1
00:00:00,000 --> 00:00:02,440
A global enterprise ran a tenant audit last year.

2
00:00:02,440 --> 00:00:05,200
They found something most organizations never look for.

3
00:00:05,200 --> 00:00:09,680
6,200 applications, 4,000 flows, 900 connectors.

4
00:00:09,680 --> 00:00:11,720
All inside a single default environment.

5
00:00:11,720 --> 00:00:13,880
The default environment is supposed to be a playground.

6
00:00:13,880 --> 00:00:17,080
It's where users experiment, where they build personal productivity apps,

7
00:00:17,080 --> 00:00:18,600
it's not where you run production.

8
00:00:18,600 --> 00:00:19,920
Yet that's exactly what happened.

9
00:00:19,920 --> 00:00:24,080
An entire shadow application platform, apps owned by employees who left years ago,

10
00:00:24,080 --> 00:00:26,960
flows triggering business critical processes with no monitoring,

11
00:00:26,960 --> 00:00:29,880
data moving through integrations, nobody documented,

12
00:00:29,880 --> 00:00:31,800
nobody approved, nobody owned.

13
00:00:31,800 --> 00:00:33,880
When I say nobody owned it, I mean literally.

14
00:00:33,880 --> 00:00:37,640
Most apps had an owner field pointing to a user ID from 2019,

15
00:00:37,640 --> 00:00:39,240
that person no longer worked there.

16
00:00:39,240 --> 00:00:42,320
Here's what matters, this wasn't a breach, this wasn't rogue developers.

17
00:00:42,320 --> 00:00:46,640
This was the natural outcome of treating a development platform like it's a productivity tool.

18
00:00:46,640 --> 00:00:47,840
That distinction matters.

19
00:00:47,840 --> 00:00:49,440
This episode explains why.

20
00:00:49,440 --> 00:00:51,280
While local adoption exploded.

21
00:00:51,280 --> 00:00:53,560
To understand how we got here, go back 10 years.

22
00:00:53,560 --> 00:00:55,440
IT backlogs everywhere hit a wall.

23
00:00:55,440 --> 00:00:57,640
Request queue sat at 12 to 18 months.

24
00:00:57,640 --> 00:01:01,120
You'd submit a project request and know you weren't getting an answer for over a year.

25
00:01:01,120 --> 00:01:02,920
Business units got tired of waiting.

26
00:01:02,920 --> 00:01:05,320
Tired of a T saying, "We'll get to you eventually,"

27
00:01:05,320 --> 00:01:08,320
the market for professional developers was brutal.

28
00:01:08,320 --> 00:01:10,040
Supply couldn't keep pace with demand.

29
00:01:10,040 --> 00:01:12,120
Companies bid against each other for talent.

30
00:01:12,120 --> 00:01:14,360
A competent developer could write their own ticket.

31
00:01:14,360 --> 00:01:17,720
Salaries climbed, hiring freezes meant fewer people doing more work.

32
00:01:17,720 --> 00:01:20,440
Low-code platforms came along with a specific promise.

33
00:01:20,440 --> 00:01:22,320
Apps in weeks instead of months.

34
00:01:22,320 --> 00:01:23,920
No coding expertise required.

35
00:01:23,920 --> 00:01:28,000
Business users could build database applications using visual interfaces.

36
00:01:28,000 --> 00:01:29,000
No SQL.

37
00:01:29,000 --> 00:01:30,560
No programming languages.

38
00:01:30,560 --> 00:01:31,680
Drag and drop.

39
00:01:31,680 --> 00:01:33,200
Click and configure.

40
00:01:33,200 --> 00:01:34,640
The narrative was compelling.

41
00:01:34,640 --> 00:01:37,240
Let citizen developers solve the backlog problem.

42
00:01:37,240 --> 00:01:39,560
Free up IT to focus on infrastructure.

43
00:01:39,560 --> 00:01:44,360
Let the business build what it actually needs instead of waiting months for IT to translate requirements.

44
00:01:44,360 --> 00:01:46,040
Executives love the cost story.

45
00:01:46,040 --> 00:01:50,560
A citizen developer building apps in Power Apps doesn't cost $150,000 salary.

46
00:01:50,560 --> 00:01:52,440
Doesn't require six months of waiting.

47
00:01:52,440 --> 00:01:55,360
Doesn't require formal requirements and project meetings.

48
00:01:55,360 --> 00:01:59,720
By 2026, citizen developers outnumbered professional developers 4-to-1.

49
00:01:59,720 --> 00:02:03,720
Four business users building applications for every train software engineer.

50
00:02:03,720 --> 00:02:05,240
The platforms made this effortless.

51
00:02:05,240 --> 00:02:08,440
Microsoft Power Platform integrated into Microsoft 365.

52
00:02:08,440 --> 00:02:10,560
You already had a Microsoft 365 license.

53
00:02:10,560 --> 00:02:11,760
Power Apps was included.

54
00:02:11,760 --> 00:02:13,200
Power Automate was included.

55
00:02:13,200 --> 00:02:15,000
You clicked buttons and built something that worked.

56
00:02:15,000 --> 00:02:16,520
Something that solved the real problem.

57
00:02:16,520 --> 00:02:18,960
Something that moved today instead of 2027.

58
00:02:18,960 --> 00:02:21,120
Here's the architectural mistake nobody discussed.

59
00:02:21,120 --> 00:02:23,760
Organizations believe low-code meant less governance.

60
00:02:23,760 --> 00:02:26,880
Fewer rules, fewer policies, more speed, less bureaucracy.

61
00:02:26,880 --> 00:02:28,000
That's not what it meant.

62
00:02:28,000 --> 00:02:30,360
Low-code actually means distributed governance.

63
00:02:30,360 --> 00:02:33,960
It means spreading development authority across the organization.

64
00:02:33,960 --> 00:02:36,560
It means thousands of people making architectural decisions

65
00:02:36,560 --> 00:02:38,760
who've never taken a software engineering course.

66
00:02:38,760 --> 00:02:40,760
It means building systems without the discipline

67
00:02:40,760 --> 00:02:43,480
that traditionally constrained those decisions.

68
00:02:43,480 --> 00:02:46,400
Speed without architecture creates a specific problem.

69
00:02:46,400 --> 00:02:49,160
Organizations discovered that within three to five years.

70
00:02:49,160 --> 00:02:51,080
But we're getting ahead of ourselves.

71
00:02:51,080 --> 00:02:52,880
The architectural misunderstanding.

72
00:02:52,880 --> 00:02:56,160
Most organizations treat Power Platform as a productivity tool.

73
00:02:56,160 --> 00:02:57,120
Like Excel.

74
00:02:57,120 --> 00:02:59,680
Like SharePoint, something you enable for the business

75
00:02:59,680 --> 00:03:01,560
and trust users to operate responsibly.

76
00:03:01,560 --> 00:03:03,320
That is not what Power Platform is.

77
00:03:03,320 --> 00:03:06,840
Architecturally, Power Platform is a distributed development environment

78
00:03:06,840 --> 00:03:09,280
embedded inside Microsoft 365.

79
00:03:09,280 --> 00:03:10,480
That distinction matters.

80
00:03:10,480 --> 00:03:12,680
That distinction explains everything that goes wrong.

81
00:03:12,680 --> 00:03:14,320
A productivity tool stores data.

82
00:03:14,320 --> 00:03:15,720
Manages collaboration.

83
00:03:15,720 --> 00:03:17,880
Let's use this organization.

84
00:03:17,880 --> 00:03:19,360
Excel is a productivity tool.

85
00:03:19,360 --> 00:03:20,800
SharePoint is a productivity tool.

86
00:03:20,800 --> 00:03:21,920
You can misconfigure them.

87
00:03:21,920 --> 00:03:22,880
You can leak data.

88
00:03:22,880 --> 00:03:24,840
But they are not fundamentally platforms

89
00:03:24,840 --> 00:03:26,280
for building applications.

90
00:03:26,280 --> 00:03:27,760
Power Platform is different.

91
00:03:27,760 --> 00:03:29,440
It is an application development platform.

92
00:03:29,440 --> 00:03:30,240
It has a runtime.

93
00:03:30,240 --> 00:03:31,320
It has a data layer.

94
00:03:31,320 --> 00:03:34,080
It has connectors that integrate external systems.

95
00:03:34,080 --> 00:03:36,600
It can trigger automations across your entire technology

96
00:03:36,600 --> 00:03:37,080
estate.

97
00:03:37,080 --> 00:03:38,600
It can move data between systems.

98
00:03:38,600 --> 00:03:41,200
It can make decisions and execute them automatically.

99
00:03:41,200 --> 00:03:42,400
Here is what it does not have.

100
00:03:42,400 --> 00:03:43,200
A compiler.

101
00:03:43,200 --> 00:03:44,600
No static type checking.

102
00:03:44,600 --> 00:03:46,280
No forced deployment pipeline.

103
00:03:46,280 --> 00:03:47,040
No code review.

104
00:03:47,040 --> 00:03:48,440
No version control requirement.

105
00:03:48,440 --> 00:03:50,000
No automated testing framework.

106
00:03:50,000 --> 00:03:52,640
No governance enforced by the platform itself.

107
00:03:52,640 --> 00:03:54,440
This is the architectural truth.

108
00:03:54,440 --> 00:03:56,760
Every citizen developer using Power Platform

109
00:03:56,760 --> 00:03:58,200
is effectively writing software.

110
00:03:58,200 --> 00:03:59,840
They are architecting databases.

111
00:03:59,840 --> 00:04:01,280
They are building business logic.

112
00:04:01,280 --> 00:04:02,680
They are integrating systems.

113
00:04:02,680 --> 00:04:04,160
They are making security decisions.

114
00:04:04,160 --> 00:04:07,000
They are implementing data flows that touch sensitive information.

115
00:04:07,000 --> 00:04:09,520
They are doing this without formal training.

116
00:04:09,520 --> 00:04:10,840
Without architecture review.

117
00:04:10,840 --> 00:04:12,640
Without the discipline that traditionally

118
00:04:12,640 --> 00:04:15,080
constrained these decisions in software engineering.

119
00:04:15,080 --> 00:04:17,240
Organizations deployed a development platform

120
00:04:17,240 --> 00:04:18,720
without development discipline.

121
00:04:18,720 --> 00:04:20,520
Then they told users to go build.

122
00:04:20,520 --> 00:04:22,160
What looks like citizen productivity

123
00:04:22,160 --> 00:04:24,240
is actually unmanaged applications sprawl.

124
00:04:24,240 --> 00:04:25,600
The comparison matters.

125
00:04:25,600 --> 00:04:28,720
When you enable Excel, you are enabling a spreadsheet tool.

126
00:04:28,720 --> 00:04:30,400
Users can build bad spreadsheets.

127
00:04:30,400 --> 00:04:32,920
Users can create massive workbooks with broken formulas.

128
00:04:32,920 --> 00:04:33,800
You can lose data.

129
00:04:33,800 --> 00:04:35,480
But the blast radius is contained.

130
00:04:35,480 --> 00:04:36,480
It is a spreadsheet.

131
00:04:36,480 --> 00:04:38,560
The organization survives.

132
00:04:38,560 --> 00:04:39,880
When you enable Power Platform,

133
00:04:39,880 --> 00:04:41,600
you are enabling a development platform.

134
00:04:41,600 --> 00:04:43,400
Users can build bad applications.

135
00:04:43,400 --> 00:04:46,560
Users can create integrations that violate security policy.

136
00:04:46,560 --> 00:04:49,600
Users can move sensitive data where it should not go.

137
00:04:49,600 --> 00:04:52,720
Users can create automations that trigger uncontrollably.

138
00:04:52,720 --> 00:04:54,480
The organization does not just survive.

139
00:04:54,480 --> 00:04:56,480
It is now running mission critical processes

140
00:04:56,480 --> 00:04:58,720
built by people who have never seen a design pattern.

141
00:04:58,720 --> 00:05:00,920
This is not a judgment about citizen developers.

142
00:05:00,920 --> 00:05:01,920
This is architecture.

143
00:05:01,920 --> 00:05:04,360
This is what happens when you distribute development authority

144
00:05:04,360 --> 00:05:06,520
without distributing development discipline.

145
00:05:06,520 --> 00:05:08,000
The platforms make this invisible.

146
00:05:08,000 --> 00:05:11,000
Power Apps makes it effortless to connect to a data source.

147
00:05:11,000 --> 00:05:13,520
You click, you drag, you drop, and app appears.

148
00:05:13,520 --> 00:05:15,040
It works. It solves a problem.

149
00:05:15,040 --> 00:05:17,400
The UI is clean. The interactions are smooth.

150
00:05:17,400 --> 00:05:19,960
You have no sense that you just built a database application

151
00:05:19,960 --> 00:05:22,240
with no normalization, no referential integrity,

152
00:05:22,240 --> 00:05:23,200
no access controls.

153
00:05:23,200 --> 00:05:25,720
The ease of construction is precisely why this matters.

154
00:05:25,720 --> 00:05:29,240
Organizations see speed and interpret it as simplicity.

155
00:05:29,240 --> 00:05:30,840
Speed in low code is not simplicity.

156
00:05:30,840 --> 00:05:32,280
Speed is abstraction.

157
00:05:32,280 --> 00:05:35,480
The platform is hiding complexity, not eliminating it.

158
00:05:35,480 --> 00:05:38,240
It is hiding the fact that you are building software.

159
00:05:38,240 --> 00:05:40,280
Here is what a citizen developer sees.

160
00:05:40,280 --> 00:05:42,080
I clicked buttons and built an app.

161
00:05:42,080 --> 00:05:44,280
This app lets my team organize their work.

162
00:05:44,280 --> 00:05:47,480
This app saves time. This app works.

163
00:05:47,480 --> 00:05:49,240
Here is what an architect sees.

164
00:05:49,240 --> 00:05:51,640
This application has no documented data model.

165
00:05:51,640 --> 00:05:54,520
It has no owner. It has no documented business purpose.

166
00:05:54,520 --> 00:05:55,960
It has no retirement plan.

167
00:05:55,960 --> 00:05:59,360
It connects to three external systems with no audit trail.

168
00:05:59,360 --> 00:06:02,200
It stores credentials in the app's connection reference.

169
00:06:02,200 --> 00:06:04,400
It uses a personal cloud account for storage.

170
00:06:04,400 --> 00:06:05,840
It has no security review.

171
00:06:05,840 --> 00:06:08,000
It will fail silently when that person leaves.

172
00:06:08,000 --> 00:06:09,560
These are the same app.

173
00:06:09,560 --> 00:06:12,240
Two different interpretations of the same reality.

174
00:06:12,240 --> 00:06:16,560
The architectural misunderstanding is treating the citizen developer's interpretation as complete.

175
00:06:16,560 --> 00:06:18,640
Organizations believe they have a productivity tool

176
00:06:18,640 --> 00:06:20,880
when they have deployed an unmanaged development platform.

177
00:06:20,880 --> 00:06:22,600
They believe they have empowered the business

178
00:06:22,600 --> 00:06:25,600
when they have distributed architectural responsibility

179
00:06:25,600 --> 00:06:27,560
across people without architectural training.

180
00:06:27,560 --> 00:06:29,160
This is where the problems begin.

181
00:06:29,160 --> 00:06:30,920
Not because low code is bad.

182
00:06:30,920 --> 00:06:32,800
But because architecture matters.

183
00:06:32,800 --> 00:06:34,480
The default environment disaster.

184
00:06:34,480 --> 00:06:37,840
Every Microsoft 365 tenant comes with a default environment.

185
00:06:37,840 --> 00:06:39,600
This environment exists for a reason.

186
00:06:39,600 --> 00:06:41,160
It is meant to be a sandbox.

187
00:06:41,160 --> 00:06:43,560
A place where users experiment where they learn

188
00:06:43,560 --> 00:06:47,040
where they build personal productivity apps without friction.

189
00:06:47,040 --> 00:06:48,720
Here is what actually happens.

190
00:06:48,720 --> 00:06:52,200
The default environment becomes the primary application platform.

191
00:06:52,200 --> 00:06:55,080
By default, every user in your tenant is an environment maker.

192
00:06:55,080 --> 00:06:57,440
That means they can create apps in the default environment.

193
00:06:57,440 --> 00:06:58,280
They can create flows.

194
00:06:58,280 --> 00:07:01,160
They can build without approval, without review.

195
00:07:01,160 --> 00:07:04,920
Without anyone knowing it exists until something breaks.

196
00:07:04,920 --> 00:07:07,240
The data from tenant audits is consistent.

197
00:07:07,240 --> 00:07:10,200
70 to 80% of all power platform artifacts,

198
00:07:10,200 --> 00:07:13,520
apps, flows, automations exist in the default environment.

199
00:07:13,520 --> 00:07:15,160
Not in manage production environments.

200
00:07:15,160 --> 00:07:16,760
Not in isolated team environments.

201
00:07:16,760 --> 00:07:20,560
Not in controlled govern spaces in the default environment.

202
00:07:20,560 --> 00:07:23,400
This reveals the reality most organizations avoid.

203
00:07:23,400 --> 00:07:26,200
They never implemented environment architecture at all.

204
00:07:26,200 --> 00:07:27,240
They enabled power platform.

205
00:07:27,240 --> 00:07:28,800
They told users to go build.

206
00:07:28,800 --> 00:07:30,720
They left the default environment open.

207
00:07:30,720 --> 00:07:33,000
And then they were surprised when the default environment

208
00:07:33,000 --> 00:07:34,800
contained thousands of applications.

209
00:07:34,800 --> 00:07:37,840
The surprise is the indicator that architecture did not happen.

210
00:07:37,840 --> 00:07:41,160
Let me describe what happened in that global enterprise we discussed.

211
00:07:41,160 --> 00:07:43,800
The audit found 6,200 applications.

212
00:07:43,800 --> 00:07:46,720
4,000 flows, 900 connectors.

213
00:07:46,720 --> 00:07:48,160
All in the default environment.

214
00:07:48,160 --> 00:07:49,560
Think about that scale for a moment.

215
00:07:49,560 --> 00:07:50,440
That is not a mistake.

216
00:07:50,440 --> 00:07:52,160
That is not a few rogue developers.

217
00:07:52,160 --> 00:07:54,160
That is the outcome of an organization saying

218
00:07:54,160 --> 00:07:57,760
everyone can build without defining where, how, or under what conditions.

219
00:07:57,760 --> 00:08:01,960
When the audit team asked about those 6,000 applications, they discovered a pattern.

220
00:08:01,960 --> 00:08:06,720
First, 40 to 50% of the applications showed zero usage in the past year.

221
00:08:06,720 --> 00:08:10,120
They had been created possibly used once, then abandoned.

222
00:08:10,120 --> 00:08:13,440
Yet they remained in the environment, connected to live data sources,

223
00:08:13,440 --> 00:08:16,960
retaining security permissions, creating permanent attack surface.

224
00:08:16,960 --> 00:08:20,320
Second, most applications had no documented owner.

225
00:08:20,320 --> 00:08:24,240
The owner field pointed to user IDs that no longer existed in the directory.

226
00:08:24,240 --> 00:08:27,480
Those people had left the company, retired, moved to different roles.

227
00:08:27,480 --> 00:08:28,760
The applications remained.

228
00:08:28,760 --> 00:08:32,120
Often unmanaged, connected to systems they were never meant to touch.

229
00:08:32,120 --> 00:08:34,280
Third, the flows, thousands of them.

230
00:08:34,280 --> 00:08:37,480
Were triggering automations across the entire technology estate.

231
00:08:37,480 --> 00:08:42,160
Some updated SharePoint sites, some sent emails, some moved data between systems.

232
00:08:42,160 --> 00:08:44,160
Many had no documentation about their purpose.

233
00:08:44,160 --> 00:08:45,400
Most had no monitoring.

234
00:08:45,400 --> 00:08:47,280
If a flow failed silently, nobody knew.

235
00:08:47,280 --> 00:08:50,720
If a flow triggered unexpectedly, nobody understood why.

236
00:08:50,720 --> 00:08:53,280
Fourth, the connectors revealed the data story.

237
00:08:53,280 --> 00:08:57,160
900 different connector instances, meaning 900 different integrations

238
00:08:57,160 --> 00:08:58,840
to external systems and services.

239
00:08:58,840 --> 00:09:01,320
Some of those connectors used personal cloud accounts.

240
00:09:01,320 --> 00:09:04,840
Someone's drop box, someone's one drive, someone's personal Google drive.

241
00:09:04,840 --> 00:09:08,520
Data was flowing to personal storage because the app needed somewhere to put files

242
00:09:08,520 --> 00:09:11,360
and the easiest path was the user's personal cloud account.

243
00:09:11,360 --> 00:09:14,200
Let me be precise about what this means architecturally.

244
00:09:14,200 --> 00:09:18,000
An unmanaged shadow application platform had emerged inside the tenant.

245
00:09:18,000 --> 00:09:19,280
Not unauthorized.

246
00:09:19,280 --> 00:09:20,760
Power platform was approved.

247
00:09:20,760 --> 00:09:23,480
But the applications themselves had no governance.

248
00:09:23,480 --> 00:09:24,840
No lifecycle management.

249
00:09:24,840 --> 00:09:26,440
No ownership accountability.

250
00:09:26,440 --> 00:09:28,080
No documented business purpose.

