Solved: Re: Environments, Administration and Setting Up

SteveWWHA · ‎02-16-2021

Hi All

We are looking at developing and creating apps and flows and to ensure no issues, we are looking to create a Dev/Test/UAT environment to correspond with the environments (on prem) that we currently have in place.

As it stands, we have a service account which was originally created for Flows and is still used in production for the existing ones. I've read through the documentation that exists about environments, administrating them etc (although bit confusing) and have a couple of questions if someone could help: -

1. Is it Sandbox environment i create for each environment (Dev/Test/UAT)?

2. How many can i create of the sandbox environments?

3. Is it better to create a service account for each environment?

4. What license would i need for the service account if required?

5. Is it better to setup an account as Environment admin?

Sorry for the questions, want to get it right in regards to setting everything up

If i have forgotten anything or if someone has something to add that may help, please do

Thanks

ChrisPiasecki · ‎02-17-2021

Hi @SteveWWHA ,

1. Is it Sandbox environment i create for each environment (Dev/Test/UAT)?

Yes, Sandbox environments are for non-production such as dev/test/uat/staging/etc.

2. How many can i create of the sandbox environments?

You can create as many environments as you like given you have enough database storage capacity in your tenant. Note that every sandbox or production environment you create reserves 1GB, regardless if you are using less than that. More detail is documented here.

3. Is it better to create a service account for each environment?

As a general best practice, its best to have a separate service account per environment. At a minimum, you should at least have a separate service account for production and non-production.

4. What license would i need for the service account if required?

If you are using a service principal for flows, you would set up an application user, which doesn't consume a license.

5. Is it better to setup an account as Environment admin?

The best practice is to provide the least amount of privileges to execute the tasks needed by the service principal. You should not need to grant environment admin or system admin privileges to a service principal. The only scenario where system admin privileges are needed would be to deploy a solution as part of an automated CI/CD ALM process. In that scenario though, I would use separate service principals for deploying solutions vs executing flows.

Hope this helps.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

View solution in original post

ChrisPiasecki · ‎02-17-2021

Hi @SteveWWHA ,

1. Is it Sandbox environment i create for each environment (Dev/Test/UAT)?

Yes, Sandbox environments are for non-production such as dev/test/uat/staging/etc.

2. How many can i create of the sandbox environments?

You can create as many environments as you like given you have enough database storage capacity in your tenant. Note that every sandbox or production environment you create reserves 1GB, regardless if you are using less than that. More detail is documented here.

3. Is it better to create a service account for each environment?

As a general best practice, its best to have a separate service account per environment. At a minimum, you should at least have a separate service account for production and non-production.

4. What license would i need for the service account if required?

If you are using a service principal for flows, you would set up an application user, which doesn't consume a license.

5. Is it better to setup an account as Environment admin?

The best practice is to provide the least amount of privileges to execute the tasks needed by the service principal. You should not need to grant environment admin or system admin privileges to a service principal. The only scenario where system admin privileges are needed would be to deploy a solution as part of an automated CI/CD ALM process. In that scenario though, I would use separate service principals for deploying solutions vs executing flows.

Hope this helps.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

SteveWWHA · ‎02-18-2021

Thats exactly what i was looking for

One more question...after lots of reading...the CoE provided by Microsoft, is this something that is recommended to do?

ChrisPiasecki · ‎02-18-2021

No problem @SteveWWHA.

The CoE starter kit is exactly just that, a template/starting point to help with enterprise scale governance and adoption of the Power Platform. I think it's a good idea to at least have a look at it and see if they fit your need. You can always tweak to meet your organization's need or create your own stuff. They continuously add to the starter kit and has some good stuff in there so I think it's, great there is something rather than having to start from scratch completely.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

Environments, Administration and Setting Up

Helpful resources

Power Apps News & Announcements

Introducing the Community Calls Conversations

Power Apps Community Blog