Showing results for 
Search instead for 
Did you mean: 

Access Control Improvements for Large Enterprises

We are currently reviewing the capabilities of Powerapps to drive business change and enhance aging processes across our enterprise. We are geographically separated and each Operating Company has distinct requirements and little cross-over.


We are being hampered in our attempts to adopt PowerApps for this due to massive gaps in capability around governance and ways to insulate Operating Companies from each other when they share the same tenant.


Buttons like the "everyone in my organisation" along with the default-checked "email everyone" option is a disaster waiting to happen for our service desks. If enabled across the board then they will inevitably have to field calls about apps shared with them users by a maker in another company that they have no use for, nor business in looking at the data they provide.


The potential for un-skilled end users to make apps in the Default Environment and share them across the tenant (which may or may not even work) is a huge risk for us. This is more frustrating as on the surface, with the environment structure that already exists, this could have been done with these capabilites in mind. Environments appears to be buckets for Apps with very little benefit as far as control while the Default Environment is so un-restricted and users drop into it from day one.


Therefore, I believe the following abilities would help drive adoption in large enterprise environments such as our own:


1. Provide options to restrict use of the Default Environment. Perhaps treat it like any other user-created enviornment and allow the modification of the Admin and Maker roles. Alternatively, if it is required for background processes then allow it to be hidden from interactive use.


2. Provide the ability to treat environments as security boundaries, possibly aligned with AAD administrative units. To allow for a more targeted "everyone in my administrative unit" effect.


3. Provide the ability to set a default environment per-user.


4. Provide an option to change the default behaviour of the email notification checkbox, or disable its use completely when sharing tenant-wide.


5. Provide the ability to disable the PowerApps link in SPO sites same as we can with Flow.

Status: New