251
00:09:28,080 --> 00:09:33,040
The organization was running production workflows inside an environment designed for personal experimentation.

252
00:09:33,040 --> 00:09:36,040
When you ask why this happened, the answer is simple.

253
00:09:36,040 --> 00:09:39,040
The default environment is frictionless.

254
00:09:39,040 --> 00:09:41,840
Creating an app in the default environment takes minutes.

255
00:09:41,840 --> 00:09:42,760
No approval.

256
00:09:42,760 --> 00:09:44,280
No environment request.

257
00:09:44,280 --> 00:09:45,760
No security review.

258
00:09:45,760 --> 00:09:46,800
No wait.

259
00:09:46,800 --> 00:09:48,080
Just click and build.

260
00:09:48,080 --> 00:09:51,720
When you ask why it was never discovered, the answer is also simple.

261
00:09:51,720 --> 00:09:53,880
Default environment usage was invisible.

262
00:09:53,880 --> 00:09:56,080
It does not appear on most governance dashboards.

263
00:09:56,080 --> 00:09:57,360
It does not trigger alerts.

264
00:09:57,360 --> 00:10:02,600
It just grows quietly until an audit reveals thousands of applications that nobody knew existed.

265
00:10:02,600 --> 00:10:04,560
This is the default environment disaster.

266
00:10:04,560 --> 00:10:07,800
Not that the environment exists environments are necessary.

267
00:10:07,800 --> 00:10:12,960
But that organization's deployed a development platform left the development environment completely open

268
00:10:12,960 --> 00:10:16,160
and then acted surprised when developers filled it with applications.

269
00:10:16,160 --> 00:10:18,160
The default environment is not the real problem.

270
00:10:18,160 --> 00:10:22,560
It is the symptom, the symptom of an organization that enabled a development platform without implementing

271
00:10:22,560 --> 00:10:25,040
the governance that development platforms require.

272
00:10:25,040 --> 00:10:26,640
But this is just one failure pattern.

273
00:10:26,640 --> 00:10:28,480
The real problem runs deeper.

274
00:10:28,480 --> 00:10:30,120
The connector governance gap.

275
00:10:30,120 --> 00:10:32,440
Power platform connectors are the integration layer.

276
00:10:32,440 --> 00:10:36,120
They are how applications reach beyond the platform and touch the rest of your technology

277
00:10:36,120 --> 00:10:37,120
estate.

278
00:10:37,120 --> 00:10:38,280
A connector is a bridge.

279
00:10:38,280 --> 00:10:40,480
It connects power apps to SharePoint.

280
00:10:40,480 --> 00:10:42,400
Connects power automate to Dynamics.

281
00:10:42,400 --> 00:10:44,400
Connects applications to external services.

282
00:10:44,400 --> 00:10:47,120
Connects your internal systems to personal cloud accounts.

283
00:10:47,120 --> 00:10:48,600
This is where the real damage happens.

284
00:10:48,600 --> 00:10:51,040
The architectural problem is structural.

285
00:10:51,040 --> 00:10:54,720
Connectors are approved at the tenant level, not enforced at the application level.

286
00:10:54,720 --> 00:10:59,000
An administrator approves a connector that connector becomes available to every application in

287
00:10:59,000 --> 00:11:00,000
the environment.

288
00:11:00,000 --> 00:11:02,400
Every flow, every app, every automation.

289
00:11:02,400 --> 00:11:06,400
There is no concept of this connector is approved for this specific application or this

290
00:11:06,400 --> 00:11:08,920
connector can only access this specific data.

291
00:11:08,920 --> 00:11:11,520
The approval is binary, approved or blocked.

292
00:11:11,520 --> 00:11:13,840
Once approved, it is available everywhere.

293
00:11:13,840 --> 00:11:15,080
Here is the vulnerability.

294
00:11:15,080 --> 00:11:18,800
Overly permissive connector policies create data leakage pathways.

295
00:11:18,800 --> 00:11:23,640
A single poorly configured flow can expose sensitive data across organizational boundaries.

296
00:11:23,640 --> 00:11:27,280
After what happened at a financial services organization, they enabled power platform.

297
00:11:27,280 --> 00:11:30,240
They wanted citizen developers building workflow automations.

298
00:11:30,240 --> 00:11:32,640
They wanted to accelerate digital transformation.

299
00:11:32,640 --> 00:11:34,880
They approved connectors for the business.

300
00:11:34,880 --> 00:11:36,200
SharePoint connector.

301
00:11:36,200 --> 00:11:37,200
Dynamics connector.

302
00:11:37,200 --> 00:11:38,400
One drive connector.

303
00:11:38,400 --> 00:11:39,880
Outlook connector.

304
00:11:39,880 --> 00:11:43,040
Standard business services.

305
00:11:43,040 --> 00:11:47,440
A few months later, an architect noticed something unusual in the audit logs.

306
00:11:47,440 --> 00:11:50,760
Power apps were moving SharePoint data into personal Dropbox accounts.

307
00:11:50,760 --> 00:11:52,680
Not a Dropbox managed by the company.

308
00:11:52,680 --> 00:11:53,680
Personal Dropbox accounts.

309
00:11:53,680 --> 00:11:56,080
Someone's individual cloud storage.

310
00:11:56,080 --> 00:11:58,440
When they traced the flow, the path was simple.

311
00:11:58,440 --> 00:12:02,560
An application was reading confidential data from a secure SharePoint library.

312
00:12:02,560 --> 00:12:04,520
The SharePoint connector accessed the data.

313
00:12:04,520 --> 00:12:07,320
The Dropbox connector moved the data to personal storage.

314
00:12:07,320 --> 00:12:09,720
No security warning, no policy violation detected.

315
00:12:09,720 --> 00:12:10,720
No audit alert.

316
00:12:10,720 --> 00:12:11,720
The connectors were approved.

317
00:12:11,720 --> 00:12:13,680
The user had the right to access SharePoint.

318
00:12:13,680 --> 00:12:15,480
The Dropbox connector moved the files.

319
00:12:15,480 --> 00:12:17,920
From the platform's perspective, everything was legitimate.

320
00:12:17,920 --> 00:12:20,720
From a compliance perspective, it was a near catastrophe.

321
00:12:20,720 --> 00:12:24,600
Sensitive financial data was sitting in someone's personal cloud account.

322
00:12:24,600 --> 00:12:25,920
Not encrypted by the company.

323
00:12:25,920 --> 00:12:28,240
Not secured by corporate DLP policies.

324
00:12:28,240 --> 00:12:30,560
Not subject to corporate retention policies.

325
00:12:30,560 --> 00:12:32,800
Accessible by whatever device that person used.

326
00:12:32,800 --> 00:12:35,400
Backed up by whatever backup service Dropbox uses.

327
00:12:35,400 --> 00:12:38,680
Potentially accessible to anyone who compromises that personal account.

328
00:12:38,680 --> 00:12:40,360
The root cause was not user-mallus.

329
00:12:40,360 --> 00:12:43,360
The person building the flow was trying to solve a real problem.

330
00:12:43,360 --> 00:12:44,720
They needed to get data somewhere.

331
00:12:44,720 --> 00:12:46,280
They needed to automate a process.

332
00:12:46,280 --> 00:12:47,960
They had access to a SharePoint library.

333
00:12:47,960 --> 00:12:49,480
They had a personal Dropbox account.

334
00:12:49,480 --> 00:12:50,440
They connected them.

335
00:12:50,440 --> 00:12:51,440
The system allowed it.

336
00:12:51,440 --> 00:12:52,440
So they did it.

337
00:12:52,440 --> 00:12:55,160
The organization believed Power Platform was secured by default.

338
00:12:55,160 --> 00:12:58,360
It is not security and Power Platform is permissive by default.

339
00:12:58,360 --> 00:13:02,040
If a connector is approved and a user has permission, the data moves.

340
00:13:02,040 --> 00:13:03,520
Here is the architectural problem.

341
00:13:03,520 --> 00:13:05,520
Data loss prevention policies exist.

342
00:13:05,520 --> 00:13:08,720
DLP and Power Platform can restrict connector combinations.

343
00:13:08,720 --> 00:13:12,720
You can create rules that say SharePoint connector cannot be used in the same flow as

344
00:13:12,720 --> 00:13:14,800
personal cloud storage connectors.

345
00:13:14,800 --> 00:13:16,760
You can enforce this at the environment level.

346
00:13:16,760 --> 00:13:18,360
You can audit violations.

347
00:13:18,360 --> 00:13:20,720
The DLP policies are not automatically applied.

348
00:13:20,720 --> 00:13:22,560
They require explicit configuration.

349
00:13:22,560 --> 00:13:26,720
They require an organization to think through which connector combinations are risky.

350
00:13:26,720 --> 00:13:31,640
They require someone to define data sensitivity levels and map those to connector restrictions.

351
00:13:31,640 --> 00:13:33,040
Most organizations never do this.

352
00:13:33,040 --> 00:13:36,800
They approve connectors and assume the user will make responsible choices.

353
00:13:36,800 --> 00:13:38,360
This is not architecture.

354
00:13:38,360 --> 00:13:39,600
This is hope.

355
00:13:39,600 --> 00:13:41,560
The consequence is straightforward.

356
00:13:41,560 --> 00:13:43,920
Sensitive data moves where it should not go.

357
00:13:43,920 --> 00:13:45,320
Sometimes to personal accounts.

358
00:13:45,320 --> 00:13:46,960
Sometimes to external services.

359
00:13:46,960 --> 00:13:49,400
To systems without encryption.

360
00:13:49,400 --> 00:13:54,560
Sometimes in violation of compliance requirements, the organization never documented in the first place.

361
00:13:54,560 --> 00:13:56,560
One near breach becomes multiple breaches.

362
00:13:56,560 --> 00:13:57,840
Multiple breaches become a pattern.

363
00:13:57,840 --> 00:13:59,640
A pattern becomes a compliance violation.

364
00:13:59,640 --> 00:14:04,600
This connector governance gap is the infrastructure underneath the default environment disaster.

365
00:14:04,600 --> 00:14:06,400
Both reveal the same underlying truth.

366
00:14:06,400 --> 00:14:11,240
Power Platform distributes capability without distributing the governance that capability requires.

367
00:14:11,240 --> 00:14:15,040
But the data movement problem is actually secondary to what comes next.

368
00:14:15,040 --> 00:14:17,720
Because the real sprawl happens in the automations.

369
00:14:17,720 --> 00:14:19,520
The flow explosion problem.

370
00:14:19,520 --> 00:14:21,600
Power Automate flows are automation pipelines.

371
00:14:21,600 --> 00:14:22,680
They trigger on events.

372
00:14:22,680 --> 00:14:23,920
They execute business logic.

373
00:14:23,920 --> 00:14:25,200
They integrate systems.

374
00:14:25,200 --> 00:14:27,560
A flow watches for a specific condition.

375
00:14:27,560 --> 00:14:28,800
A file is created.

376
00:14:28,800 --> 00:14:29,800
An email arrives.

377
00:14:29,800 --> 00:14:31,040
A record is modified.

378
00:14:31,040 --> 00:14:32,040
And then it acts.

379
00:14:32,040 --> 00:14:33,560
It sends a notification.

380
00:14:33,560 --> 00:14:35,360
It creates a record in another system.

381
00:14:35,360 --> 00:14:36,360
It moves data.

382
00:14:36,360 --> 00:14:39,000
It makes a decision and executes the consequence.

383
00:14:39,000 --> 00:14:40,320
Flows are easy to build.

384
00:14:40,320 --> 00:14:41,320
Extremely easy.

385
00:14:41,320 --> 00:14:42,320
You specify a trigger.

386
00:14:42,320 --> 00:14:43,320
You add actions.

387
00:14:43,320 --> 00:14:44,320
You save.

388
00:14:44,320 --> 00:14:45,320
No runs.

389
00:14:45,320 --> 00:14:46,600
No deployment process.

390
00:14:46,600 --> 00:14:47,600
No version control.

391
00:14:47,600 --> 00:14:48,880
No approval gate.

392
00:14:48,880 --> 00:14:53,400
A user with the right permissions can build a flow in 10 minutes that touches your entire enterprise

393
00:14:53,400 --> 00:14:54,400
architecture.

394
00:14:54,400 --> 00:14:56,320
This is where scale becomes a problem.

395
00:14:56,320 --> 00:14:58,160
Large tenants accumulate thousands of flows.

396
00:14:58,160 --> 00:14:59,160
Not hundreds.

397
00:14:59,160 --> 00:15:00,160
Thousands.

398
00:15:00,160 --> 00:15:01,240
A retail organization we mentioned.

399
00:15:01,240 --> 00:15:05,040
They ran an audit and found 11,000 power automate flows.

400
00:15:05,040 --> 00:15:09,640
11,000 automations running across their technology estate with no centralized visibility.

401
00:15:09,640 --> 00:15:10,640
No lifecycle management.

402
00:15:10,640 --> 00:15:11,960
No documented purpose.

403
00:15:11,960 --> 00:15:13,200
Most triggered every few minutes.

404
00:15:13,200 --> 00:15:14,200
But think about that scale.

405
00:15:14,200 --> 00:15:16,920
11,000 pipelines executing continuously.

406
00:15:16,920 --> 00:15:18,080
Each one making decisions.

407
00:15:18,080 --> 00:15:19,560
Each one integrating systems.

408
00:15:19,560 --> 00:15:22,760
Each one potentially failing in ways nobody anticipated.

409
00:15:22,760 --> 00:15:24,120
The consequence is straightforward.

410
00:15:24,120 --> 00:15:25,440
API throttling.

411
00:15:25,440 --> 00:15:28,440
The systems these flows connect to have rate limits.

412
00:15:28,440 --> 00:15:29,840
SharePoint has throttling.

413
00:15:29,840 --> 00:15:30,840
Dynamics has throttling.

414
00:15:30,840 --> 00:15:31,840
Exchange has throttling.

415
00:15:31,840 --> 00:15:35,840
When 11,000 flows trigger simultaneously, they hit those limits.

416
00:15:35,840 --> 00:15:36,840
Request queue.

417
00:15:36,840 --> 00:15:37,840
Request fail.

418
00:15:37,840 --> 00:15:41,000
The business experience is degraded performance during peak hours because automations

419
00:15:41,000 --> 00:15:45,720
created years ago are now running at scale against systems they were never designed to touch.

420
00:15:45,720 --> 00:15:47,120
Licensing over ages follow.

421
00:15:47,120 --> 00:15:48,840
Power platform licensing is metered.

422
00:15:48,840 --> 00:15:51,360
Some flows consume premium connector licenses.

423
00:15:51,360 --> 00:15:54,800
Some flows consume API calls against your tenant quota.

424
00:15:54,800 --> 00:15:59,640
When you have 11,000 flows, many redundant, many abandoned, many triggering, far more frequently

425
00:15:59,640 --> 00:16:03,600
than necessary, the licensing bill becomes unpredictable.

426
00:16:03,600 --> 00:16:07,960
Organizations often do not realize flow volume until costs start escalating.

427
00:16:07,960 --> 00:16:09,560
Here is the architectural issue.

428
00:16:09,560 --> 00:16:11,560
Those are invisible to governance until they fail.

429
00:16:11,560 --> 00:16:12,800
A flow runs silently.

430
00:16:12,800 --> 00:16:14,240
It executes its automation.

431
00:16:14,240 --> 00:16:15,920
If it succeeds, nobody notices.

432
00:16:15,920 --> 00:16:17,800
If it fails, it might trigger an alert.

433
00:16:17,800 --> 00:16:19,200
It might fail silently.

434
00:16:19,200 --> 00:16:20,760
It might retry automatically.

435
00:16:20,760 --> 00:16:23,200
It might leave data in an inconsistent state.

436
00:16:23,200 --> 00:16:28,000
But the flow itself, its existence, its purpose, its impact remains invisible until something

437
00:16:28,000 --> 00:16:29,000
breaks.

438
00:16:29,000 --> 00:16:31,000
The documentation gap is profound.

439
00:16:31,000 --> 00:16:35,040
In the retail organization audit, most of those 11,000 flows had no owner.

440
00:16:35,040 --> 00:16:36,440
No documented business purpose.

441
00:16:36,440 --> 00:16:37,880
No life cycle policy.

442
00:16:37,880 --> 00:16:39,120
No retirement date.

443
00:16:39,120 --> 00:16:40,760
No success criteria.

444
00:16:40,760 --> 00:16:44,040
Just flows that existed and executed.

445
00:16:44,040 --> 00:16:47,960
When someone asked why does this flow exist, the answer was often unknown.

446
00:16:47,960 --> 00:16:50,600
The person who created it had left the company.

447
00:16:50,600 --> 00:16:52,440
The business needed address had changed.

448
00:16:52,440 --> 00:16:54,960
The system it integrated with had been replaced.

449
00:16:54,960 --> 00:17:00,160
But the flow remained running, consuming API quota, potentially moving data or triggering

450
00:17:00,160 --> 00:17:02,560
actions based on logic nobody remembered.

451
00:17:02,560 --> 00:17:05,600
This is technical debt manifesting as operational drag.

452
00:17:05,600 --> 00:17:08,560
The organization paid for every flow through licensing costs.

453
00:17:08,560 --> 00:17:10,760
They paid for API calls, the flows consumed.

454
00:17:10,760 --> 00:17:11,960
They paid in system load.

455
00:17:11,960 --> 00:17:13,600
They paid in performance degradation.

456
00:17:13,600 --> 00:17:16,680
And they received no visibility into what that payment purchased.

457
00:17:16,680 --> 00:17:21,000
The hidden cost is that organizations often do not realize flow volume until performance

458
00:17:21,000 --> 00:17:22,960
degrades or licensing costs spike.

459
00:17:22,960 --> 00:17:24,240
There is no forcing function.

460
00:17:24,240 --> 00:17:27,120
No alert that says you now have 5,000 flows.

461
00:17:27,120 --> 00:17:31,240
No warning that says this flow has been dormant for six months and should be retired.

462
00:17:31,240 --> 00:17:35,120
No governance dashboard showing which flows are business critical and which are abandoned

463
00:17:35,120 --> 00:17:36,120
experiments.

464
00:17:36,120 --> 00:17:39,720
Those accumulate silently until they create a problem too large to ignore.

465
00:17:39,720 --> 00:17:41,200
This is the flow explosion problem.

466
00:17:41,200 --> 00:17:42,880
Not that flows are bad.

467
00:17:42,880 --> 00:17:44,120
Automation is valuable.

468
00:17:44,120 --> 00:17:47,880
Flows that orchestrate business processes correctly save labor and reduce error.

469
00:17:47,880 --> 00:17:53,360
But flows without life cycle management, without documented purpose, without ownership accountability,

470
00:17:53,360 --> 00:17:56,760
without retirement plans, those flows become hidden operational debt.

471
00:17:56,760 --> 00:17:59,040
The sprawl is invisible until it is catastrophic.

472
00:17:59,040 --> 00:18:01,560
The cost is invisible until it is unaffordable.

473
00:18:01,560 --> 00:18:04,440
The impact is invisible until systems degrade.

474
00:18:04,440 --> 00:18:08,720
And this pattern easy to build invisible until failure costly to remediate creates a specific

475
00:18:08,720 --> 00:18:11,560
financial consequence that organizations eventually discover.

476
00:18:11,560 --> 00:18:13,520
The licensing surprise.

477
00:18:13,520 --> 00:18:17,560
Organizations discover the true cost of unmanaged power platform when the bill arrives.

478
00:18:17,560 --> 00:18:19,240
Power platform licensing is tiered.

479
00:18:19,240 --> 00:18:22,200
There are per user licenses, per app licenses.

480
00:18:22,200 --> 00:18:24,400
Premium connectors carry additional cost.

481
00:18:24,400 --> 00:18:27,840
Dataverse storage is metered, you pay per gigabyte.

482
00:18:27,840 --> 00:18:30,480
Environments beyond a certain number require capacity add-ons.

483
00:18:30,480 --> 00:18:33,160
The pricing model is designed to scale with usage.

484
00:18:33,160 --> 00:18:37,680
And organizations do not anticipate is how quickly that usage scales when governance does not exist.

485
00:18:37,680 --> 00:18:40,040
A multinational company made a strategic decision.

486
00:18:40,040 --> 00:18:42,760
They would enable power platform for citizen development.

487
00:18:42,760 --> 00:18:44,880
They would democratize application building.

488
00:18:44,880 --> 00:18:46,920
They would accelerate digital transformation.

489
00:18:46,920 --> 00:18:48,560
They would reduce IT backlogs.

490
00:18:48,560 --> 00:18:49,800
All of this sounded correct.

491
00:18:49,800 --> 00:18:53,480
All of it aligned with the market narrative around local platforms.

492
00:18:53,480 --> 00:18:58,000
Within two years, power platform became one of the top five SaaS expenses in the organization's

493
00:18:58,000 --> 00:18:59,200
IT budget.

494
00:18:59,200 --> 00:19:00,200
Here is what happened.

495
00:19:00,200 --> 00:19:01,720
Dataverse storage exploded.

496
00:19:01,720 --> 00:19:03,080
Power apps needed database.

497
00:19:03,080 --> 00:19:04,600
That database is dataverse.

498
00:19:04,600 --> 00:19:07,760
Every app that stores data uses dataverse capacity.

