policy Change Automated When a DLP Policy Change Request record is updated to the Approved state Automated flow that triggers when the approval status of a DLP Policy Change Request is updated to an Approved state. This flow calls a child flow to make the change on the Power Platform service; for example, updates the data policy, then updates the Dataverse request record to the Fulfilled state.
DLP Request | Sync new Policy Automated When a new DLP Policy row is created and Is Shared is true When a new DLP Policy row is created and Is Shared is true, it triggers the Sync Policy child flow and syncs the blocked connectors to the Dataverse row.
DLP Request | Sync Policy to Dataverse (Child) Instant Called from other flows in this solution area Takes the DLP Policy identifier as input (Dataverse record) and syncs the blocked connectors to the Dataverse policy row.
DLP Request | Sync Shared Policies Scheduled Daily Runs daily to keep the Dataverse version of each DLP Policy marked as "Is Shared" == True updated with the real policy's blocked connectors.
Env Request | Clean up Schedule Daily Runs daily to delete environments with an associated expired Request record, to send warning emails to upcoming deletions, and to close out associated Request records where the environment is manually deleted from the admin center.
Env Request | Create approved environment Automated When an Environment Creation Request’s status is updated to an Approved state Provisions the environment and other resources identified in the request.
Env Request | Notify admin when a new request is submitted Automated When a new Environment Creation Request record’s status is updated by a user to a Pending state Sends an email to the admin alias with instructions on how to review the request.
Env Request | Notify requestor when rejected Automated When an Environment Creation Request’s status is updated to the Rejected state Sends an email notification to the requestor with the rejection status and reason, then changes the request to inactive.

Environment Request apps

Environment Request apps help you manage and streamline environment requests.

CoE Admin Environment Request

Admins use the CoE Admin Environment Request app as an interface to view and approve or reject requests to create or modify Power Platform development resources. The app supports Environment Creation Requests and logs changes to data policies in the DLP Policy Change Request table.

Use this app to:

  • View all Environment Creation Requests in detail.
  • Approve or reject Environment Creation Requests.
  • Check if connectors are blocked or restricted by existing or modified data policies. Modifications you make in the app update those policies.

Permission: Intended for use only by admins. Requires Power Platform Service Admin or user accounts with admin permissions. Share this app with your CoE admins.

Prerequisite: This app uses Dataverse. End users must have a Per User license. The app must be assigned a Per App license, or the environment must be covered by pay-as-you-go.

Screenshot that shows the Environment Creation Requests details page.

CoE Maker Command Center

The CoE Maker Command Center is an app designed to help makers interact with their Power Platform Admin, including submitting requests for Power Platform resources (such as Environment Creation Requests).

Use this app to:

  • See apps shared with the makers by the Power Platform admin.
  • Submit new Environment Creation Requests.
  • View existing requests in any state submitted by that user. Here you can find an expiration timeline and link to the live environments.

Permission: Share the app with all authorized makers or the entire organization, depending on which users you want to allow Environment ownership. Requires the Power Platform Maker SR (security role) to use the Dataverse tables.

Prerequisite: This app uses Dataverse. End users must have a Per User license. The app must be assigned a Per App license, or the environment must be covered by pay-as-you-go.

Screenshot that shows the Environment Creation Requests page.

Other core components

This section covers other core components in the CoE Starter Kit.

Other tables

App Catalog Feedback represents feedback gathered for an app.

Other flows

Flow name Type Interval Description
Admin | Add-ons Alerts Scheduled Daily This flow checks add-on consumption and compares it with approved capacity that an admin sets. The flow sends an alert to the admin for environments that exceed the approved add-on consumption or are at 80% of approved capacity. The admin sets the approved capacity in the Power Platform Admin View model-driven app.
Admin | Capacity Alerts Scheduled Daily This flow checks capacity consumption and compares it with approved capacity that an admin sets. The flow sends an alert to the admin for environments that exceed the approved capacity or are at 80% of approved capacity. The admin sets the approved capacity in the Power Platform Admin View model-driven app.
Admin | Welcome Email v3 Automated When any sync flow adds a new maker to the Maker table This flow sends an email to a user who created an app, flow, custom connector, or environment. This flow triggers when a new record is created in the Maker table. You can customize the email sent by the flow.
App Catalog > Request Access Instant From the App Catalog This flow sends an access request approval to the maker.

Other apps

App Catalog provides visibility into some apps in the organization. Admins can choose which apps to highlight provided the apps meet admin requirements and are intended to be shared broadly.

When you first open the App Catalog, it doesn't display any apps. The Power Apps App table includes a field called In App Catalog, which is a Boolean (two-option) field. Setting the value to Yes adds the app to the catalog. To publish an app to the App Catalog, follow the app auditing process in the Power Platform Admin View app.

Permission: As soon as you use this process, you can share the App Catalog with the entire organization.

Prerequisite: This app uses Dataverse. If you install this solution in a production environment, either:

  • End users require a Per User license
  • The app needs to be assigned a Per App license
  • The environment needs to be covered by pay-as-you-go

Screenshot that shows the App Catalog page with two apps visible.