Showing results for 
Search instead for 
Did you mean: 
Not applicable

Best Practice on setting up Environments for large organization

We have over 5000 people in our organization. Got maybe 40 different departments that want to use PowerApps to develop something. 

1)Is it wise to create 40 different Dev Environments based on Departments and 40 different Production Environments?

2) Is that easy for environment admin to manage?

3)Or what is the best way to set up this structure?

4) each department's app will not be exposed to other departments, but if they do want to share it, are they able to share that app only and not the whole environment?


Each dept maybe got like 2-3 developers. 

Community Support
Community Support

Hi @Anonymous ,

Firstly, I don't think you need to create so many environments.

I suggest you create 2 environments, one for development, one for production.

And then you give diffrent perimission to different deparments.

For example, make admins have permission to all environments ,developers have permission to delevopment environment, common users have permission to production environment.


Secondly, manage envrionment is not so hard.

The most impromant thing is managing security role(permission) and DLP (data loss policy).

DLP is used to prevent information's security.An organization's data must be protected so that it isn't shared with audiences that should not have access to it.

Here are docs about how to manage environment in details for your reference:


Thirdly, if departmentA do not have access to one app, while departmentB have.

DepartmentB could share the app to A and give A access to run or edit.

User could only share app not share environment.



Best regards,

Community Support Team _ Phoebe Liu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Not applicable

So do I grant the 40 developers environment admins in the dev ? Or they would be environment makers?

If I grant them environment admins. They are able to modify all other developments apps?

What permission do I grant common users in production?

Best Practice for almost any application development is to have 3 environments. If you are developing an application and need people to test it while you make changes, you need a QA environment.


Also, think of an environment like a security container. Is there anything contained within it that you don't want other developers to leverage? Data in the CDS? A connector to SQL that is shared with everyone for read access? If you make a developer a maker in the environment, they can have access to that data if permissions are not setup correctly. Maybe you have different requirements for DLP policies for different groups. Example: Communications wants the ability to use Flow with Twitter and save data to a SharePoint list. If I separate Twitter and Office 365 into business and non-business, they can't. So I need a custom environment just for them and that DLP policy.


I would say do what is best for you, I know I am creating 3 environments for each large department. Creating a default DLP template that I apply to each one, and then make changes as needed. Limiting yourself to just a few environments for an entire organization is like saying, use 2 Site Collections in SharePoint for all sites and just manager permissions at the list/library, folder, subsite level. You will run into problems down the road.

Helpful resources

PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!


Are Your Ready?

Test your skills now with the Cloud Skill Challenge.


Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

Top Solution Authors
Users online (54,454)