499
00:19:07,760 --> 00:19:12,000
When you have thousands of applications, many storing duplicate data because there is no

500
00:19:12,000 --> 00:19:14,800
data architecture, dataverse usage climbs exponentially.

501
00:19:14,800 --> 00:19:17,560
The organization hit storage limits they had not anticipated.

502
00:19:17,560 --> 00:19:20,680
They purchased additional capacity, then hit those limits again.

503
00:19:20,680 --> 00:19:23,160
Premium connector usage skyrocketed.

504
00:19:23,160 --> 00:19:26,160
Standard connectors, sharepoint teams, outlook are included.

505
00:19:26,160 --> 00:19:30,440
Premium connectors, the ones that connect to specialized systems, external services, API

506
00:19:30,440 --> 00:19:33,160
gateways, require additional licensing.

507
00:19:33,160 --> 00:19:35,920
The organization had approved premium connectors broadly.

508
00:19:35,920 --> 00:19:40,000
Flows that used premium connectors scaled, suddenly the organization needed far more premium

509
00:19:40,000 --> 00:19:43,040
connector licenses than they had budgeted for.

510
00:19:43,040 --> 00:19:45,480
Environments sprawl required additional licensing tiers.

511
00:19:45,480 --> 00:19:48,480
The organization realized they needed more than the default environments.

512
00:19:48,480 --> 00:19:49,880
They created team environments.

513
00:19:49,880 --> 00:19:51,880
They created project specific environments.

514
00:19:51,880 --> 00:19:53,840
They created sandbox environments.

515
00:19:53,840 --> 00:19:57,720
Each environment beyond the initial allocation requires a capacity add on.

516
00:19:57,720 --> 00:19:59,200
The licensing will climb again.

517
00:19:59,200 --> 00:20:01,560
The organization could not answer a basic question.

518
00:20:01,560 --> 00:20:03,080
Which of these costs were justified?

519
00:20:03,080 --> 00:20:05,520
Which applications justified their dataverse storage?

520
00:20:05,520 --> 00:20:07,160
The organization could not tell.

521
00:20:07,160 --> 00:20:09,280
Most applications had no documented business value.

522
00:20:09,280 --> 00:20:10,680
No success metrics.

523
00:20:10,680 --> 00:20:15,080
No measurement of whether the app was solving the problem it was supposed to solve.

524
00:20:15,080 --> 00:20:17,280
Which premium connectors were delivering value?

525
00:20:17,280 --> 00:20:18,760
The organization could not tell.

526
00:20:18,760 --> 00:20:20,560
The new premium connectors were being used.

527
00:20:20,560 --> 00:20:23,880
They did not know which flows used them or why those flows were necessary.

528
00:20:23,880 --> 00:20:25,360
Which environments were essential?

529
00:20:25,360 --> 00:20:26,920
The organization could not tell.

530
00:20:26,920 --> 00:20:30,520
Some environments were legacy created for pilots that had concluded.

531
00:20:30,520 --> 00:20:33,520
Some environments were test environments that had become production.

532
00:20:33,520 --> 00:20:36,920
Some environments were abandoned after projects completed but never deleted.

533
00:20:36,920 --> 00:20:38,240
The visibility gap was total.

534
00:20:38,240 --> 00:20:40,760
The organization had perfect financial visibility.

535
00:20:40,760 --> 00:20:41,680
They could see the bill.

536
00:20:41,680 --> 00:20:43,800
They had zero operational visibility.

537
00:20:43,800 --> 00:20:45,960
They could not map that bill to business value.

538
00:20:45,960 --> 00:20:49,720
The financial impact was approximately two million dollars in unexpected licensing costs

539
00:20:49,720 --> 00:20:50,800
over two years.

540
00:20:50,800 --> 00:20:54,480
Not catastrophic in the context of an enterprise IT budget.

541
00:20:54,480 --> 00:20:56,040
Significant enough to require explanation.

542
00:20:56,040 --> 00:21:00,680
It was possible to justify because the organization had no data connecting costs to outcomes.

543
00:21:00,680 --> 00:21:02,880
Here is the architectural lesson.

544
00:21:02,880 --> 00:21:06,320
Without life cycle management you are paying for assets that do not deliver value.

545
00:21:06,320 --> 00:21:11,800
The organization was paying per gigabyte for data worth storage consumed by abandoned applications.

546
00:21:11,800 --> 00:21:16,000
They were paying for premium connector licenses consumed by flows nobody remembered creating.

547
00:21:16,000 --> 00:21:20,360
They were paying for environments created for projects that had concluded years earlier.

548
00:21:20,360 --> 00:21:22,840
The licensing surprise is not actually about licensing.

549
00:21:22,840 --> 00:21:25,560
It is about the invisible consequence of unmanaged sprawl.

550
00:21:25,560 --> 00:21:29,120
When you deploy a platform without governance when you allow thousands of applications to

551
00:21:29,120 --> 00:21:32,200
accumulate without life cycle management.

552
00:21:32,200 --> 00:21:36,640
When you never retire anything because retirement requires effort you eventually discover that

553
00:21:36,640 --> 00:21:40,200
you are paying for a massive amount of unused capacity.

554
00:21:40,200 --> 00:21:41,360
The bill arrives.

555
00:21:41,360 --> 00:21:43,560
The organization realizes the cost.

556
00:21:43,560 --> 00:21:46,320
They ask which applications justify that cost.

557
00:21:46,320 --> 00:21:49,800
Nobody can answer because nobody has been tracking which applications exist much less

558
00:21:49,800 --> 00:21:51,400
which ones are essential.

559
00:21:51,400 --> 00:21:53,880
This is when organizations typically make a decision.

560
00:21:53,880 --> 00:21:57,840
They either invest in serious governance to clean up the mess or they accept that this is

561
00:21:57,840 --> 00:22:00,080
the cost of enabling citizen development.

562
00:22:00,080 --> 00:22:02,120
Most organizations choose neither immediately.

563
00:22:02,120 --> 00:22:03,120
They freeze spending.

564
00:22:03,120 --> 00:22:05,760
They demand ROI justification for new applications.

565
00:22:05,760 --> 00:22:06,880
They hire a consultant.

566
00:22:06,880 --> 00:22:10,960
They launch a cleanup project and then they discover that cleaning up the mess is far harder

567
00:22:10,960 --> 00:22:13,040
than preventing the mess would have been.

568
00:22:13,040 --> 00:22:14,640
The zombie app problem.

569
00:22:14,640 --> 00:22:17,160
Here is a pattern that appears in every tenant audit.

570
00:22:17,160 --> 00:22:21,280
30 to 50% of applications show zero usage after creation.

571
00:22:21,280 --> 00:22:24,560
Zero, not low usage, not declining usage, no usage at all.

572
00:22:24,560 --> 00:22:25,800
For months, for years.

573
00:22:25,800 --> 00:22:28,480
The application was built, deployed, then abandoned.

574
00:22:28,480 --> 00:22:29,480
But it was never retired.

575
00:22:29,480 --> 00:22:31,400
This is the zombie app problem.

576
00:22:31,400 --> 00:22:34,160
Applications that exist but serve no function.

577
00:22:34,160 --> 00:22:37,160
Applications that consume resources but deliver no value.

578
00:22:37,160 --> 00:22:40,920
Applications that persist in your environment connected to live data, retaining security permissions

579
00:22:40,920 --> 00:22:43,080
creating permanent attack surface.

580
00:22:43,080 --> 00:22:44,080
Why do they persist?

581
00:22:44,080 --> 00:22:45,560
The answer is architectural.

582
00:22:45,560 --> 00:22:48,000
Power Platform has no forced deprecation mechanism.

583
00:22:48,000 --> 00:22:49,920
There is no automatic retirement policy.

584
00:22:49,920 --> 00:22:54,200
There is no system that says this application has had zero usage for 90 days.

585
00:22:54,200 --> 00:22:55,760
It will be deactivated.

586
00:22:55,760 --> 00:22:57,960
There is no enforcement that requires ownership.

587
00:22:57,960 --> 00:23:00,320
There is no policy that forces a business justification.

588
00:23:00,320 --> 00:23:03,760
The application simply remains connected, accessible, running.

589
00:23:03,760 --> 00:23:06,200
Zombie apps exist for predictable reasons.

590
00:23:06,200 --> 00:23:08,560
A team builds an application to solve a specific problem.

591
00:23:08,560 --> 00:23:09,640
The problem gets solved.

592
00:23:09,640 --> 00:23:10,960
The business need changes.

593
00:23:10,960 --> 00:23:13,560
The person who built the application leaves the company.

594
00:23:13,560 --> 00:23:16,200
The project concludes the application becomes irrelevant.

595
00:23:16,200 --> 00:23:20,800
But it is never formally retired because retirement requires administrative action.

596
00:23:20,800 --> 00:23:24,320
Retirement requires someone to decide the application is no longer needed.

597
00:23:24,320 --> 00:23:27,160
Retirement requires someone to take responsibility for deactivation.

598
00:23:27,160 --> 00:23:31,080
In the absence of a formal life cycle policy, retirement does not happen.

599
00:23:31,080 --> 00:23:32,880
The application remains in the environment.

600
00:23:32,880 --> 00:23:35,040
Accessible, connected to data sources.

601
00:23:35,040 --> 00:23:37,000
Retaining the permissions it was created with.

602
00:23:37,000 --> 00:23:38,360
A permanently dormant asset.

603
00:23:38,360 --> 00:23:39,600
The risk is straightforward.

604
00:23:39,600 --> 00:23:42,120
A zombie application remains connected to live data.

605
00:23:42,120 --> 00:23:46,280
If that application is ever re-activated because a user remembers it exists or because someone

606
00:23:46,280 --> 00:23:51,280
restores it or because an automated process re-enables it, it connects to whatever data

607
00:23:51,280 --> 00:23:54,160
sources it was originally configured to reach.

608
00:23:54,160 --> 00:23:58,280
Those data sources may have changed in the years since the application was abandoned.

609
00:23:58,280 --> 00:24:00,520
The application may now have permission to access data.

610
00:24:00,520 --> 00:24:02,400
It was never intended to touch.

611
00:24:02,400 --> 00:24:05,160
Zombie applications retain security permissions.

612
00:24:05,160 --> 00:24:08,000
The application was created with specific access rights.

613
00:24:08,000 --> 00:24:11,920
Those permissions remain if the application is inadvertently activated or if someone

614
00:24:11,920 --> 00:24:14,360
modifies it, those permissions are still in place.

615
00:24:14,360 --> 00:24:18,040
A security review may have been performed when the application was created.

616
00:24:18,040 --> 00:24:20,240
No review occurred in the years it was dormant.

617
00:24:20,240 --> 00:24:23,160
The security posture of the surrounding systems may have changed.

618
00:24:23,160 --> 00:24:26,000
The application's permissions may no longer be appropriate.

619
00:24:26,000 --> 00:24:27,920
This creates long-term attack surface.

620
00:24:27,920 --> 00:24:30,800
Every zombie application is a potential vector for compromise.

621
00:24:30,800 --> 00:24:34,520
An attacker who gains access to the application gains the permissions that application was

622
00:24:34,520 --> 00:24:35,520
granted.

623
00:24:35,520 --> 00:24:39,800
An attacker who understands what data the application can reach gains visibility into sensitive

624
00:24:39,800 --> 00:24:40,960
systems.

625
00:24:40,960 --> 00:24:44,960
An attacker who activates a dormant application may trigger automations or data movements

626
00:24:44,960 --> 00:24:47,040
that have not been validated in years.

627
00:24:47,040 --> 00:24:48,400
The operational cost is hidden.

628
00:24:48,400 --> 00:24:50,720
It must maintain zombie applications.

629
00:24:50,720 --> 00:24:53,560
Must patch them if they are part of a managed solution.

630
00:24:53,560 --> 00:24:55,560
Must monitor them for compliance audits.

631
00:24:55,560 --> 00:24:58,680
Must answer questions about what they do and why they exist.

632
00:24:58,680 --> 00:25:01,600
Must eventually decide whether to keep them or delete them.

633
00:25:01,600 --> 00:25:05,960
All of this effort is consumed by applications delivering zero business value.

634
00:25:05,960 --> 00:25:10,320
The architectural failure is that power platform treats application lifecycle as optional.

635
00:25:10,320 --> 00:25:14,280
An application created in PowerApps exists forever unless explicitly deleted.

636
00:25:14,280 --> 00:25:15,960
There is no concept of deprecation.

637
00:25:15,960 --> 00:25:19,360
No concept of automatic retirement based on usage metrics.

638
00:25:19,360 --> 00:25:22,800
No concept of mandatory review after a period of inactivity.

639
00:25:22,800 --> 00:25:25,800
The platform allows applications to accumulate indefinitely.

640
00:25:25,800 --> 00:25:29,240
This is fundamentally different from enterprise software systems.

641
00:25:29,240 --> 00:25:32,520
Traditional application portfolios have lifecycle management.

642
00:25:32,520 --> 00:25:34,160
Applications are flagged for review.

643
00:25:34,160 --> 00:25:37,640
Applications showing no usage trigger notifications to stakeholders.

644
00:25:37,640 --> 00:25:39,880
Applications are retired after they reach end of life.

645
00:25:39,880 --> 00:25:43,600
The organization actively manages what runs and what does not.

646
00:25:43,600 --> 00:25:45,640
Power platform inverts this.

647
00:25:45,640 --> 00:25:49,240
Applications are created and persist forever unless actively removed.

648
00:25:49,240 --> 00:25:54,440
The organization must continuously expand effort to clean up applications nobody uses.

649
00:25:54,440 --> 00:25:59,840
The zombie app problem is the consequence of treating power platform as a tool rather than a platform.

650
00:25:59,840 --> 00:26:01,640
A tool you use and discard.

651
00:26:01,640 --> 00:26:04,160
A platform you must actively manage for its lifetime.

652
00:26:04,160 --> 00:26:09,240
These individual failures, the default environment sprawl, the connector governance gap, the flow explosion,

653
00:26:09,240 --> 00:26:13,360
the licensing surprises, the zombie applications are not isolated problems.

654
00:26:13,360 --> 00:26:15,840
They are symptoms of a deeper architectural issue.

655
00:26:15,840 --> 00:26:19,360
An organization has distributed development authority without distributing the governance

656
00:26:19,360 --> 00:26:20,560
that development requires.

657
00:26:20,560 --> 00:26:25,680
It is enabling unlimited application creation without any mechanism for application deprecation.

658
00:26:25,680 --> 00:26:29,880
It is building a platform on the assumption that users will self-regulate their behavior.

659
00:26:29,880 --> 00:26:32,240
That assumption is not architecture, that is hope.

660
00:26:32,240 --> 00:26:33,520
And hope does not scale.

661
00:26:33,520 --> 00:26:38,480
When these patterns compound when they interact with each other, the system reaches a critical threshold.

662
00:26:38,480 --> 00:26:43,360
An organization with thousands of applications, thousands of flows, hundreds of zombie assets,

663
00:26:43,360 --> 00:26:48,480
all consuming licensing costs, all creating security surface, all requiring governance effort,

664
00:26:48,480 --> 00:26:51,680
reaches a point where the platform becomes unmanageable.

665
00:26:51,680 --> 00:26:53,080
Shadow IT 2.0.

666
00:26:53,080 --> 00:26:54,880
Shadow IT has a traditional definition.

667
00:26:54,880 --> 00:26:59,560
Unauthorized test tools, dropbox when IT standardized on one drive, slack when the organization

668
00:26:59,560 --> 00:27:00,560
approved teams.

669
00:27:00,560 --> 00:27:05,120
Trello, when IT said to use project online, sales force when the company mandated dynamics,

670
00:27:05,120 --> 00:27:07,760
these were the classic Shadow IT violations.

671
00:27:07,760 --> 00:27:13,080
So these used tools IT did not approve because those tools solved problems faster than approved solutions.

672
00:27:13,080 --> 00:27:17,400
The security and compliance teams fought Shadow IT for decades, blocked the tool, disabled

673
00:27:17,400 --> 00:27:21,280
the account, right policy prohibiting unsanctioned applications.

674
00:27:21,280 --> 00:27:24,440
Shadow IT persisted because the underlying motivation was real.

675
00:27:24,440 --> 00:27:25,680
Users had genuine problems.

676
00:27:25,680 --> 00:27:28,880
Approved solutions were too slow, too expensive, too rigid.

677
00:27:28,880 --> 00:27:31,760
So they used unauthorized tools and hope nobody noticed.

678
00:27:31,760 --> 00:27:35,880
By 2024, Shadow IT accounted for 30% to 40% of enterprise IT spending.

679
00:27:35,880 --> 00:27:40,900
Shadow rounding error, 30% to 40% of the entire IT budget was consumed by tools and services

680
00:27:40,900 --> 00:27:42,600
nobody formally approved.

681
00:27:42,600 --> 00:27:44,120
That is the scale of the problem.

682
00:27:44,120 --> 00:27:46,600
Power Platform creates a new variant of Shadow IT.

683
00:27:46,600 --> 00:27:48,920
The platform is authorized, the governance is not.

684
00:27:48,920 --> 00:27:50,880
Here is the distinction that matters.

685
00:27:50,880 --> 00:27:53,840
Shadow IT traditionally meant unauthorized tools.

686
00:27:53,840 --> 00:27:57,600
Shadow IT 2.0 means an authorized platform used without authorization.

687
00:27:57,600 --> 00:27:58,840
The platform is approved.

688
00:27:58,840 --> 00:28:02,280
Power Platform is part of Microsoft 365, the organization enabled it.

689
00:28:02,280 --> 00:28:03,280
Users can build in it.

690
00:28:03,280 --> 00:28:07,900
The applications themselves, the ways the platform is used, the integrations users create,

691
00:28:07,900 --> 00:28:10,600
the data they move, those operate without governance.

692
00:28:10,600 --> 00:28:12,920
This is authorized Shadow IT, the platform is legitimate.

693
00:28:12,920 --> 00:28:14,400
The usage is uncontrolled.

694
00:28:14,400 --> 00:28:17,400
Consider what happens when a user creates a Power Apps environment.

695
00:28:17,400 --> 00:28:20,920
Not the default environment, a dedicated personal environment they request.

696
00:28:20,920 --> 00:28:24,360
The organization approves the request because Power Platform is approved.

697
00:28:24,360 --> 00:28:28,160
The user now has their own development environment, their own dataverse database, their own

698
00:28:28,160 --> 00:28:30,840
connector integrations, their own automation rules.

699
00:28:30,840 --> 00:28:34,800
A single free trial workspace generates roughly three API tokens.

700
00:28:34,800 --> 00:28:39,360
Two unmanaged credentials stored somewhere, possibly in the app, possibly in a notes application,

701
00:28:39,360 --> 00:28:44,320
possibly written on a sticky note, one-oh-orth grant that bypasses multi-factor authentication

702
00:28:44,320 --> 00:28:48,760
because the grant was created before MFA policies existed and nobody reviewed the grant

703
00:28:48,760 --> 00:28:49,760
afterward.

704
00:28:49,760 --> 00:28:55,200
An organization with 291 hidden Power Platform workspaces, not in the tenants official inventory

705
00:28:55,200 --> 00:28:57,640
but discoverable if you know where to look.

706
00:28:57,640 --> 00:29:02,240
There are 1700 secrets floating around in unmanaged environments.

707
00:29:02,240 --> 00:29:06,560
Credentials, API tokens, O-orth grants, all outside normal credential management, all

708
00:29:06,560 --> 00:29:10,720
potentially accessible to compromised users, all potentially exposed if someone backs

709
00:29:10,720 --> 00:29:13,200
up the application and sends it to the wrong person.

710
00:29:13,200 --> 00:29:15,080
The governance gap is profound.

711
00:29:15,080 --> 00:29:18,920
Organizations believe Power Platform is governed because it is inside Microsoft 365.

712
00:29:18,920 --> 00:29:20,680
It is subject to security policies.

713
00:29:20,680 --> 00:29:22,440
It is covered by compliance frameworks.

714
00:29:22,440 --> 00:29:23,440
It is IT approved.

715
00:29:23,440 --> 00:29:24,440
None of this is false.

716
00:29:24,440 --> 00:29:27,000
Power Platform is governed at the platform level.

717
00:29:27,000 --> 00:29:30,840
But the individual applications and integrations users create inside the platform are not

718
00:29:30,840 --> 00:29:32,200
necessarily governed.

719
00:29:32,200 --> 00:29:35,520
Default environment access means most users are effectively developers.

720
00:29:35,520 --> 00:29:39,240
They can create applications, integrations, automations, they can store secrets, they

721
00:29:39,240 --> 00:29:42,240
can move data, they can connect external services.

722
00:29:42,240 --> 00:29:46,960
All of this is possible without security review, without compliance assessment, without IT

723
00:29:46,960 --> 00:29:49,480
oversight, without anyone knowing it is happening.

724
00:29:49,480 --> 00:29:51,560
The consequence is that shadow it evolved.

725
00:29:51,560 --> 00:29:52,520
It did not disappear.

726
00:29:52,520 --> 00:29:53,520
It transformed.

727
00:29:53,520 --> 00:30:00,920
Shadow it is now authorised platform, unauthorised usage.

