Let's Talk About Power Platform Managed Environments

As a Power Platform Admin I always struggled with the platform, it was simply not built in a way to administer or govern easily. I think Microsoft o always knew this, but its priority was adoption, there was benefits to security and admins not knowing the power or the risk of the platform until its benefits were to high to stop. This approach worked when the platform was still relatively unknown and/or with small to medium organisations, but now those Fortune 500 companies Microsoft wanted knew better, and they said no.

So Microsoft knew it had to add better governance to the platform, but as with all good companies, they turned this issue into an opportunity to make more money, with Managed Environments.

There is a now a long list (and growing) of features:

• Environment groups
• Limit sharing
• Weekly usage insights
• Data policies
• Pipelines in Power Platform
• Maker welcome content
• Solution checker
• IP Firewall
• IP cookie binding
• Customer Managed Key (CMK)
• Lockbox
• Extended backup
• DLP for desktop flow
• Export data to Azure Application Insights
• Catalogue
• Default environment routing
• Create an app description with Copilot
• Virtual Network support for Power Platform

So after paying for all these features how did Microsoft make more money, well by enforcing the need of a Premium license. And this is where things don't feel right, some of the above do feel like 'Premium' functionality, but some feel like core features you would expect.

Premium or Standard?

Limit Sharing

Such a key feature, limit sharing on Apps, Flows, and Agents. This is key to ensure the Default and dev environments are used correctly. So for me this feels like expecting people to pay more locks on your car

Weekly Usage Insights

Such a simple yet useful feature, a weekly email showing the most ran Flows and accessed Apps. This gives admins a spot light on where to look, sharing success or highlighting solutions that have out grown their environment. Yep, a weekly email to see what is happening in your platform is a 'Premium' feature.

Maker Welcome Content

Again a simple but powerful feature, a popup message for when developers log in. This allows users who have not gone through any training (nearly everyone in the Default environment) to understand the environment policies, and how to build solutions in the right way for the organisation. We are now in the world where a custom welcome message, that you read maybe once or twice costs you $15 a month.

DLP for Desktop Flows

This one is all the more shocking, DLP is covered across the platform, except for Desktop flows, here you pay extra. I get it its a lot more complicated to do it on a machine vs in the cloud, but you already pay separately $150 per month for them.

Create an app description with Copilot

It's a nice little feature, but come on does it really add premium capabilities/ something you would ever consider paying for.

Unfinished

And things get worse when you dig into some of the detail:

Limit Sharing

Power Apps and Copilot Studio have the ability to block sharing with groups, limit number of users, and it covers everything, but what about Flows.

And yep with Flows you can share or not (until recently it was share with users or share with groups). So will lose the granularity of something like sharing only with 2 users. Even worst its only solution aware flows, so if you haven't set to default to new flows in a solution or you have legacy flows they are not covered.

Maker Welcome Content

Again looks like the Power Automate team is playing catchup, as the welcome message appears in make.powerapps.com and copilotstudio.microsoft.com, but not in .make.powerautomate.com.
Update, in between time I wrote this and published this has now been activated, but the point of how long it took is still relevant

Solution Checker

Again another cool feature, but what it checks, well that's decided by Microsoft, there is no customisations, no way to set exactly what it checks, just the level of enforcement and rule exclusions.

Pipelines in Power Platform

I went into a lot of detail about this one in its own blog (Let's Talk About Power Platform Pipelines, but as a overview:

• Expected dev access to test/prod
• Dev connections
• SPN license issues
• Delegated service account cant handle connections

These to me are things that you would hope for $15 a month at launch, and expect after 2 years.

Value

And this one is the biggest issue I have, the value. Until recently if wanted to build Apps and Flows you needed both premium licenses ($30 per month), when you look at the list above its very poor value (and imagine 2 years ago when not all the features had launched). They did rectify this by not enforcing it for a long time and now switching to either of the licenses, but that's still $15 a month, which is a stretch.

These package offers rarely do make sense from a value side, as you often only want a couple of the features, so end up paying for things you don't need.

There is even one more overarching issues, and that's misplaced value. If you pay for value, you should be getting the value, but with managed environments that simply doesn't happen. Lets look at 'Weekly usage insights', who gets benefits, the admins who get the email, who pays for it, every developer in the environment.

And there is also the most ridiculous rule of all, every app user needs to have a premium license. That's right, even though all of the Managed Environment benefits are for Admins and Developers, every user has to pay for it. They get zero benefit, but have to pay potentially $15 for it (I know they could use other premium apps to dilute the cost but there will still be examples when someone pays $15 per month to use just a simple SharePoint app).

So my closing thoughts are that Managed environments where a good idea, are still a good idea, worth an additional cost, but licensed in the totally wrong way. They should be licensed at the environment level, not the Developer/User level. It feels like they became a vehicle to push premium license adoption instead of a solution to a set of problems.

I also think some of the features really should not be classified as premium, having governance controls and welcome messages should be part of any platforms basic functionality (I'm glad to see the new Admin Center is including new features outside of Managed Environments, fingers crossed this is a beginning in the change of direction).

I've had a few requests for a mailing list to alert new blogs, if you would like to get notified every new blog (I also do a few in the Power Platform Community), subscribe below

Subscribe to David Wyatts Blogs

powerdevbox.com

You will be pleased to know I built the mailing system myself in Power Automate, so if it doesn't work you know why 😎