728
00:30:00,920 --> 00:30:04,760
The organisation approved Power Platform uses are using Power Platform to do things the

729
00:30:04,760 --> 00:30:06,280
organisation never intended.

730
00:30:06,280 --> 00:30:07,760
They are creating integrations.

731
00:30:07,760 --> 00:30:09,680
The organisation never assessed.

732
00:30:09,680 --> 00:30:11,480
They are moving data in patents.

733
00:30:11,480 --> 00:30:12,480
Nobody documented.

734
00:30:12,480 --> 00:30:16,120
They are storing credentials in patents that violate security policy.

735
00:30:16,120 --> 00:30:17,440
This is shadow IT 2.0.

736
00:30:17,440 --> 00:30:18,600
The platform is legitimate.

737
00:30:18,600 --> 00:30:20,360
The governance is missing.

738
00:30:20,360 --> 00:30:23,760
It is respond by treating Power Platform like a productivity tool.

739
00:30:23,760 --> 00:30:28,360
They believe that because Power Platform is inside Microsoft 365, the security of Microsoft

740
00:30:28,360 --> 00:30:29,760
365 covers it.

741
00:30:29,760 --> 00:30:31,240
That DLP policy is protected.

742
00:30:31,240 --> 00:30:33,000
That conditional access controls it.

743
00:30:33,000 --> 00:30:34,800
That audit logs capture what matters.

744
00:30:34,800 --> 00:30:38,280
None of these assumptions are wrong, but they are incomplete.

745
00:30:38,280 --> 00:30:43,640
Because users are building applications and applications require application level governance.

746
00:30:43,640 --> 00:30:47,200
Security at the platform level does not prevent poorly designed applications.

747
00:30:47,200 --> 00:30:52,760
DLP at the tenant level does not prevent individual flows from moving data inappropriately.

748
00:30:52,760 --> 00:30:58,160
Conditional access controls user identity, not what an automated process does after authenticating.

749
00:30:58,160 --> 00:31:03,520
Shadow IT 2.0 is the gap between platform level governance and application level governance.

750
00:31:03,520 --> 00:31:05,360
The organisation governs the platform.

751
00:31:05,360 --> 00:31:06,440
Users build applications.

752
00:31:06,440 --> 00:31:11,120
The applications operate in the gap between those two layers, visible to neither.

753
00:31:11,120 --> 00:31:12,760
Technical debt in low code.

754
00:31:12,760 --> 00:31:14,640
Technical debt is a financial metaphor.

755
00:31:14,640 --> 00:31:18,720
It can't have introduced to describe the future costs of shortcuts in software development.

756
00:31:18,720 --> 00:31:20,320
You prioritize speed today.

757
00:31:20,320 --> 00:31:21,320
You cut corners.

758
00:31:21,320 --> 00:31:22,320
You defer design work.

759
00:31:22,320 --> 00:31:23,640
You skip documentation.

760
00:31:23,640 --> 00:31:25,120
You build something that works now.

761
00:31:25,120 --> 00:31:26,560
In exchange, you incur a debt.

762
00:31:26,560 --> 00:31:27,720
That debt accrues interest.

763
00:31:27,720 --> 00:31:30,040
The interest is paid in maintenance costs.

764
00:31:30,040 --> 00:31:32,400
The interest is paid in bugs that multiply.

765
00:31:32,400 --> 00:31:37,360
The interest is paid in the effort required to change things that were never designed to change.

766
00:31:37,360 --> 00:31:41,000
In traditional software development, technical debt manifests as code debt.

767
00:31:41,000 --> 00:31:45,440
Poorly written functions, missing test coverage, brittle architectures, deprecated libraries.

768
00:31:45,440 --> 00:31:47,480
When you have code debt, developers see it.

769
00:31:47,480 --> 00:31:48,560
The code is right there.

770
00:31:48,560 --> 00:31:49,800
The complexity is visible.

771
00:31:49,800 --> 00:31:54,720
A developer reading a function with poor structure recognizes the debt immediately.

772
00:31:54,720 --> 00:31:56,640
Compiler warning surface the problem.

773
00:31:56,640 --> 00:31:59,600
Static analysis tools identify code smell.

774
00:31:59,600 --> 00:32:00,600
That is visible.

775
00:32:00,600 --> 00:32:01,920
Low code technical debt is different.

776
00:32:01,920 --> 00:32:03,920
It is implementation debt, not code debt.

777
00:32:03,920 --> 00:32:08,640
Poor solution structures, inconsistent patterns, missing documentation, data models that were

778
00:32:08,640 --> 00:32:09,960
never normalised.

779
00:32:09,960 --> 00:32:13,840
Regulations that were never architected, automations that were never designed to work at scale.

780
00:32:13,840 --> 00:32:16,480
The debt is invisible because the code is invisible.

781
00:32:16,480 --> 00:32:18,480
The platform hides the implementation.

782
00:32:18,480 --> 00:32:20,200
Users see the app, they see it works.

783
00:32:20,200 --> 00:32:23,880
They have no sense, they just accumulated years of maintenance burden.

784
00:32:23,880 --> 00:32:25,600
Here is what this looks like in practice.

785
00:32:25,600 --> 00:32:27,960
An application works beautifully on day one.

786
00:32:27,960 --> 00:32:29,840
A citizen developer built it in two weeks.

787
00:32:29,840 --> 00:32:31,840
The business user who requested it is delighted.

788
00:32:31,840 --> 00:32:33,200
The app solves the problem.

789
00:32:33,200 --> 00:32:35,200
It is performant, it is clean, it does the job.

790
00:32:35,200 --> 00:32:36,720
By day 90, the app still works.

791
00:32:36,720 --> 00:32:39,920
By day 365, the app is a fragile house of cards.

792
00:32:39,920 --> 00:32:43,960
Adding a single new feature requires understanding a tangle of undocumented logic.

793
00:32:43,960 --> 00:32:47,680
Performance is degrading because the database was never normalised.

794
00:32:47,680 --> 00:32:49,600
The data model was never reviewed.

795
00:32:49,600 --> 00:32:53,480
The app stores duplicate data across three different dataverse tables because the original

796
00:32:53,480 --> 00:32:55,720
builder did not understand relational design.

797
00:32:55,720 --> 00:32:57,800
Changing anything risks breaking something else.

798
00:32:57,800 --> 00:32:59,640
The organization faces a choice.

799
00:32:59,640 --> 00:33:02,160
Maintain the fragile application or rewrite it.

800
00:33:02,160 --> 00:33:03,720
Most organizations choose rewrite.

801
00:33:03,720 --> 00:33:05,880
They lose years of accumulated functionality.

802
00:33:05,880 --> 00:33:08,880
They lose the tribal knowledge about what the application actually does.

803
00:33:08,880 --> 00:33:10,280
They rebuild from scratch.

804
00:33:10,280 --> 00:33:14,160
And the rebuilt application, absent proper governance, follows the same pattern.

805
00:33:14,160 --> 00:33:15,680
Works beautifully at first.

806
00:33:15,680 --> 00:33:17,000
Accumulates that silently.

807
00:33:17,000 --> 00:33:18,640
Becomes unmentable within two years.

808
00:33:18,640 --> 00:33:21,680
Here is the compounding effect that most organizations do not anticipate.

809
00:33:21,680 --> 00:33:23,320
The first application accumulates that.

810
00:33:23,320 --> 00:33:24,800
The maintenance burden grows.

811
00:33:24,800 --> 00:33:27,680
The organization does not notice because the application still works.

812
00:33:27,680 --> 00:33:29,280
The second application is built.

813
00:33:29,280 --> 00:33:30,280
Same pattern.

814
00:33:30,280 --> 00:33:31,800
The third application, the fourth.

815
00:33:31,800 --> 00:33:35,600
By the tenth application, the organization now has ten fragile systems.

816
00:33:35,600 --> 00:33:38,240
Each accumulating maintenance burden independently.

817
00:33:38,240 --> 00:33:40,400
It's requiring exponential effort to modify.

818
00:33:40,400 --> 00:33:43,440
Each becoming more expensive to maintain than to replace.

819
00:33:43,440 --> 00:33:47,360
The real pattern organizations observe is that critical failures happen after two to

820
00:33:47,360 --> 00:33:49,680
three years of unmanaged power platform growth.

821
00:33:49,680 --> 00:33:50,680
Not immediately.

822
00:33:50,680 --> 00:33:52,560
The first six months are glorious.

823
00:33:52,560 --> 00:33:54,120
The platform works.

824
00:33:54,120 --> 00:33:55,320
Applications are built in weeks.

825
00:33:55,320 --> 00:33:56,320
Users love the speed.

826
00:33:56,320 --> 00:33:57,600
Leadership loves the velocity.

827
00:33:57,600 --> 00:34:02,760
Then gradually, systems that worked perfectly start requiring more and more effort to change.

828
00:34:02,760 --> 00:34:06,240
Features that should take a week now take a month because understanding the existing application

829
00:34:06,240 --> 00:34:09,000
requires reverse engineering undocumented logic.

830
00:34:09,000 --> 00:34:12,200
The architectural issue is that low-code platforms hide the debt.

831
00:34:12,200 --> 00:34:15,680
In traditional development, a compiler forces you to confront problems.

832
00:34:15,680 --> 00:34:18,320
A type system catches errors before runtime.

833
00:34:18,320 --> 00:34:20,480
Static analysis identifies complexity.

834
00:34:20,480 --> 00:34:22,080
Code review surface issues.

835
00:34:22,080 --> 00:34:24,320
None of these mechanisms exist in low-code.

836
00:34:24,320 --> 00:34:27,280
An application compiles successfully because there is no compiler.

837
00:34:27,280 --> 00:34:29,560
The platform does not enforce naming conventions.

838
00:34:29,560 --> 00:34:31,320
The platform does not require documentation.

839
00:34:31,320 --> 00:34:33,280
The platform does not flag complexity.

840
00:34:33,280 --> 00:34:37,440
An application can be a complete architectural disaster and still run without warnings.

841
00:34:37,440 --> 00:34:38,840
This is why the debt is invisible.

842
00:34:38,840 --> 00:34:39,840
The system works.

843
00:34:39,840 --> 00:34:42,120
There is no signal that debt is accumulating.

844
00:34:42,120 --> 00:34:43,120
No compilation errors.

845
00:34:43,120 --> 00:34:44,120
No performance warnings.

846
00:34:44,120 --> 00:34:45,760
No architectural alerts.

847
00:34:45,760 --> 00:34:47,000
The application functions.

848
00:34:47,000 --> 00:34:49,760
So the organization assumes the application is healthy.

849
00:34:49,760 --> 00:34:53,440
Then two years later, the organization discovers that maintaining the application costs more

850
00:34:53,440 --> 00:34:57,160
than rebuilding it and the knowledge required to rebuild it has walked out the door with

851
00:34:57,160 --> 00:34:59,200
departed staff members.

852
00:34:59,200 --> 00:35:02,760
Technical debt in low-code is perhaps the most pernicious form of technical debt because

853
00:35:02,760 --> 00:35:08,320
it accrues silently invisibly until the organization discovers it is no longer paying for maintenance.

854
00:35:08,320 --> 00:35:11,120
The organization is paying for architectural rewrite.

855
00:35:11,120 --> 00:35:15,080
This debt accumulates because governance models systematically fail to prevent it.

856
00:35:15,080 --> 00:35:18,120
Most organizations implement governance that is reactive, not preventive.

857
00:35:18,120 --> 00:35:19,520
They observe problems and respond.

858
00:35:19,520 --> 00:35:22,120
By that point, the debt is already embedded in the system.

859
00:35:22,120 --> 00:35:24,480
Why standard governance models fail?

860
00:35:24,480 --> 00:35:28,200
Most organizations understand that power platform requires governance.

861
00:35:28,200 --> 00:35:30,000
They recognize the problems we have described.

862
00:35:30,000 --> 00:35:33,560
They respond by implementing what the market calls a center of excellence.

863
00:35:33,560 --> 00:35:35,560
A center of excellence is a governance team.

864
00:35:35,560 --> 00:35:40,040
Typically staffed by a power platform admin, a security lead and a few advocates from

865
00:35:40,040 --> 00:35:41,040
the business.

866
00:35:41,040 --> 00:35:42,480
The COE publishes policies.

867
00:35:42,480 --> 00:35:44,360
The COE maintains a governance dashboard.

868
00:35:44,360 --> 00:35:46,360
The COE tracks application inventory.

869
00:35:46,360 --> 00:35:48,000
The COE runs training programs.

870
00:35:48,000 --> 00:35:50,880
The COE tries to establish standards and encourage compliance.

871
00:35:50,880 --> 00:35:51,880
This is reasonable.

872
00:35:51,880 --> 00:35:53,720
The COE provides real value.

873
00:35:53,720 --> 00:35:57,800
Organizations with mature centers of excellence achieve meaningful improvements in visibility.

874
00:35:57,800 --> 00:35:59,480
They know how many applications exist.

875
00:35:59,480 --> 00:36:00,560
They know who owns them.

876
00:36:00,560 --> 00:36:03,080
They can see which flows are consuming API quota.

877
00:36:03,080 --> 00:36:05,000
They can track data of a storage consumption.

878
00:36:05,000 --> 00:36:06,800
They can identify zombie applications.

879
00:36:06,800 --> 00:36:08,320
They can measure adoption velocity.

880
00:36:08,320 --> 00:36:09,400
All of this is useful.

881
00:36:09,400 --> 00:36:10,400
It is observability.

882
00:36:10,400 --> 00:36:12,480
Visibility into what is happening.

883
00:36:12,480 --> 00:36:16,240
But here is the critical distinction that most organizations miss.

884
00:36:16,240 --> 00:36:17,920
Observability is not enforcement.

885
00:36:17,920 --> 00:36:20,120
A center of excellence is an observability tool.

886
00:36:20,120 --> 00:36:21,120
It sees the problem.

887
00:36:21,120 --> 00:36:22,120
It does not prevent the problem.

888
00:36:22,120 --> 00:36:25,240
Here is the failure pattern that repeats across enterprises.

889
00:36:25,240 --> 00:36:27,320
An organization implements a mature COE.

890
00:36:27,320 --> 00:36:28,880
They build governance dashboards.

891
00:36:28,880 --> 00:36:29,880
They create policies.

892
00:36:29,880 --> 00:36:32,040
They define life cycle management processes.

893
00:36:32,040 --> 00:36:33,040
They train makers.

894
00:36:33,040 --> 00:36:34,360
They do everything right.

895
00:36:34,360 --> 00:36:37,040
And then they discover that sprawl continues.

896
00:36:37,040 --> 00:36:38,040
Application still accumulate.

897
00:36:38,040 --> 00:36:39,200
Flow still proliferate.

898
00:36:39,200 --> 00:36:42,080
The default environment still fills with unmanaged applications.

899
00:36:42,080 --> 00:36:43,080
Why?

900
00:36:43,080 --> 00:36:44,800
Because the COE has no authority to prevent these things.

901
00:36:44,800 --> 00:36:47,040
The COE can identify a zombie application.

902
00:36:47,040 --> 00:36:49,040
The COE cannot automatically retire it.

903
00:36:49,040 --> 00:36:51,120
The COE can recommend environment strategy.

904
00:36:51,120 --> 00:36:53,600
The COE cannot force makers to use the strategy.

905
00:36:53,600 --> 00:36:56,160
The COE can ask for application documentation.

906
00:36:56,160 --> 00:36:59,200
The COE cannot block an undocumented application from running.

907
00:36:59,200 --> 00:37:00,960
COE recommendations are advisory.

908
00:37:00,960 --> 00:37:03,000
They lack enforcement.

909
00:37:03,000 --> 00:37:06,400
An organization with a mature COE still experiences sprawl.

910
00:37:06,400 --> 00:37:08,440
Because COE governance assumes compliance.

911
00:37:08,440 --> 00:37:11,160
COE assumes that if you tell people the right way to behave,

912
00:37:11,160 --> 00:37:12,280
people will behave that way.

913
00:37:12,280 --> 00:37:13,920
This assumption fails consistently.

914
00:37:13,920 --> 00:37:15,360
Consider environment strategy.

915
00:37:15,360 --> 00:37:18,640
Most organizations understand that they should segment environments,

916
00:37:18,640 --> 00:37:22,160
default for personal productivity, team environments for shared solutions,

917
00:37:22,160 --> 00:37:24,880
production environments for business critical applications,

918
00:37:24,880 --> 00:37:27,720
clean separation, clear boundaries, good architecture.

919
00:37:27,720 --> 00:37:28,720
Then they implement it.

920
00:37:28,720 --> 00:37:30,040
They create the environments.

921
00:37:30,040 --> 00:37:31,160
They publish the strategy.

922
00:37:31,160 --> 00:37:32,880
They tell makers where to build.

923
00:37:32,880 --> 00:37:35,240
And they leave the default environment accessible.

924
00:37:35,240 --> 00:37:38,400
Because restricting the default environment requires effort.

925
00:37:38,400 --> 00:37:39,880
Requires updating environment roles.

926
00:37:39,880 --> 00:37:42,520
Requires communicating to users that the default environment

927
00:37:42,520 --> 00:37:44,840
is no longer available for shared applications.

928
00:37:44,840 --> 00:37:46,840
Requires managing the exceptions and requests

929
00:37:46,840 --> 00:37:48,280
that will inevitably follow.

930
00:37:48,280 --> 00:37:52,080
So the default environment remains open, accessible, frictionless.

931
00:37:52,080 --> 00:37:55,080
And makers, when faced with the choice between following the strategy

932
00:37:55,080 --> 00:37:58,240
and taking the frictionless path, choose friction avoidance.

933
00:37:58,240 --> 00:37:59,800
They build in the default environment.

934
00:37:59,800 --> 00:38:02,120
The environment strategy collapses in practice

935
00:38:02,120 --> 00:38:05,080
because the organization never enforced it architecturally.

936
00:38:05,080 --> 00:38:06,760
DLP policies follow the same pattern.

937
00:38:06,760 --> 00:38:08,560
Organizations create DLP rules.

938
00:38:08,560 --> 00:38:11,800
No high-risk connectors in the same flow as sensitive data connectors.

939
00:38:11,800 --> 00:38:14,560
No personal cloud storage connectors moving sharepoint data.

940
00:38:14,560 --> 00:38:15,480
Good rules.

941
00:38:15,480 --> 00:38:17,000
Reasonable restrictions.

942
00:38:17,000 --> 00:38:18,840
Then the organization implements them.

943
00:38:18,840 --> 00:38:21,040
And discovers that enforcement is inconsistent.

944
00:38:21,040 --> 00:38:24,240
DLP policies apply in some environments and not others.

945
00:38:24,240 --> 00:38:26,960
They apply to new flows, but not to existing flows.

946
00:38:26,960 --> 00:38:30,120
A maker violates a DLP rule and the policy blocks the flow,

947
00:38:30,120 --> 00:38:31,800
so the maker requests an exception.

948
00:38:31,800 --> 00:38:33,520
The COE reviews the exception.

949
00:38:33,520 --> 00:38:34,520
The exception is granted.

950
00:38:34,520 --> 00:38:36,120
The DLP policy is circumvented.

951
00:38:36,120 --> 00:38:39,080
The organization now has a DLP policy that is technically enforced,

952
00:38:39,080 --> 00:38:40,480
but practically circumvented.

953
00:38:40,480 --> 00:38:43,640
The policy exists, but exceptions have undermined the policy.

954
00:38:43,640 --> 00:38:45,880
One policy exception becomes two becomes 10.

955
00:38:45,880 --> 00:38:48,200
The policy that was supposed to prevent data leakage

956
00:38:48,200 --> 00:38:51,320
is now advisory because exceptions made it unenforceable.

957
00:38:51,320 --> 00:38:53,640
ALM pipelines follow the same pattern.

958
00:38:53,640 --> 00:38:55,960
Organizations understand that production applications

959
00:38:55,960 --> 00:38:58,720
should use managed solutions and deployment pipelines.

960
00:38:58,720 --> 00:38:59,240
Good practice.

961
00:38:59,240 --> 00:39:00,320
So they build the pipelines.

962
00:39:00,320 --> 00:39:02,280
They configure dev test-prod environments.

963
00:39:02,280 --> 00:39:03,680
They set up the automation.

964
00:39:03,680 --> 00:39:05,840
They tell makers use the pipeline.

965
00:39:05,840 --> 00:39:07,880
And they discover that citizen developers

966
00:39:07,880 --> 00:39:11,480
think the pipeline is too complex, too many steps, too much overhead.

967
00:39:11,480 --> 00:39:13,320
The pipeline process feels like bureaucracy.

968
00:39:13,320 --> 00:39:14,680
So makers skip the pipeline.

969
00:39:14,680 --> 00:39:16,120
They export the solution manually.

970
00:39:16,120 --> 00:39:17,960
They import it directly into production.

971
00:39:17,960 --> 00:39:19,680
They bypass the governance process.

972
00:39:19,680 --> 00:39:22,480
The organization now has a pipeline that exists,

973
00:39:22,480 --> 00:39:25,120
but is unused because the makers chose to bypass it.

974
00:39:25,120 --> 00:39:26,640
The governance infrastructure is there.

975
00:39:26,640 --> 00:39:28,120
The governance is not enforced.

976
00:39:28,120 --> 00:39:29,480
The root cause is architectural.

977
00:39:29,480 --> 00:39:31,120
These governance models all assume

978
00:39:31,120 --> 00:39:32,520
that compliance is a choice.

979
00:39:32,520 --> 00:39:35,120
Organizations assume that if you provide the right information,

980
00:39:35,120 --> 00:39:37,320
publish the right policies and build the right tools,

981
00:39:37,320 --> 00:39:39,240
people will comply voluntarily.

982
00:39:39,240 --> 00:39:41,200
But compliance is not a choice in architecture.

983
00:39:41,200 --> 00:39:43,040
Architecture enforces outcomes.

984
00:39:43,040 --> 00:39:45,480
A firewall does not ask packets to stay out.

985
00:39:45,480 --> 00:39:46,200
It blocks them.

986
00:39:46,200 --> 00:39:48,200
The database constraint does not recommend

987
00:39:48,200 --> 00:39:49,520
referential integrity.

988
00:39:49,520 --> 00:39:50,280
It enforces it.

989
00:39:50,280 --> 00:39:52,480
A compiler does not suggest type safety.

990
00:39:52,480 --> 00:39:54,520
It prevents non-type safe code from running.

991
00:39:54,520 --> 00:39:56,240
When you move from governance to architecture,

992
00:39:56,240 --> 00:39:58,280
you move from advisory to enforcement.

993
00:39:58,280 --> 00:40:00,120
You move from, we recommend this,

994
00:40:00,120 --> 00:40:02,520
to the system prevents the alternative.

995
00:40:02,520 --> 00:40:04,320
This is the distinction that matters.

996
00:40:04,320 --> 00:40:05,880
The governance reality check.

997
00:40:05,880 --> 00:40:08,320
Organizations need to reframe power platform,

998
00:40:08,320 --> 00:40:11,400
not as a productivity layer, not as a democratization tool,

999
00:40:11,400 --> 00:40:13,240
not as something you enable for the business

1000
00:40:13,240 --> 00:40:15,400
and hope users operate responsibly.

1001
00:40:15,400 --> 00:40:17,120
Power platform is a development platform

1002
00:40:17,120 --> 00:40:18,840
that reframing changes everything.

1003
00:40:18,840 --> 00:40:21,520
A development platform requires architecture discipline.

1004
00:40:21,520 --> 00:40:23,520
You would not allow developers to deploy code

1005
00:40:23,520 --> 00:40:25,440
to production without version control.

1006
00:40:25,440 --> 00:40:27,400
You would not allow them to skip testing.

1007
00:40:27,400 --> 00:40:29,800
You would not allow them to bypass code review.

1008
00:40:29,800 --> 00:40:32,040
You would not allow them to deploy directly to production

1009
00:40:32,040 --> 00:40:33,160
whenever they felt like it.

1010
00:40:33,160 --> 00:40:34,400
These are not suggestions.

1011
00:40:34,400 --> 00:40:37,200
These are fundamentals of responsible software engineering.

1012
00:40:37,200 --> 00:40:39,000
Yet, Power Platform allows exactly this.

1013
00:40:39,000 --> 00:40:41,000
A citizen developer can build an application

1014
00:40:41,000 --> 00:40:43,520
in the default environment and move it to production

1015
00:40:43,520 --> 00:40:46,560
without version control, without testing requirement,

1016
00:40:46,560 --> 00:40:49,080
without approval gates, without documentation.

1017
00:40:49,080 --> 00:40:50,600
The system does not prevent this.

1018
00:40:50,600 --> 00:40:51,720
The system enables it.

1019
00:40:51,720 --> 00:40:53,000
Here is the uncomfortable truth

1020
00:40:53,000 --> 00:40:54,760
that most organizations avoid.

1021
00:40:54,760 --> 00:40:56,960
Citizen developers are software engineers.

1022
00:40:56,960 --> 00:40:58,600
They are architecting databases.

1023
00:40:58,600 --> 00:41:00,200
They are building business logic.

1024
00:41:00,200 --> 00:41:01,600
They are integrating systems.

1025
00:41:01,600 --> 00:41:03,200
They are making security decisions.

1026
00:41:03,200 --> 00:41:04,560
They are implementing data flows.

1027
00:41:04,560 --> 00:41:06,400
They are doing software engineering work.

1028
00:41:06,400 --> 00:41:09,400
Treating them as users is an architectural error.

1029
00:41:09,400 --> 00:41:11,520
When an organization enables Power Platform,

1030
00:41:11,520 --> 00:41:13,120
they enable a development platform.

1031
00:41:13,120 --> 00:41:15,200
When they leave the default environment open,

1032
00:41:15,200 --> 00:41:17,280
they enable unmanage development.

1033
00:41:17,280 --> 00:41:19,800
When they do not enforce environment strategy,

1034
00:41:19,800 --> 00:41:22,280
they enable development in uncontrolled spaces.

1035
00:41:22,280 --> 00:41:24,840
When they do not require managed solutions and pipelines,

1036
00:41:24,840 --> 00:41:27,160
they enable deployment without governance.

1037
00:41:27,160 --> 00:41:29,240
When they do not document application ownership

1038
00:41:29,240 --> 00:41:32,400
and lifecycle, they enable unaccountable software engineering.

1039
00:41:32,400 --> 00:41:34,480
The organization then acts surprised

1040
00:41:34,480 --> 00:41:36,800
when the platform behaves like what it is.

1041
00:41:36,800 --> 00:41:38,640
An unmanaged development environment,

1042
00:41:38,640 --> 00:41:40,400
the consequences that organizations

1043
00:41:40,400 --> 00:41:43,200
apply user-level governance to platform-level problems.

1044
00:41:43,200 --> 00:41:44,680
They focus on access control.

1045
00:41:44,680 --> 00:41:45,960
Who can create environments?

1046
00:41:45,960 --> 00:41:46,960
Who can create flows?

1047
00:41:46,960 --> 00:41:48,040
Who can access data?

1048
00:41:48,040 --> 00:41:49,680
These are important questions.

1049
00:41:49,680 --> 00:41:50,760
But they are not sufficient.

1050
00:41:50,760 --> 00:41:52,880
They are necessary conditions for governance.

1051
00:41:52,880 --> 00:41:54,520
They are not sufficient conditions.

1052
00:41:54,520 --> 00:41:56,080
A user with appropriate access

1053
00:41:56,080 --> 00:41:58,600
can still build a poorly designed application.

1054
00:41:58,600 --> 00:42:00,120
A user with appropriate access

1055
00:42:00,120 --> 00:42:01,560
can still create an integration

1056
00:42:01,560 --> 00:42:03,520
that violates security policy.

1057
00:42:03,520 --> 00:42:05,000
A user with appropriate access

1058
00:42:05,000 --> 00:42:07,760
can still design a data model that was never meant to exist.

1059
00:42:07,760 --> 00:42:09,440
A user with appropriate access

1060
00:42:09,440 --> 00:42:11,200
can still move data in patents

1061
00:42:11,200 --> 00:42:13,160
that create compliance violations.

1062
00:42:13,160 --> 00:42:16,080
User-level governance controls identity and access.

1063
00:42:16,080 --> 00:42:18,840
Platform-level governance controls what the platform allows.

1064
00:42:18,840 --> 00:42:20,720
Application-level governance controls

1065
00:42:20,720 --> 00:42:23,800
how applications are designed, reviewed, deployed, and maintained.

1066
00:42:23,800 --> 00:42:26,880
Most organizations implement user-level governance.

1067
00:42:26,880 --> 00:42:28,840
Some implement platform-level governance.

1068
00:42:28,840 --> 00:42:31,120
Few implement application-level governance.

1069
00:42:31,120 --> 00:42:33,240
Application-level governance is what is missing.

1070
00:42:33,240 --> 00:42:34,960
This is architectural governance.

1071
00:42:34,960 --> 00:42:36,400
Enforcing design patterns,

1072
00:42:36,400 --> 00:42:38,960
preventing lock-in through standardized integrations.

1073
00:42:38,960 --> 00:42:41,760
Managing dependencies through documented relationships.

1074
00:42:41,760 --> 00:42:43,880
Requiring documentation of business purpose.

1075
00:42:43,880 --> 00:42:46,040
Requiring security reviews before deployment.

1076
00:42:46,040 --> 00:42:48,000
Requiring performance assessment before release.

1077
00:42:48,000 --> 00:42:50,000
Requiring ownership accountability.

1078
00:42:50,000 --> 00:42:51,800
Requiring lifecycle management.

1079
00:42:51,800 --> 00:42:53,280
Standard IT governance.

1080
00:42:53,280 --> 00:42:56,040
Access control, compliance, monitoring is necessary.

1081
00:42:56,040 --> 00:42:57,040
It is not sufficient.

1082
00:42:57,040 --> 00:42:58,600
It handles the outer boundary.

1083
00:42:58,600 --> 00:43:00,280
It determines who can access what.

1084
00:43:00,280 --> 00:43:01,520
It ensures audit trails.

1085
00:43:01,520 --> 00:43:02,840
It captures what happened.

1086
00:43:02,840 --> 00:43:05,360
But it does not prevent a poorly designed application

1087
00:43:05,360 --> 00:43:06,240
from being deployed.

1088
00:43:06,240 --> 00:43:10,320
It does not prevent a fragile data model from accumulating technical debt.

1089
00:43:10,320 --> 00:43:14,000
It does not prevent undocumented logic from becoming un-maintainable.

1090
00:43:14,000 --> 00:43:17,840
It does not prevent citizen developers from making architectural mistakes

1091
00:43:17,840 --> 00:43:20,320
because they lack training and architectural thinking.

1092
00:43:20,320 --> 00:43:22,000
What is needed is a reframing.

1093
00:43:22,000 --> 00:43:24,960
Organizations must treat power platform as what it is.

1094
00:43:24,960 --> 00:43:27,880
A development platform that requires development discipline.

1095
00:43:27,880 --> 00:43:30,760
This reframing is uncomfortable because it means admitting

1096
00:43:30,760 --> 00:43:33,240
that citizen development is not frictionless.

1097
00:43:33,240 --> 00:43:36,280
Citizen developers cannot simply build. They must build with discipline.

1098
00:43:36,280 --> 00:43:37,920
They must document business purpose.

1099
00:43:37,920 --> 00:43:39,640
They must undergo security review.

1100
00:43:39,640 --> 00:43:41,240
They must design for maintainability.

1101
00:43:41,240 --> 00:43:43,920
They must follow patterns established by the organization.

1102
00:43:43,920 --> 00:43:46,600
This sounds like bureaucracy to many citizen developers.

1103
00:43:46,600 --> 00:43:49,240
They enabled power platform because they wanted speed.

1104
00:43:49,240 --> 00:43:52,200
They wanted to avoid the friction of traditional software development.

1105
00:43:52,200 --> 00:43:56,440
Adding governance back into the process feels like they have lost the benefit of the platform.

1106
00:43:56,440 --> 00:43:59,440
This is the fundamental tension in power platform governance.

1107
00:43:59,440 --> 00:44:01,040
The platform promises speed.

1108
00:44:01,040 --> 00:44:04,440
The architecture requires discipline. Speed and discipline are not compatible

1109
00:44:04,440 --> 00:44:06,920
without structure that makes discipline efficient.

1110
00:44:06,920 --> 00:44:09,680
The organizations that succeed are the ones that accept this tension

1111
00:44:09,680 --> 00:44:11,480
and resolve it architecturally.

1112
00:44:11,480 --> 00:44:14,480
They create governance processes that are lightweight but enforced.

1113
00:44:14,480 --> 00:44:17,120
They create approval gates that are fast but meaningful.

1114
00:44:17,120 --> 00:44:19,800
They create standards that are restrictive but reasonable.

1115
00:44:19,800 --> 00:44:22,320
They create frameworks that enable rapid development

1116
00:44:22,320 --> 00:44:24,360
without sacrificing architectural discipline.

1117
00:44:24,360 --> 00:44:25,360
This is not easy.

1118
00:44:25,360 --> 00:44:27,680
This requires serious governance infrastructure.

1119
00:44:27,680 --> 00:44:30,280
This requires a center of excellence with real authority.

1120
00:44:30,280 --> 00:44:31,960
This requires enforcement mechanisms.

1121
00:44:31,960 --> 00:44:33,040
This requires training.

1122
00:44:33,040 --> 00:44:36,600
This requires a fundamental reframing of what power platform is and what it requires.

1123
00:44:36,600 --> 00:44:40,720
But it is the only path to sustainable power platform architecture.

1124
00:44:40,720 --> 00:44:42,520
Environment architecture strategy.

1125
00:44:42,520 --> 00:44:46,120
Proper environment segmentation treats power platform as what it actually is.

1126
00:44:46,120 --> 00:44:47,640
A tier development platform.

1127
00:44:47,640 --> 00:44:48,800
Not a productivity tool.

1128
00:44:48,800 --> 00:44:50,000
Not a monolithic system.

1129
00:44:50,000 --> 00:44:54,520
A tiered platform where different classes of applications operate under different governance rules.

1130
00:44:54,520 --> 00:44:58,520
This tiering is the foundation of sustainable power platform architecture.

1131
00:44:58,520 --> 00:45:02,680
Without it, everything collapses into the default environment disaster we described.

1132
00:45:02,680 --> 00:45:06,200
With it, you create clear boundaries that separate experimental work

1133
00:45:06,200 --> 00:45:10,040
from production impact, personal productivity from enterprise critical systems.

1134
00:45:10,040 --> 00:45:11,240
The model has three tiers.

1135
00:45:11,240 --> 00:45:13,000
Each tier serves a specific purpose.

1136
00:45:13,000 --> 00:45:16,040
Each tier has different permissions, different connector policies,

1137
00:45:16,040 --> 00:45:17,640
different lifecycle rules.

1138
00:45:17,640 --> 00:45:19,520
Tier one is personal productivity.

1139
00:45:19,520 --> 00:45:21,000
This is the default environment.

1140
00:45:21,000 --> 00:45:23,360
This tier exists for individuals to experiment,

1141
00:45:23,360 --> 00:45:26,240
to learn the platform, to build personal workflow automations,

1142
00:45:26,240 --> 00:45:28,320
to try ideas without impacting anyone else.

1143
00:45:28,320 --> 00:45:31,200
The default environment is restricted, no production data,

1144
00:45:31,200 --> 00:45:34,560
no business critical integrations, no shared applications,

1145
00:45:34,560 --> 00:45:37,040
a personal sandbox where anyone can build.

1146
00:45:37,040 --> 00:45:41,240
Knowing that the blast radius is limited to themselves access to tier one is open.

1147
00:45:41,240 --> 00:45:43,920
Everyone has makeup permissions in the default environment.

1148
00:45:43,920 --> 00:45:44,920
This is intentional.

1149
00:45:44,920 --> 00:45:47,600
The goal is to reduce friction for experimentation.

1150
00:45:47,600 --> 00:45:50,800
Users should be able to try power platform without asking permission,

1151
00:45:50,800 --> 00:45:54,320
without waiting for approval, without explaining to IT what they are building.

1152
00:45:54,320 --> 00:45:56,640
Connector policy in tier one is restrictive.

1153
00:45:56,640 --> 00:46:00,360
Standard business connectors are available, SharePoint, Teams, Outlook,

1154
00:46:00,360 --> 00:46:02,280
Personal Cloud Storage connectors are restricted.

1155
00:46:02,280 --> 00:46:04,200
External API connectors are restricted.

1156
00:46:04,200 --> 00:46:09,080
Anything that creates risk of moving sensitive data outside the organization is blocked.

1157
00:46:09,080 --> 00:46:11,920
The default environment is for learning and personal automation.

1158
00:46:11,920 --> 00:46:14,240
It is not for integrating critical systems.

1159
00:46:14,240 --> 00:46:18,880
Tier two is team solutions, dedicated environments for departmental applications.

1160
00:46:18,880 --> 00:46:21,920
For shared workflows, where a team collaborates on a solution.

1161
00:46:21,920 --> 00:46:25,760
These environments are not personal, they are shared, they require governance,

1162
00:46:25,760 --> 00:46:29,640
teams that want to build shared applications request a tier two environment.

1163
00:46:29,640 --> 00:46:31,600
The request includes business justification.

1164
00:46:31,600 --> 00:46:33,120
What problem does this team solve?

1165
00:46:33,120 --> 00:46:34,880
How many users will use the application?

1166
00:46:34,880 --> 00:46:36,640
What data does it access?

1167
00:46:36,640 --> 00:46:40,000
The organization approves tier two environments based on this justification.

1168
00:46:40,000 --> 00:46:43,200
Once approved, the environment is created with specific governance rules.

1169
00:46:43,200 --> 00:46:45,480
These environments allow standard connectors.

1170
00:46:45,480 --> 00:46:47,880
They allow premium connectors if justified.

1171
00:46:47,880 --> 00:46:50,080
They allow shared data stores in dataverse.

1172
00:46:50,080 --> 00:46:53,400
They allow multiple makers to collaborate on solutions.

1173
00:46:53,400 --> 00:46:56,640
The connectivity is broader than tier one because the scope is broader.

1174
00:46:56,640 --> 00:46:59,240
The impact is organizational, not personal.

1175
00:46:59,240 --> 00:47:01,680
Tier two environments have lifecycle management.

1176
00:47:01,680 --> 00:47:04,440
Applications in these environments have documented owners.

1177
00:47:04,440 --> 00:47:05,640
They have business purposes.

1178
00:47:05,640 --> 00:47:07,000
They have success metrics.

1179
00:47:07,000 --> 00:47:09,080
They have documented retention policies.

1180
00:47:09,080 --> 00:47:12,880
Applications that are no longer used are retired, not kept as zombies,

1181
00:47:12,880 --> 00:47:15,760
actually deactivated and removed from the environment.

1182
00:47:15,760 --> 00:47:17,840
Tier three is enterprise applications.

1183
00:47:17,840 --> 00:47:20,680
Production environments, these environments are restricted.

1184
00:47:20,680 --> 00:47:24,160
Creating an application in a tier three environment requires formal approval.

1185
00:47:24,160 --> 00:47:25,800
It requires architecture review.

1186
00:47:25,800 --> 00:47:27,600
It requires security assessment.

1187
00:47:27,600 --> 00:47:29,280
It requires documented ownership.

1188
00:47:29,280 --> 00:47:30,720
It requires a managed solution.

1189
00:47:30,720 --> 00:47:32,480
It requires deployment through a pipeline.

1190
00:47:32,480 --> 00:47:36,320
It requires testing in a dedicated test environment before production release.

1191
00:47:36,320 --> 00:47:39,480
Service accounts own tier three applications, not individual users.

1192
00:47:39,480 --> 00:47:40,560
Service accounts.

1193
00:47:40,560 --> 00:47:43,640
This prevents often applications when employees leave.

1194
00:47:43,640 --> 00:47:46,600
This prevents applications from becoming personal assets.

1195
00:47:46,600 --> 00:47:47,880
This ensures continuity.

1196
00:47:47,880 --> 00:47:49,720
The service account is the permanent owner.

1197
00:47:49,720 --> 00:47:51,720
Individual makers work within the framework,

1198
00:47:51,720 --> 00:47:53,880
but the service account owns the asset.

1199
00:47:53,880 --> 00:47:55,840
Connector policy in tier three is strict.

1200
00:47:55,840 --> 00:47:57,120
Only approved connectors.

1201
00:47:57,120 --> 00:47:59,840
Only connections authenticated with service accounts.

1202
00:47:59,840 --> 00:48:02,600
Only data flows that have been reviewed and documented.

1203
00:48:02,600 --> 00:48:06,040
Premium connectors in production require explicit justification.

1204
00:48:06,040 --> 00:48:08,960
External APIs in production require security review.

1205
00:48:08,960 --> 00:48:10,720
Tier three is not experimental.

1206
00:48:10,720 --> 00:48:12,200
It is not where you try things.

1207
00:48:12,200 --> 00:48:15,040
It is where you deploy things that matter.

1208
00:48:15,040 --> 00:48:17,320
Here is the critical implementation detail.

1209
00:48:17,320 --> 00:48:21,840
Environment admins enforce this tiering by controlling who can create applications in each tier.

1210
00:48:21,840 --> 00:48:23,080
Tier one is open to everyone.

1211
00:48:23,080 --> 00:48:25,400
Tier two is open to teams with approved environments.

1212
00:48:25,400 --> 00:48:28,480
Tier three is restricted to approved deployments through pipelines.

1213
00:48:28,480 --> 00:48:31,080
The platform itself prevents inappropriate usage.

1214
00:48:31,080 --> 00:48:34,040
Tier one makers cannot create applications in tier three.

1215
00:48:34,040 --> 00:48:37,720
Tier two teams cannot bypass the pipeline for production deployments.

1216
00:48:37,720 --> 00:48:39,240
The common failure is structural.

1217
00:48:39,240 --> 00:48:41,560
Organizations create this environment architecture.

1218
00:48:41,560 --> 00:48:42,640
They define the tiers.

1219
00:48:42,640 --> 00:48:43,760
They publish the policies.

1220
00:48:43,760 --> 00:48:45,000
They build the infrastructure.

1221
00:48:45,000 --> 00:48:48,240
Then they leave the default environment open for production applications.

1222
00:48:48,240 --> 00:48:51,800
They leave the governance recommendations as advisory rather than enforced.

1223
00:48:51,800 --> 00:48:55,480
They do not restrict tier one access to non-production applications.

1224
00:48:55,480 --> 00:48:58,440
They do not enforce tier three pipeline requirements.

1225
00:48:58,440 --> 00:49:01,240
When this happens, the entire architecture collapses.

1226
00:49:01,240 --> 00:49:04,160
The default environment again becomes the production platform.

1227
00:49:04,160 --> 00:49:07,160
The tiering provides visibility without preventing sprawl.

1228
00:49:07,160 --> 00:49:08,760
The governance looks good on paper.

1229
00:49:08,760 --> 00:49:10,240
The architecture fails in practice.

1230
00:49:10,240 --> 00:49:12,120
Proper environment architecture is necessary.

1231
00:49:12,120 --> 00:49:13,280
It is not sufficient.

1232
00:49:13,280 --> 00:49:15,080
You also need deployment discipline.

1233
00:49:15,080 --> 00:49:16,480
You need LM enforcement.

1234
00:49:16,480 --> 00:49:19,520
You need to make the pipeline mandatory, not optional.

1235
00:49:19,520 --> 00:49:21,160
ALM pipeline enforcement.

1236
00:49:21,160 --> 00:49:23,960
ALM stands for application lifecycle management.

1237
00:49:23,960 --> 00:49:27,320
It is a framework that treats applications as managed assets.

1238
00:49:27,320 --> 00:49:28,520
Assets with a lifecycle.

1239
00:49:28,520 --> 00:49:32,080
Assets that move through distinct stages, development, testing, production.

1240
00:49:32,080 --> 00:49:33,920
Each stage has specific requirements.

1241
00:49:33,920 --> 00:49:35,960
Each stage has different governance rules.

1242
00:49:35,960 --> 00:49:38,520
In traditional software development, ALM is enforced.

1243
00:49:38,520 --> 00:49:40,920
You do not deploy code directly to production.

1244
00:49:40,920 --> 00:49:42,760
Code goes through development environments.

1245
00:49:42,760 --> 00:49:44,200
It goes through test environments.

1246
00:49:44,200 --> 00:49:45,480
It goes through staging.

1247
00:49:45,480 --> 00:49:48,200
At each stage, specific gates are enforced.

1248
00:49:48,200 --> 00:49:52,520
Code review, automated testing, performance validation, security scanning.

1249
00:49:52,520 --> 00:49:55,040
Only after passing all gates does the code move forward.

1250
00:49:55,040 --> 00:49:56,520
This process is not optional.

1251
00:49:56,520 --> 00:49:58,840
It is enforced by version control systems.

1252
00:49:58,840 --> 00:50:00,120
By deployment automation.

1253
00:50:00,120 --> 00:50:03,960
By infrastructure as code policies that prevent direct production changes.

1254
00:50:03,960 --> 00:50:07,000
Power platform allows direct deployment without any of this discipline.

1255
00:50:07,000 --> 00:50:10,080
A citizen developer can build an application in the default environment

1256
00:50:10,080 --> 00:50:12,440
and move it to production without version control.

1257
00:50:12,440 --> 00:50:15,840
Without testing, without approval, without documentation.

1258
00:50:15,840 --> 00:50:17,400
The platform does not prevent this.

1259
00:50:17,400 --> 00:50:18,520
The platform enables it.

1260
00:50:18,520 --> 00:50:20,600
ALM pipeline enforcement changes this.

1261
00:50:20,600 --> 00:50:22,720
It makes the development lifecycle mandatory.

1262
00:50:22,720 --> 00:50:25,000
It creates gates that cannot be bypassed.

1263
00:50:25,000 --> 00:50:25,960
Here is how it works.

1264
00:50:25,960 --> 00:50:28,440
Production applications must use managed solutions.

1265
00:50:28,440 --> 00:50:29,880
Not unmanaged solutions.

1266
00:50:29,880 --> 00:50:31,080
Managed solutions.

1267
00:50:31,080 --> 00:50:32,480
This distinction matters.

1268
00:50:32,480 --> 00:50:34,480
Managed solutions have version history.

1269
00:50:34,480 --> 00:50:35,520
They support rollback.

1270
00:50:35,520 --> 00:50:36,680
They support patches.

1271
00:50:36,680 --> 00:50:38,960
Unmanaged solutions are development artifacts.

1272
00:50:38,960 --> 00:50:41,240
They are meant for experimentation, not production.

1273
00:50:41,240 --> 00:50:44,880
A citizen developer in a development environment creates an application.

1274
00:50:44,880 --> 00:50:46,320
They build the functionality.

1275
00:50:46,320 --> 00:50:47,680
They add the business logic.

1276
00:50:47,680 --> 00:50:49,320
They test locally when they are ready.

1277
00:50:49,320 --> 00:50:51,760
They package the application into an unmanaged solution.

1278
00:50:51,760 --> 00:50:53,240
They export that solution.

1279
00:50:53,240 --> 00:50:55,520
The solution file goes into a git repository.

1280
00:50:55,520 --> 00:50:57,560
Now the application has version control.

1281
00:50:57,560 --> 00:50:59,040
The export is tracked.

1282
00:50:59,040 --> 00:51:00,400
Changes are documented.

1283
00:51:00,400 --> 00:51:03,320
From Git, an automated pipeline picks up the solution.

1284
00:51:03,320 --> 00:51:05,040
The pipeline runs automated tests.

1285
00:51:05,040 --> 00:51:08,040
It validates that the solution is properly structured.

1286
00:51:08,040 --> 00:51:09,360
It checks for common errors.

1287
00:51:09,360 --> 00:51:10,640
It runs security scanning.

1288
00:51:10,640 --> 00:51:13,440
If test passes, the pipeline promotes the solution to a test environment.

1289
00:51:13,440 --> 00:51:15,840
In test, real users validate the application.

1290
00:51:15,840 --> 00:51:17,400
They confirm it works as intended.

1291
00:51:17,400 --> 00:51:18,400
They identify issues.

1292
00:51:18,400 --> 00:51:19,760
Issues go back to the developer.

1293
00:51:19,760 --> 00:51:21,160
The developer makes changes.

1294
00:51:21,160 --> 00:51:23,600
The updated solution goes back to the pipeline.

1295
00:51:23,600 --> 00:51:26,120
When testing is complete and the application is approved,

1296
00:51:26,120 --> 00:51:29,800
the pipeline imports the solution into production as a managed solution.

1297
00:51:29,800 --> 00:51:32,000
This managed solution becomes the production version.

1298
00:51:32,000 --> 00:51:33,000
It has version history.

1299
00:51:33,000 --> 00:51:36,640
If something goes wrong, the organization can roll back to the previous version.

1300
00:51:36,640 --> 00:51:39,720
The pipeline enforces that every production change is traceable.

1301
00:51:39,720 --> 00:51:40,960
Every change has a record.

1302
00:51:40,960 --> 00:51:42,200
Every change can be reversed.

1303
00:51:42,200 --> 00:51:43,600
This is ALM enforcement.

1304
00:51:43,600 --> 00:51:45,080
The pipeline is mandatory.

1305
00:51:45,080 --> 00:51:46,440
There is no alternative path.

1306
00:51:46,440 --> 00:51:50,960
Citizen developers cannot bypass the pipeline by importing solutions directly.

1307
00:51:50,960 --> 00:51:53,440
Cannot skip testing by moving to production manually.

1308
00:51:53,440 --> 00:51:56,920
Cannot deploy without approval because the pipeline enforces approval gates.

1309
00:51:56,920 --> 00:51:58,480
The pipeline is not a recommendation.

1310
00:51:58,480 --> 00:52:01,840
The pipeline is the only way production deployments happen.

1311
00:52:01,840 --> 00:52:03,560
Here is the trade-off this creates.

1312
00:52:03,560 --> 00:52:05,880
ALM pipelines introduce process overhead.

1313
00:52:05,880 --> 00:52:08,840
They reduce the instant gratification of power platform development.

1314
00:52:08,840 --> 00:52:12,120
A citizen developer cannot make a change and see it in production immediately.

1315
00:52:12,120 --> 00:52:13,880
The change must go through the pipeline.

1316
00:52:13,880 --> 00:52:14,960
It must pass testing.

1317
00:52:14,960 --> 00:52:15,840
It must be approved.

1318
00:52:15,840 --> 00:52:16,520
This takes time.

1319
00:52:16,520 --> 00:52:17,880
It introduces friction.

1320
00:52:17,880 --> 00:52:22,600
Citizen developers who build applications in two weeks suddenly find that deployment takes two more weeks.

1321
00:52:22,600 --> 00:52:26,840
The business users who loved the speed of power platform suddenly face delays.

1322
00:52:26,840 --> 00:52:32,600
The entire value proposition of local development, rapid iteration, quick time to value, appears to be lost.

1323
00:52:32,600 --> 00:52:34,680
This is where organizations often fail.

1324
00:52:34,680 --> 00:52:35,840
They implement pipelines.

1325
00:52:35,840 --> 00:52:37,920
Citizen developers complain about the friction.

1326
00:52:37,920 --> 00:52:40,440
The organization decides the friction is too high.

1327
00:52:40,440 --> 00:52:41,480
They create exceptions.

1328
00:52:41,480 --> 00:52:44,200
They allow manual deployments for certain applications.

1329
00:52:44,200 --> 00:52:46,320
They skip testing for low-risk changes.

1330
00:52:46,320 --> 00:52:47,920
The pipeline gradually becomes optional.

1331
00:52:47,920 --> 00:52:48,920
Exceptions accumulate.

1332
00:52:48,920 --> 00:52:51,400
The pipeline collapses into advisory governance.

1333
00:52:51,400 --> 00:52:54,800
Organizations that succeed treat ALM pipeline enforcement as non-negotiable.

1334
00:52:54,800 --> 00:52:56,360
Yes, the pipeline adds process.

1335
00:52:56,360 --> 00:52:58,040
Yes, it reduces instant gratification.

1336
00:52:58,040 --> 00:52:58,840
That is the point.

1337
00:52:58,840 --> 00:53:01,280
Production applications should not be deployed instantly.

1338
00:53:01,280 --> 00:53:02,080
They should be tested.

1339
00:53:02,080 --> 00:53:03,080
They should be reviewed.

1340
00:53:03,080 --> 00:53:04,000
They should be managed.

1341
00:53:04,000 --> 00:53:05,360
The friction is not a bug.

1342
00:53:05,360 --> 00:53:06,800
The friction is the feature.

1343
00:53:06,800 --> 00:53:07,800
The frame matters.

1344
00:53:07,800 --> 00:53:12,360
If you frame the pipeline as bureaucracy that slows development, developers will bypass it.

1345
00:53:12,360 --> 00:53:16,960
If you frame the pipeline as a safety net that prevents production failures, enables rollback

1346
00:53:16,960 --> 00:53:19,520
and maintains audit trails, developers accept it.

1347
00:53:19,520 --> 00:53:21,360
The pipeline becomes not a restriction.

1348
00:53:21,360 --> 00:53:23,560
It becomes responsible engineering practice.

1349
00:53:23,560 --> 00:53:26,880
ALM pipeline enforcement requires this mindset shift.

1350
00:53:26,880 --> 00:53:30,160
Citizen developers must understand that production is not a testing ground.

1351
00:53:30,160 --> 00:53:31,440
Production is where users work.

1352
00:53:31,440 --> 00:53:32,960
Production is where data lives.

1353
00:53:32,960 --> 00:53:35,640
Production is where the organization operates.

1354
00:53:35,640 --> 00:53:39,000
Deploying to production without discipline risks production failures.

1355
00:53:39,000 --> 00:53:40,520
Risks data loss.

1356
00:53:40,520 --> 00:53:41,840
Risks security breaches.

1357
00:53:41,840 --> 00:53:44,080
The pipeline is how you prevent these outcomes.

1358
00:53:44,080 --> 00:53:45,600
Connector governance segmentation.

1359
00:53:45,600 --> 00:53:48,360
ALM pipelines enforce the deployment process.

1360
00:53:48,360 --> 00:53:52,520
They ensure that applications move through development, testing and production with appropriate

1361
00:53:52,520 --> 00:53:53,960
gates at each stage.

1362
00:53:53,960 --> 00:53:57,560
But pipelines alone do not control what an application does after it deploys.

1363
00:53:57,560 --> 00:54:02,480
A flow that passes all tests and deploys to production can still move data in ways the

1364
00:54:02,480 --> 00:54:04,160
organization never intended.

1365
00:54:04,160 --> 00:54:09,040
A flow that follows good LM discipline can still connect to services that violate compliance

1366
00:54:09,040 --> 00:54:10,040
policy.

1367
00:54:10,040 --> 00:54:12,520
This is where connector governance becomes critical.

1368
00:54:12,520 --> 00:54:13,800
Connectors are the integration layer.

1369
00:54:13,800 --> 00:54:15,320
They determine what data flows where.

1370
00:54:15,320 --> 00:54:19,160
A connector is a pre-built integration that Power Platform provides.

1371
00:54:19,160 --> 00:54:20,160
Connect to SharePoint.

1372
00:54:20,160 --> 00:54:21,520
Connect to Salesforce.

1373
00:54:21,520 --> 00:54:23,200
Connect to a SQL database.

1374
00:54:23,200 --> 00:54:24,200
Connect to Dropbox.

1375
00:54:24,200 --> 00:54:26,080
Connect to any external API.

1376
00:54:26,080 --> 00:54:28,560
The connector abstracts the integration complexity.

1377
00:54:28,560 --> 00:54:30,800
A flow builder clicks on a connector.

1378
00:54:30,800 --> 00:54:32,000
Specifies what data to move.

1379
00:54:32,000 --> 00:54:36,200
The connector handles the authentication, the API calls, the data transformation.

1380
00:54:36,200 --> 00:54:38,400
The problem is architectural.

1381
00:54:38,400 --> 00:54:42,000
Connectors are approved at the tenant level, not enforced at the application level.

1382
00:54:42,000 --> 00:54:43,520
This is the distinction that matters.

1383
00:54:43,520 --> 00:54:47,160
When an administrator approves a connector that connector becomes available to every

1384
00:54:47,160 --> 00:54:51,520
application in the environment, every flow, every power app, every automation.

1385
00:54:51,520 --> 00:54:55,960
There is no mechanism that says this connector is approved only for this specific application

1386
00:54:55,960 --> 00:54:59,760
or this connector can only access this specific data source.

1387
00:54:59,760 --> 00:55:01,080
The approval is binary.

1388
00:55:01,080 --> 00:55:04,960
Either the connector is available everywhere or it is not available at all.

1389
00:55:04,960 --> 00:55:07,680
Connector governance requires three tier segmentation.

1390
00:55:07,680 --> 00:55:09,520
Not all connectors are equally risky.

1391
00:55:09,520 --> 00:55:11,640
Some connectors touch only internal services.

1392
00:55:11,640 --> 00:55:13,000
Some touch external services.

1393
00:55:13,000 --> 00:55:14,440
Some should be blocked entirely.

1394
00:55:14,440 --> 00:55:16,080
Tier one is low risk connectors.

1395
00:55:16,080 --> 00:55:17,080
SharePoint.

1396
00:55:17,080 --> 00:55:18,080
Teams.

1397
00:55:18,080 --> 00:55:19,080
Outlook.

1398
00:55:19,080 --> 00:55:20,080
Dynamics.

1399
00:55:20,080 --> 00:55:21,080
Internal services that the organization controls.

1400
00:55:21,080 --> 00:55:22,880
These connectors are approved by default.

1401
00:55:22,880 --> 00:55:25,080
Users can use them without additional justification.

1402
00:55:25,080 --> 00:55:26,080
They connect to systems.

1403
00:55:26,080 --> 00:55:27,760
The organization manages.

1404
00:55:27,760 --> 00:55:30,000
The data is subject to organizational controls.

1405
00:55:30,000 --> 00:55:32,200
Tier two is high risk connectors.

1406
00:55:32,200 --> 00:55:36,680
External storage services like Dropbox, Google Drive, Personal OneDrive accounts.

1407
00:55:36,680 --> 00:55:37,960
Social media connectors.

1408
00:55:37,960 --> 00:55:40,000
Generic HTTP APIs.

1409
00:55:40,000 --> 00:55:43,440
Connectors that move data outside the organization or to external services.

1410
00:55:43,440 --> 00:55:45,880
These connectors require explicit approval.

1411
00:55:45,880 --> 00:55:50,440
A flow that uses a high risk connector must be reviewed before deployment.

1412
00:55:50,440 --> 00:55:54,240
The review assesses whether the connector is being used appropriately, whether it is

1413
00:55:54,240 --> 00:55:57,280
moving sensitive data, whether it violates compliance policy.

1414
00:55:57,280 --> 00:55:59,160
Tier three is blocked connectors.

1415
00:55:59,160 --> 00:56:01,160
Colleagues that violate compliance requirements.

1416
00:56:01,160 --> 00:56:03,360
Services that violate data residency policies.

1417
00:56:03,360 --> 00:56:07,520
Services that the organization has determined should never be accessible from power platform.

1418
00:56:07,520 --> 00:56:09,040
These connectors are not available.

1419
00:56:09,040 --> 00:56:10,040
Not in development.

1420
00:56:10,040 --> 00:56:11,040
Not in test.

1421
00:56:11,040 --> 00:56:12,040
Not in production.

1422
00:56:12,040 --> 00:56:15,160
A blocked connector cannot be used regardless of business justification.

1423
00:56:15,160 --> 00:56:18,000
The enforcement mechanism is data loss prevention policies.

1424
00:56:18,000 --> 00:56:21,320
DLP in power platform can restrict connector combinations.

1425
00:56:21,320 --> 00:56:25,720
You can create rules that prevent high risk connectors from accessing sensitive data.

1426
00:56:25,720 --> 00:56:29,920
You can enforce that high risk connectors cannot be used in the same flow as business data

1427
00:56:29,920 --> 00:56:30,920
connectors.

1428
00:56:30,920 --> 00:56:33,920
You can mandate that certain connector combinations are not allowed.

1429
00:56:33,920 --> 00:56:38,720
Third, the flows, thousands of them, were triggering automations across the entire technology

1430
00:56:38,720 --> 00:56:39,560
estate.

1431
00:56:39,560 --> 00:56:43,920
When a maker tries to create a flow that violates DLP policy, the platform blocks it.

1432
00:56:43,920 --> 00:56:45,000
The flow cannot be saved.

1433
00:56:45,000 --> 00:56:46,480
The flow cannot be deployed.

1434
00:56:46,480 --> 00:56:48,800
The policy enforcement is technical, not advisory.

1435
00:56:48,800 --> 00:56:50,400
DLP is not a recommendation.

1436
00:56:50,400 --> 00:56:52,000
DLP is an architecture boundary.

1437
00:56:52,000 --> 00:56:55,240
The real pattern that appears in enterprise audits is straightforward.

1438
00:56:55,240 --> 00:56:57,560
Most organizations have no connector segmentation.

1439
00:56:57,560 --> 00:57:01,120
All connectors are equally accessible, an administrator approves a connector.

1440
00:57:01,120 --> 00:57:02,800
The connector is available to everyone.

1441
00:57:02,800 --> 00:57:05,640
No tier, no restrictions, no enforcement against misuse.

1442
00:57:05,640 --> 00:57:09,800
The consequence is that a single poorly configured flow can expose sensitive data.

1443
00:57:09,800 --> 00:57:13,520
A developer with good intentions connects SharePoint to personal cloud storage.

1444
00:57:13,520 --> 00:57:14,520
The data moves.

1445
00:57:14,520 --> 00:57:17,400
The organization experiences a compliance breach.

1446
00:57:17,400 --> 00:57:20,520
Connector governance requires mapping every connector the organization uses into the

1447
00:57:20,520 --> 00:57:24,960
three-tier model, then enforcing through DLP which connectors can coexist.

1448
00:57:24,960 --> 00:57:28,960
The enforcement prevents architectural misconfigurations before they reach production.

1449
00:57:28,960 --> 00:57:33,240
But connector governance like environment architecture and ALM pipelines is enforced

1450
00:57:33,240 --> 00:57:34,600
through infrastructure policy.

1451
00:57:34,600 --> 00:57:35,600
It is not advisory.

1452
00:57:35,600 --> 00:57:36,600
It is not optional.

1453
00:57:36,600 --> 00:57:37,880
It is architectural.

1454
00:57:37,880 --> 00:57:41,840
And architecture enforcement requires organizational discipline, ownership and life cycle

1455
00:57:41,840 --> 00:57:42,840
policies.

1456
00:57:42,840 --> 00:57:45,640
Connector governance prevents inappropriate data flows.

1457
00:57:45,640 --> 00:57:48,440
ALM pipelines enforce deployment discipline.

1458
00:57:48,440 --> 00:57:50,960
Environment architecture separates development from production.

1459
00:57:50,960 --> 00:57:53,840
These mechanisms control how applications behave.

1460
00:57:53,840 --> 00:57:56,600
But they do not address a fundamental architectural problem.

1461
00:57:56,600 --> 00:57:59,120
Who is responsible for the application after it exists?

1462
00:57:59,120 --> 00:58:02,560
Power platform allows applications to be created without clear ownership.

1463
00:58:02,560 --> 00:58:04,400
A citizen developer builds an application.

1464
00:58:04,400 --> 00:58:05,520
The application deploys.

1465
00:58:05,520 --> 00:58:07,760
The developer becomes the owner by default.

1466
00:58:07,760 --> 00:58:09,960
The ownership is implicit, not explicit.

1467
00:58:09,960 --> 00:58:12,120
The application belongs to the person who built it.

1468
00:58:12,120 --> 00:58:14,320
This creates a specific architectural failure.

1469
00:58:14,320 --> 00:58:17,400
When that person leaves the organization, the application becomes orphaned.

1470
00:58:17,400 --> 00:58:18,400
It still runs.

1471
00:58:18,400 --> 00:58:19,400
It still accesses data.

1472
00:58:19,400 --> 00:58:21,120
It still has security permissions.

1473
00:58:21,120 --> 00:58:22,840
But nobody is responsible for maintaining it.

1474
00:58:22,840 --> 00:58:26,720
Nobody is accountable for ensuring it continues to meet its business purpose.

1475
00:58:26,720 --> 00:58:30,560
Nobody is tasked with retiring it if the business need no longer exists.

1476
00:58:30,560 --> 00:58:33,640
Often applications are technical debt in pure form.

1477
00:58:33,640 --> 00:58:34,920
They consume resources.

1478
00:58:34,920 --> 00:58:36,440
They create security surface.

1479
00:58:36,440 --> 00:58:38,000
They require maintenance effort.

1480
00:58:38,000 --> 00:58:39,720
They provide no measurable value.

1481
00:58:39,720 --> 00:58:44,280
Yet they persist because there is no mechanism that automatically retires them.

1482
00:58:44,280 --> 00:58:45,960
Ownership enforcement solves this.

1483
00:58:45,960 --> 00:58:49,320
Every application must have an explicit owner, not the person who built it.

1484
00:58:49,320 --> 00:58:52,600
An accountable owner responsible for the application's life cycle.

1485
00:58:52,600 --> 00:58:57,120
For production applications, the owner is a service account, not a user, a service account.

1486
00:58:57,120 --> 00:58:58,800
This distinction is critical.

1487
00:58:58,800 --> 00:59:01,080
Service accounts do not leave the organization.

1488
00:59:01,080 --> 00:59:02,840
Service accounts do not change roles.

1489
00:59:02,840 --> 00:59:04,160
Service accounts remain stable.

1490
00:59:04,160 --> 00:59:06,480
They own the application permanently.

1491
00:59:06,480 --> 00:59:08,640
Individual developers can update the application.

1492
00:59:08,640 --> 00:59:12,200
Individual developers can modify the logic, but the service account owns the asset.

1493
00:59:12,200 --> 00:59:15,560
The service account ensures the application has a permanent steward.

1494
00:59:15,560 --> 00:59:19,040
For development and team environments, individual makers can own applications.

1495
00:59:19,040 --> 00:59:20,040
They are experimenting.

1496
00:59:20,040 --> 00:59:22,960
They are learning. They are building shared solutions for their teams.

1497
00:59:22,960 --> 00:59:25,960
Individual ownership is appropriate in lower tier environments.

1498
00:59:25,960 --> 00:59:30,120
But production applications require institutional ownership through service accounts.

1499
00:59:30,120 --> 00:59:34,400
Life cycle policy enforces accountability across the entire application portfolio.

1500
00:59:34,400 --> 00:59:36,560
Every application has a documented purpose.

1501
00:59:36,560 --> 00:59:38,520
What business problem does this application solve?

1502
00:59:38,520 --> 00:59:39,520
Who uses it?

1503
00:59:39,520 --> 00:59:40,520
What data does it access?

1504
00:59:40,520 --> 00:59:41,520
These are not optional details.

1505
00:59:41,520 --> 00:59:43,320
These are architectural requirements.

1506
00:59:43,320 --> 00:59:46,680
An application without documented purpose is an often waiting to happen.

1507
00:59:46,680 --> 00:59:48,680
Every application has success metrics.

1508
00:59:48,680 --> 00:59:50,800
How do we know if this application is delivering value?

1509
00:59:50,800 --> 00:59:52,400
Is usage growing or declining?

1510
00:59:52,400 --> 00:59:53,800
Are users satisfied?

1511
00:59:53,800 --> 00:59:57,200
Has the business problem it was supposed to solve actually been solved?

1512
00:59:57,200 --> 01:00:01,240
Success metrics give the organization data to assess whether an application deserves continued

1513
01:00:01,240 --> 01:00:03,440
investment or should be retired.

1514
01:00:03,440 --> 01:00:05,200
Quartular reviews make ownership meaningful.

1515
01:00:05,200 --> 01:00:07,720
The owner of each application reviews the application.

1516
01:00:07,720 --> 01:00:09,200
Is it still delivering value?

1517
01:00:09,200 --> 01:00:10,960
Is the business purpose still relevant?

1518
01:00:10,960 --> 01:00:11,960
Are there users?

1519
01:00:11,960 --> 01:00:14,560
Are there security or compliance issues that need attention?

1520
01:00:14,560 --> 01:00:16,280
The review is not a checkbox exercise.

1521
01:00:16,280 --> 01:00:20,240
The review is the point where ownership becomes active rather than passive.

1522
01:00:20,240 --> 01:00:23,760
Applications that show zero usage for 90 days enter a deprecation process.

1523
01:00:23,760 --> 01:00:25,240
This is not immediate retirement.

1524
01:00:25,240 --> 01:00:26,800
This is structured deprecation.

1525
01:00:26,800 --> 01:00:28,040
First notification.

1526
01:00:28,040 --> 01:00:31,720
The owner and stakeholders are notified that the application is showing no usage.

1527
01:00:31,720 --> 01:00:35,240
They have the opportunity to justify why the application should continue.

1528
01:00:35,240 --> 01:00:36,680
They can provide business context.

1529
01:00:36,680 --> 01:00:38,200
The metric does not capture.

1530
01:00:38,200 --> 01:00:40,480
They can commit to reactivating the application.

1531
01:00:40,480 --> 01:00:44,240
If no justification is provided, the application enters a remediation window.

1532
01:00:44,240 --> 01:00:48,600
30 days, the stakeholders have one month to demonstrate usage or provide documented business

1533
01:00:48,600 --> 01:00:51,640
justification for keeping the application dormant.

1534
01:00:51,640 --> 01:00:55,720
If the remediation window passes without justification, the application is retired.

1535
01:00:55,720 --> 01:00:57,400
Not deleted, retired.

1536
01:00:57,400 --> 01:00:59,240
It moves to a deactivated state.

1537
01:00:59,240 --> 01:01:00,920
The application is no longer accessible.

1538
01:01:00,920 --> 01:01:02,240
The connections are not active.

1539
01:01:02,240 --> 01:01:04,920
The application is archived, not erased.

1540
01:01:04,920 --> 01:01:07,920
Automatic retirement achieves what advisory governance cannot.

1541
01:01:07,920 --> 01:01:09,360
It reduces the attack surface.

1542
01:01:09,360 --> 01:01:12,600
Deactivated applications no longer consume security permissions.

1543
01:01:12,600 --> 01:01:13,840
It lowers licensing costs.

1544
01:01:13,840 --> 01:01:17,800
The organization is not paying for dataverse capacity or connector licenses for inactive

1545
01:01:17,800 --> 01:01:18,800
applications.

1546
01:01:18,800 --> 01:01:19,800
It simplifies maintenance.

1547
01:01:19,800 --> 01:01:24,360
The organization is not monitoring, patching or supporting applications that deliver no value.

1548
01:01:24,360 --> 01:01:27,280
The resistance to lifecycle management is predictable.

1549
01:01:27,280 --> 01:01:30,920
Business stakeholders will argue that applications should not be retired.

1550
01:01:30,920 --> 01:01:35,040
Applications might become useful again, keeping dormant applications around preserves options.

1551
01:01:35,040 --> 01:01:39,880
The cost of retirement is not justified by the benefit of potential future reactivation.

1552
01:01:39,880 --> 01:01:40,880
This framing is backwards.

1553
01:01:40,880 --> 01:01:43,320
The benefit of retirement is not reclaiming costs.

1554
01:01:43,320 --> 01:01:45,720
The benefit is architectural clarity.

1555
01:01:45,720 --> 01:01:47,800
Applications that do not deliver value should not persist.

1556
01:01:47,800 --> 01:01:48,800
They should be retired.

1557
01:01:48,800 --> 01:01:53,160
If a business need emerges later that resembles the old application, it is cheaper to rebuild

1558
01:01:53,160 --> 01:01:56,840
with current architecture and current business understanding than to maintain a dormant

1559
01:01:56,840 --> 01:02:00,640
application for years, hoping it becomes useful again.

1560
01:02:00,640 --> 01:02:03,440
Frame retirement as freeing resources for innovation.

1561
01:02:03,440 --> 01:02:07,680
Every application the organization retires is a resource freed for building something that

1562
01:02:07,680 --> 01:02:09,960
delivers current business value.

1563
01:02:09,960 --> 01:02:14,320
These four mechanisms, Environment Architecture, ALM Pipelines, Connector Governance, Ownership

1564
01:02:14,320 --> 01:02:16,400
and Lifecycle policies work together.

1565
01:02:16,400 --> 01:02:19,920
They create a cohesive governance framework separately, each is insufficient.

1566
01:02:19,920 --> 01:02:23,880
Together they form sustainable power platform architecture.

1567
01:02:23,880 --> 01:02:26,320
The center of excellence is architecture enforcer.

1568
01:02:26,320 --> 01:02:30,920
These four mechanisms, Environment Architecture, ALM Pipelines, Connector Governance, Ownership

1569
01:02:30,920 --> 01:02:34,400
and Lifecycle policies require a function to enforce them.

1570
01:02:34,400 --> 01:02:38,400
They require someone to own the architecture, someone to make decisions, someone to say

1571
01:02:38,400 --> 01:02:39,640
no when necessary.

1572
01:02:39,640 --> 01:02:43,320
Someone to hold the line when political pressure mounts to circumvent the system.

1573
01:02:43,320 --> 01:02:45,320
That function is the center of excellence.

1574
01:02:45,320 --> 01:02:49,160
But the COE must operate differently than most organizations imagine.

1575
01:02:49,160 --> 01:02:52,760
Most organizations treat the COE as an observability and advisory function.

1576
01:02:52,760 --> 01:02:54,360
The COE publishes best practices.

1577
01:02:54,360 --> 01:02:57,240
The COE maintains dashboards, the COE trains makers.

1578
01:02:57,240 --> 01:02:59,000
The COE recommends governance patterns.

1579
01:02:59,000 --> 01:03:00,880
The COE is a resource center.

1580
01:03:00,880 --> 01:03:03,400
It advises, it guides, it educates.

1581
01:03:03,400 --> 01:03:05,400
This approach fails systematically.

1582
01:03:05,400 --> 01:03:06,880
Advisory governance is not governance.

1583
01:03:06,880 --> 01:03:08,120
It is suggestion.

1584
01:03:08,120 --> 01:03:12,240
For governance to work, the COE must shift from advisory to enforcement.

1585
01:03:12,240 --> 01:03:14,440
The COE owns the environment architecture.

1586
01:03:14,440 --> 01:03:16,320
The COE approves environment requests.

1587
01:03:16,320 --> 01:03:18,960
The COE has veto power over new environments.

1588
01:03:18,960 --> 01:03:23,400
If a business unit wants to create an environment, they request it through the COE.

1589
01:03:23,400 --> 01:03:27,680
The COE assesses whether the request is justified, whether the proposed environment follows

1590
01:03:27,680 --> 01:03:29,440
the tiered architecture.

1591
01:03:29,440 --> 01:03:32,400
Whether the business need cannot be met through existing environments.

1592
01:03:32,400 --> 01:03:34,480
The COE approves or denies the request.

1593
01:03:34,480 --> 01:03:35,760
This is not a recommendation.

1594
01:03:35,760 --> 01:03:37,120
This is architectural authority.

1595
01:03:37,120 --> 01:03:38,880
The COE owns connector policies.

1596
01:03:38,880 --> 01:03:43,080
The COE determines which connectors are in tier one, which are tier two, which are tier three.

1597
01:03:43,080 --> 01:03:45,000
The COE reviews connector requests.

1598
01:03:45,000 --> 01:03:46,280
Can we approve this connector?

1599
01:03:46,280 --> 01:03:47,880
Does it create compliance risk?

1600
01:03:47,880 --> 01:03:49,440
Does it violate data residency?

1601
01:03:49,440 --> 01:03:51,120
The COE makes the decision.

1602
01:03:51,120 --> 01:03:55,400
Connectors are approved or blocked based on architectural assessment, not stakeholder pressure.

1603
01:03:55,400 --> 01:03:57,000
The COE owns alarm pipelines.

1604
01:03:57,000 --> 01:03:59,640
The COE maintains the pipeline infrastructure.

1605
01:03:59,640 --> 01:04:02,720
The COE ensures that production deployments go through the pipeline.

1606
01:04:02,720 --> 01:04:05,960
The COE enforces that exceptions to the pipeline are rare and documented.

1607
01:04:05,960 --> 01:04:09,800
If a business unit wants to bypass the pipeline for a production deployment, they do not

1608
01:04:09,800 --> 01:04:10,800
bypass it.

1609
01:04:10,800 --> 01:04:12,200
They request an exception to the COE.

1610
01:04:12,200 --> 01:04:14,840
The COE assesses whether the exception is justified.

1611
01:04:14,840 --> 01:04:16,760
The COE approves or denies.

1612
01:04:16,760 --> 01:04:20,680
The exception does not happen without explicit COE authorization and documentation.

1613
01:04:20,680 --> 01:04:22,520
The COE owns lifecycle enforcement.

1614
01:04:22,520 --> 01:04:24,400
The COE monitors application usage.

1615
01:04:24,400 --> 01:04:27,880
The COE executes deprecation for applications showing no usage.

1616
01:04:27,880 --> 01:04:31,080
The COE does not ask permission to retire zombie applications.

1617
01:04:31,080 --> 01:04:33,240
The COE executes the policy.

1618
01:04:33,240 --> 01:04:36,800
Applications with zero usage for 90 days are deprecated according to policy.

1619
01:04:36,800 --> 01:04:38,720
The policy is enforcement, not suggestion.

1620
01:04:38,720 --> 01:04:41,720
The shift from advisory to enforcement requires resources.

1621
01:04:41,720 --> 01:04:43,960
The COE cannot be a part-time responsibility.

1622
01:04:43,960 --> 01:04:49,120
A power platform admin working 15% of their time on governance will advise but not enforce.

1623
01:04:49,120 --> 01:04:51,920
Enforcement requires dedicated capacity.

1624
01:04:51,920 --> 01:04:54,760
Organizations that succeed have a full-time platform owner.

1625
01:04:54,760 --> 01:04:58,560
A full-time security lead responsible for connector governance and DLP policy.

1626
01:04:58,560 --> 01:05:03,320
A full-time architect responsible for environment strategy and ALM pipeline maintenance.

1627
01:05:03,320 --> 01:05:05,240
These are not secondary responsibilities.

1628
01:05:05,240 --> 01:05:06,200
These are core functions.

1629
01:05:06,200 --> 01:05:08,480
The COE also requires authority structure.

1630
01:05:08,480 --> 01:05:10,160
The platform owner must have veto power.

1631
01:05:10,160 --> 01:05:12,600
Not influence, not recommendation authority.

1632
01:05:12,600 --> 01:05:13,600
Veto power.

1633
01:05:13,600 --> 01:05:18,000
The COE must be able to say no to environment requests that violate architecture.

1634
01:05:18,000 --> 01:05:19,720
Must be able to deny connector approvals.

1635
01:05:19,720 --> 01:05:23,720
Must be able to enforce retirement policies without requiring stakeholder consensus.

1636
01:05:23,720 --> 01:05:25,400
This authority creates tension.

1637
01:05:25,400 --> 01:05:26,560
Business units resist.

1638
01:05:26,560 --> 01:05:27,920
They want flexibility.

1639
01:05:27,920 --> 01:05:30,480
They want to build what they want when they want it.

1640
01:05:30,480 --> 01:05:33,240
Architectural enforcement limits that flexibility.

1641
01:05:33,240 --> 01:05:36,280
The COE becomes the boundary that prevents architectural chaos.

1642
01:05:36,280 --> 01:05:39,960
Organizations with well-resourced COEs that have genuine enforcement authority

1643
01:05:39,960 --> 01:05:43,880
achieve three to four times better outcomes in security, compliance,

1644
01:05:43,880 --> 01:05:48,440
and operational efficiency compared to organizations with advisory COEs.

1645
01:05:48,440 --> 01:05:49,520
This is not theoretical.

1646
01:05:49,520 --> 01:05:51,840
This is observed pattern across enterprise tenants.

1647
01:05:51,840 --> 01:05:54,800
The trade-off is political giving the COE enforcement authority

1648
01:05:54,800 --> 01:05:57,440
means the business units no longer have complete autonomy.

1649
01:05:57,440 --> 01:05:59,040
Means requests get denied.

1650
01:05:59,040 --> 01:06:01,280
Means policies are enforced even when inconvenient.

1651
01:06:01,280 --> 01:06:03,240
This requires executive sponsorship.

1652
01:06:03,240 --> 01:06:07,800
The CTO or the CIO must visibly champion the COE as a strategic function.

1653
01:06:07,800 --> 01:06:12,680
Must back the COE's authority when business units complain that governance is slowing them down.

1654
01:06:12,680 --> 01:06:17,040
Must frame governance enforcement as enabling responsible innovation, not restricting it.

1655
01:06:17,040 --> 01:06:19,640
Without that executive alignment, the COE collapses.

1656
01:06:19,640 --> 01:06:21,880
Without authority, the COE becomes advisory.

1657
01:06:21,880 --> 01:06:24,560
Without advisory governance, architecture fails.

1658
01:06:24,560 --> 01:06:28,040
The organizations that succeed treat the COE as the control plane.

1659
01:06:28,040 --> 01:06:32,120
The authority structure that ensures power platform operates as a managed platform,

1660
01:06:32,120 --> 01:06:34,720
not an uncontrolled development environment.

1661
01:06:34,720 --> 01:06:36,960
The cultural and organizational requirements.

1662
01:06:36,960 --> 01:06:39,680
Architecture governance requires organizational alignment.

1663
01:06:39,680 --> 01:06:40,680
This is not technical.

1664
01:06:40,680 --> 01:06:41,480
This is structural.

1665
01:06:41,480 --> 01:06:46,240
You cannot enforce environment strategy if security and IT disagree on connector policy.

1666
01:06:46,240 --> 01:06:51,400
You cannot enforce ALM pipelines if the business units believe governance is IT overhead.

1667
01:06:51,400 --> 01:06:56,360
You cannot enforce life cycle management if the stakeholders who own the applications resist retirement.

1668
01:06:56,360 --> 01:07:00,040
Alignment requires a governance council, not a committee, not an advisory board,

1669
01:07:00,040 --> 01:07:01,880
a council with genuine authority.

1670
01:07:01,880 --> 01:07:06,080
Cross-functional representation from IT, security, compliance and business.

1671
01:07:06,080 --> 01:07:07,520
Each function brings a different lens.

1672
01:07:07,520 --> 01:07:09,240
IT brings operational perspective.

1673
01:07:09,240 --> 01:07:10,800
Security brings risk perspective.

1674
01:07:10,800 --> 01:07:12,720
Compliance brings regulatory perspective.

1675
01:07:12,720 --> 01:07:14,160
Business brings value perspective.

1676
01:07:14,160 --> 01:07:17,680
The council synthesizes these perspectives into binding decisions.

1677
01:07:17,680 --> 01:07:19,760
The platform owner represents IT.

1678
01:07:19,760 --> 01:07:24,840
Responsible for environment architecture, ALM pipelines and operational health.

1679
01:07:24,840 --> 01:07:27,520
The security lead represents security and compliance.

1680
01:07:27,520 --> 01:07:31,400
Responsible for connector governance, DLP policy and security enforcement.

1681
01:07:31,400 --> 01:07:33,920
The business sponsor represents the business units.

1682
01:07:33,920 --> 01:07:37,520
Responsible for ensuring governance enables rather than blocks value delivery.

1683
01:07:37,520 --> 01:07:39,200
Each role has equal authority.

1684
01:07:39,200 --> 01:07:40,520
Each role has veto power.

1685
01:07:40,520 --> 01:07:42,680
Decisions require consensus or escalation.

1686
01:07:42,680 --> 01:07:45,760
The governance council establishes decision frameworks.

1687
01:07:45,760 --> 01:07:48,200
Clear criteria for which applications can be built.

1688
01:07:48,200 --> 01:07:51,320
What types of problems is power platform intended to solve?

1689
01:07:51,320 --> 01:07:54,480
What problems should be solved through traditional development instead?

1690
01:07:54,480 --> 01:07:56,480
Criteria for which connectors are approved?

1691
01:07:56,480 --> 01:07:58,320
Which connectors create acceptable risk?

1692
01:07:58,320 --> 01:08:00,680
Which data can be combined with which connectors?

1693
01:08:00,680 --> 01:08:02,280
Criteria for environment requests.

1694
01:08:02,280 --> 01:08:04,320
What business justification is required?

1695
01:08:04,320 --> 01:08:05,760
What is the approval threshold?

1696
01:08:05,760 --> 01:08:07,280
These frameworks are not secret.

1697
01:08:07,280 --> 01:08:08,160
They are published.

1698
01:08:08,160 --> 01:08:09,080
Transparent.

1699
01:08:09,080 --> 01:08:11,800
Every maker in the organization knows the criteria.

1700
01:08:11,800 --> 01:08:13,480
Everyone knows what gets approved and why.

1701
01:08:13,480 --> 01:08:15,600
Everyone knows what gets denied and why.

1702
01:08:15,600 --> 01:08:20,200
This transparency prevents the perception that governance decisions are arbitrary or political.

1703
01:08:20,200 --> 01:08:22,000
Resistance management is unavoidable.

1704
01:08:22,000 --> 01:08:23,960
Business units will resist governance.

1705
01:08:23,960 --> 01:08:26,840
They will argue that approval processes slow them down.

1706
01:08:26,840 --> 01:08:30,080
That architectural restrictions prevent them from building what they need.

1707
01:08:30,080 --> 01:08:31,680
That the COE is bureaucracy.

1708
01:08:31,680 --> 01:08:33,200
This resistance is not malicious.

1709
01:08:33,200 --> 01:08:33,960
It is structural.

1710
01:08:33,960 --> 01:08:35,440
People naturally resist friction.

1711
01:08:35,440 --> 01:08:38,000
Naturally prefer the path of least resistance.

1712
01:08:38,000 --> 01:08:39,920
The response is not to remove the friction.

1713
01:08:39,920 --> 01:08:41,000
The friction is the point.

1714
01:08:41,000 --> 01:08:42,840
The response is to reframe the friction.

1715
01:08:42,840 --> 01:08:44,320
Governance is not restriction.

1716
01:08:44,320 --> 01:08:45,960
But governance is enablement.

1717
01:08:45,960 --> 01:08:48,600
Governance enables responsible innovation at scale.

1718
01:08:48,600 --> 01:08:50,280
Governance prevents technical debt.

1719
01:08:50,280 --> 01:08:52,200
Governance prevents security failures.

1720
01:08:52,200 --> 01:08:53,960
Governance prevents compliance breaches.

1721
01:08:53,960 --> 01:08:57,280
Governance enables the organization to build fast without breaking things.

1722
01:08:57,280 --> 01:09:00,160
This reframing requires executive sponsorship.

1723
01:09:00,160 --> 01:09:03,320
The CTO or the CIO must visibly champion governance.

1724
01:09:03,320 --> 01:09:07,720
Must communicate to the organization that power platform governance is a strategic priority.

1725
01:09:07,720 --> 01:09:10,800
Must back the COE's decisions when business units complain.

1726
01:09:10,800 --> 01:09:13,280
Must frame governance as essential, not optional.

1727
01:09:13,280 --> 01:09:15,080
What executive sponsorship?

1728
01:09:15,080 --> 01:09:16,080
Governance collapses.

1729
01:09:16,080 --> 01:09:20,480
When the CTO remains silent on governance decisions, business units interpret that silence

1730
01:09:20,480 --> 01:09:21,480
as indifference.

1731
01:09:21,480 --> 01:09:22,480
They escalate.

1732
01:09:22,480 --> 01:09:23,480
They go around the COE.

1733
01:09:23,480 --> 01:09:24,480
They request exceptions.

1734
01:09:24,480 --> 01:09:25,960
The governance structure erodes.

1735
01:09:25,960 --> 01:09:28,480
With executive sponsorship governance holds.

1736
01:09:28,480 --> 01:09:33,000
When the CTO says governance is how we operate power platform responsibly, the organization

1737
01:09:33,000 --> 01:09:34,520
hears that message.

1738
01:09:34,520 --> 01:09:37,480
Governance becomes the expected operating model.

1739
01:09:37,480 --> 01:09:41,560
Violations become exceptions requiring escalation, not acceptable workarounds.

1740
01:09:41,560 --> 01:09:43,800
An additional pattern across enterprises.

1741
01:09:43,800 --> 01:09:47,480
Organizations without executive alignment treat governance as an IT checkbox, something

1742
01:09:47,480 --> 01:09:52,320
IT does, something to document for compliance, something that is optional when business pressure

1743
01:09:52,320 --> 01:09:53,320
mounts.

1744
01:09:53,320 --> 01:09:57,560
These organizations implement all the mechanisms we have described, environment architecture,

1745
01:09:57,560 --> 01:10:02,000
ALM pipelines, connector governance, life cycle policies, but none of them are enforced.

1746
01:10:02,000 --> 01:10:04,040
They exist in documentation and dashboards.

1747
01:10:04,040 --> 01:10:06,160
They do not exist in infrastructure.

1748
01:10:06,160 --> 01:10:09,840
Organizations with executive alignment treat governance as a platform requirement, something

1749
01:10:09,840 --> 01:10:14,000
that is built into how power platform operates, something that cannot be bypassed, something

1750
01:10:14,000 --> 01:10:16,560
that everyone understands is non-negotiable.

1751
01:10:16,560 --> 01:10:18,880
The difference in outcomes is profound.

1752
01:10:18,880 --> 01:10:22,920
Organizations with executive alignment report significantly better security posture,

1753
01:10:22,920 --> 01:10:28,120
lower sprawl, lower technical debt accumulation and lower unplanned maintenance burden.

1754
01:10:28,120 --> 01:10:29,120
Cultural change is slow.

1755
01:10:29,120 --> 01:10:31,000
This is not a three month implementation.

1756
01:10:31,000 --> 01:10:32,880
This is sustained organizational shift.

1757
01:10:32,880 --> 01:10:37,520
It requires repeated communication, repeated reinforcement, repeated demonstration that governance

1758
01:10:37,520 --> 01:10:39,520
is the expected operating model.

1759
01:10:39,520 --> 01:10:43,720
Cultural change is the only path to sustainable power platform architecture.

1760
01:10:43,720 --> 01:10:46,360
Architecture without cultural alignment is merely policy.

1761
01:10:46,360 --> 01:10:50,760
Policy without cultural alignment is never enforced and un-inforced policy is not governance.

1762
01:10:50,760 --> 01:10:54,600
Sustainable technical practices, architecture and governance create the framework.

1763
01:10:54,600 --> 01:10:58,720
They establish the boundaries, they enforce the rules, but within that framework individual

1764
01:10:58,720 --> 01:11:01,760
applications still need to be built with discipline.

1765
01:11:01,760 --> 01:11:06,120
Sustainable technical practices are how you operationalize governance, how you make the rules

1766
01:11:06,120 --> 01:11:09,120
actually prevent the problems they are designed to prevent.

1767
01:11:09,120 --> 01:11:11,280
Documentation standards are the first practice.

1768
01:11:11,280 --> 01:11:14,320
Every application must have documented business justification.

1769
01:11:14,320 --> 01:11:17,640
Not a summary, a documented statement of why this application exists.

1770
01:11:17,640 --> 01:11:19,160
What business problem does it solve?

1771
01:11:19,160 --> 01:11:20,160
Who are the users?

1772
01:11:20,160 --> 01:11:21,520
What is the success metric?

1773
01:11:21,520 --> 01:11:23,800
This documentation is not optional ceremony.

1774
01:11:23,800 --> 01:11:28,160
This documentation is how the organization later assesses whether the application is still

1775
01:11:28,160 --> 01:11:29,520
delivering value.

1776
01:11:29,520 --> 01:11:33,320
Without documented purpose, the organization cannot tell the difference between an essential

1777
01:11:33,320 --> 01:11:35,600
application and a zombie waiting for retirement.

1778
01:11:35,600 --> 01:11:39,080
Every production application must have technical architecture documentation.

1779
01:11:39,080 --> 01:11:41,080
Not implementation details.

1780
01:11:41,080 --> 01:11:42,640
Architecture, how is the data structured?

1781
01:11:42,640 --> 01:11:43,960
What are the integration points?

1782
01:11:43,960 --> 01:11:46,440
What external systems does this application depend on?

1783
01:11:46,440 --> 01:11:49,280
What dependencies do other systems have on this application?

1784
01:11:49,280 --> 01:11:52,880
This architecture documentation is how the organization understands the relationships

1785
01:11:52,880 --> 01:11:54,400
between applications.

1786
01:11:54,400 --> 01:11:56,240
How it assesses the impact of changes.

1787
01:11:56,240 --> 01:11:59,320
How it prevents fragile cascades of dependencies.

1788
01:11:59,320 --> 01:12:01,160
Data flow diagrams are mandatory.

1789
01:12:01,160 --> 01:12:02,240
Where does data come from?

1790
01:12:02,240 --> 01:12:03,240
What transformations happen?

1791
01:12:03,240 --> 01:12:04,240
Where does data go?

1792
01:12:04,240 --> 01:12:05,240
This is not a flow chart.

1793
01:12:05,240 --> 01:12:08,320
This is a clear diagram showing every place data touches.

1794
01:12:08,320 --> 01:12:11,840
Every connector, every external system, every storage location.

1795
01:12:11,840 --> 01:12:16,880
When the organization later discovers a compliance issue, the data flow diagram is what identifies

1796
01:12:16,880 --> 01:12:20,240
where the issue originated and what it impacted.

1797
01:12:20,240 --> 01:12:24,520
Code review discipline replaces the assumption that citizen developers automatically produce

1798
01:12:24,520 --> 01:12:25,920
maintainable solutions.

1799
01:12:25,920 --> 01:12:26,920
It does not.

1800
01:12:26,920 --> 01:12:30,200
Code review is how you catch architectural mistakes before they reach production.

1801
01:12:30,200 --> 01:12:34,240
A solution architect reviews every production application before deployment.

1802
01:12:34,240 --> 01:12:35,920
The review is not checking boxes.

1803
01:12:35,920 --> 01:12:39,800
The review is assessing whether the application follows architectural patterns, whether it

1804
01:12:39,800 --> 01:12:43,440
is designed for maintainability, whether it makes reasonable design decisions, whether

1805
01:12:43,440 --> 01:12:45,440
it avoids unnecessary complexity.

1806
01:12:45,440 --> 01:12:46,440
This creates friction.

1807
01:12:46,440 --> 01:12:48,120
Citizen developers want to deploy.

1808
01:12:48,120 --> 01:12:49,440
The code review adds delay.

1809
01:12:49,440 --> 01:12:51,520
The code review can result in rejection.

1810
01:12:51,520 --> 01:12:53,560
The solution architect can say, "Rebuild this.

1811
01:12:53,560 --> 01:12:54,960
The architecture does not work."

1812
01:12:54,960 --> 01:12:55,960
And this is the point.

1813
01:12:55,960 --> 01:13:00,040
Not all applications are ready for production on first attempt, better to catch architectural

1814
01:13:00,040 --> 01:13:05,040
problems before deployment than after the application becomes critical and unmentainable.

1815
01:13:05,040 --> 01:13:06,640
Information requirements move beyond.

1816
01:13:06,640 --> 01:13:09,640
It works on my screen to structured validation.

1817
01:13:09,640 --> 01:13:13,080
Functional testing confirms the application does what it is supposed to do.

1818
01:13:13,080 --> 01:13:16,840
Security review assesses whether the application creates security vulnerabilities.

1819
01:13:16,840 --> 01:13:21,240
Connector security, data access patterns, authentication mechanisms.

1820
01:13:21,240 --> 01:13:23,320
Performance testing confirms the application scales.

1821
01:13:23,320 --> 01:13:26,320
Does the application degrade when users increase?

1822
01:13:26,320 --> 01:13:27,880
Dequiries run with an acceptable time?

1823
01:13:27,880 --> 01:13:29,440
Does the integration handle load?

1824
01:13:29,440 --> 01:13:30,920
These requirements add process.

1825
01:13:30,920 --> 01:13:31,920
They slow deployment.

1826
01:13:31,920 --> 01:13:33,200
They are supposed to.

1827
01:13:33,200 --> 01:13:35,160
And deployment should not be instant.

1828
01:13:35,160 --> 01:13:37,240
Production deployment should be validated.

1829
01:13:37,240 --> 01:13:39,600
Monitoring and alerting are the ongoing practices.

1830
01:13:39,600 --> 01:13:41,360
Production applications are instrumented.

1831
01:13:41,360 --> 01:13:42,360
Failures are detected.

1832
01:13:42,360 --> 01:13:44,320
Performance degradation is captured.

1833
01:13:44,320 --> 01:13:46,160
An anomalous behavior triggers alerts.

1834
01:13:46,160 --> 01:13:47,960
This monitoring is not passive observation.

1835
01:13:47,960 --> 01:13:49,280
This is active management.

1836
01:13:49,280 --> 01:13:52,480
When a flow fails more than expected and alert fires.

1837
01:13:52,480 --> 01:13:56,960
When a query response time degrades and alert fires, someone responsible for the application

1838
01:13:56,960 --> 01:13:57,960
is notified.

1839
01:13:57,960 --> 01:13:58,960
Someone investigates.

1840
01:13:58,960 --> 01:14:01,560
Someone either fixes the issue or escalates it.

1841
01:14:01,560 --> 01:14:04,560
And management establishes clear escalation parts.

1842
01:14:04,560 --> 01:14:07,920
When something goes wrong in production, the responsible party is notified immediately.

1843
01:14:07,920 --> 01:14:08,920
Not hours later.

1844
01:14:08,920 --> 01:14:10,680
Not after users report the problem.

1845
01:14:10,680 --> 01:14:11,680
Immediately.

1846
01:14:11,680 --> 01:14:12,680
The incident is documented.

1847
01:14:12,680 --> 01:14:13,680
The impact is assessed.

1848
01:14:13,680 --> 01:14:16,120
The organization mobilizes to fix it.

1849
01:14:16,120 --> 01:14:20,120
After the incident is resolved, a post-incident review examines what failed.

1850
01:14:20,120 --> 01:14:21,360
What could have prevented it?

1851
01:14:21,360 --> 01:14:24,600
What process should change to prevent recurrence?

1852
01:14:24,600 --> 01:14:28,440
Refactoring discipline treats technical debt as an ongoing liability rather than something

1853
01:14:28,440 --> 01:14:30,520
to address during crisis.

1854
01:14:30,520 --> 01:14:35,360
This allocate capacity 15 to 20% of development effort for refactoring.

1855
01:14:35,360 --> 01:14:40,040
For addressing technical debt incrementally, for improving maintainability, for modernizing

1856
01:14:40,040 --> 01:14:41,520
aging applications.

1857
01:14:41,520 --> 01:14:43,360
This allocation happens continuously.

1858
01:14:43,360 --> 01:14:47,240
It does not wait until the application becomes un-maintainable.

1859
01:14:47,240 --> 01:14:49,400
Reusability patterns accelerate this process.

1860
01:14:49,400 --> 01:14:51,200
Common patterns are packaged as templates.

1861
01:14:51,200 --> 01:14:53,680
Common integrations are packaged as components.

1862
01:14:53,680 --> 01:14:57,720
Instead of every application reinventing the same solutions, teams build on established

1863
01:14:57,720 --> 01:14:58,640
patterns.

1864
01:14:58,640 --> 01:15:00,000
This reduces duplication.

1865
01:15:00,000 --> 01:15:01,480
This accelerates development.

1866
01:15:01,480 --> 01:15:04,720
This creates consistency across the application portfolio.

1867
01:15:04,720 --> 01:15:08,520
Organizations that implement these practices systematically report maintenance cost reductions

1868
01:15:08,520 --> 01:15:09,840
of 20 to 50%.

1869
01:15:09,840 --> 01:15:10,840
This is not theoretical.

1870
01:15:10,840 --> 01:15:12,360
This is observed pattern.

1871
01:15:12,360 --> 01:15:15,320
Applications built with discipline cost less to maintain.

1872
01:15:15,320 --> 01:15:18,760
Applications that undergo consistent refactoring accumulate less debt.

1873
01:15:18,760 --> 01:15:21,640
Applications that follow established patterns scale more reliably.

1874
01:15:21,640 --> 01:15:26,480
These practices combined with architecture and governance create sustainable power platform

1875
01:15:26,480 --> 01:15:27,480
operation.

1876
01:15:27,480 --> 01:15:28,480
Not frictionless.

1877
01:15:28,480 --> 01:15:29,480
Not instant.

1878
01:15:29,480 --> 01:15:33,800
What sustainable power platform architecture actually looks like.

1879
01:15:33,800 --> 01:15:37,600
Sustainable power platform architecture is not governance as restriction.

1880
01:15:37,600 --> 01:15:40,160
Governance as restriction is what most organizations implement.

1881
01:15:40,160 --> 01:15:43,400
It is rules designed to prevent people from doing what they want to do.

1882
01:15:43,400 --> 01:15:44,400
It is bureaucracy.

1883
01:15:44,400 --> 01:15:45,400
It is friction.

1884
01:15:45,400 --> 01:15:46,400
It creates resentment.

1885
01:15:46,400 --> 01:15:49,120
Sustainable architecture is governance as enablement.

1886
01:15:49,120 --> 01:15:53,440
It is a framework that makes responsible innovation faster than irresponsible innovation.

1887
01:15:53,440 --> 01:15:56,280
It is rules designed to prevent certain kinds of failure.

1888
01:15:56,280 --> 01:16:00,080
It removes the uncertainty and friction that comes from unmanaged platforms.

1889
01:16:00,080 --> 01:16:03,600
It accelerates the path to production for applications that follow the rules.

1890
01:16:03,600 --> 01:16:06,640
Here is what the model actually looks like when implemented.

1891
01:16:06,640 --> 01:16:08,320
Environment architecture is tiered.

1892
01:16:08,320 --> 01:16:10,240
Default environment is locked down.

1893
01:16:10,240 --> 01:16:11,360
Personal experimentation only.

1894
01:16:11,360 --> 01:16:12,360
No production data.

1895
01:16:12,360 --> 01:16:13,600
No business critical connectors.

1896
01:16:13,600 --> 01:16:14,600
Makers can experiment.

1897
01:16:14,600 --> 01:16:15,920
Can learn the platform.

1898
01:16:15,920 --> 01:16:17,320
Can build personal automations.

1899
01:16:17,320 --> 01:16:20,440
They cannot accidentally move sensitive data to external services.

1900
01:16:20,440 --> 01:16:22,040
The platform architecture prevents it.

1901
01:16:22,040 --> 01:16:24,000
The default environment is restricted.

1902
01:16:24,000 --> 01:16:26,000
The two environments are for team solutions.

1903
01:16:26,000 --> 01:16:27,480
Clear business justification required.

1904
01:16:27,480 --> 01:16:28,480
Approval process.

1905
01:16:28,480 --> 01:16:32,040
Once approved, the environment is created with defined governance rules.

1906
01:16:32,040 --> 01:16:33,960
Teams can build shared applications.

1907
01:16:33,960 --> 01:16:35,200
Multiple makers can collaborate.

1908
01:16:35,200 --> 01:16:37,320
The environment allows standard connectors.

1909
01:16:37,320 --> 01:16:39,560
Tier 3 is enterprise production.

1910
01:16:39,560 --> 01:16:40,560
Restricted access.

1911
01:16:40,560 --> 01:16:42,360
Formal architecture review required.

1912
01:16:42,360 --> 01:16:43,640
Security assessment required.

1913
01:16:43,640 --> 01:16:44,640
Managed solutions.

1914
01:16:44,640 --> 01:16:45,640
Mandatory.

1915
01:16:45,640 --> 01:16:46,640
Deployment through pipelines.

1916
01:16:46,640 --> 01:16:47,640
Mandatory.

1917
01:16:47,640 --> 01:16:48,640
Service account ownership.

1918
01:16:48,640 --> 01:16:49,640
Mandatory.

1919
01:16:49,640 --> 01:16:52,040
The platform enforces these requirements at the infrastructure level.

1920
01:16:52,040 --> 01:16:55,160
Tier 1 makers cannot create applications in tier 3.

1921
01:16:55,160 --> 01:16:57,360
Tier 2 teams cannot bypass the pipeline.

1922
01:16:57,360 --> 01:16:59,120
Connector governance is 3 tier.

1923
01:16:59,120 --> 01:17:00,160
Low-risk connectors.

1924
01:17:00,160 --> 01:17:01,160
SharePoint teams.

1925
01:17:01,160 --> 01:17:03,200
Outlook are available in all environments.

1926
01:17:03,200 --> 01:17:04,520
High-risk connectors.

1927
01:17:04,520 --> 01:17:05,680
External storage.

1928
01:17:05,680 --> 01:17:06,600
Social media.

1929
01:17:06,600 --> 01:17:08,560
Generic HTTP APIs.

1930
01:17:08,560 --> 01:17:10,320
Require explicit approval.

1931
01:17:10,320 --> 01:17:12,600
Blocks connectors are not available anywhere.

1932
01:17:12,600 --> 01:17:15,640
DLP policies enforce the segmentation at creation time.

1933
01:17:15,640 --> 01:17:18,640
A maker tries to create a flow that violates DLP policy.

1934
01:17:18,640 --> 01:17:19,560
The platform blocks it.

1935
01:17:19,560 --> 01:17:20,840
The flow cannot be saved.

1936
01:17:20,840 --> 01:17:23,560
The violation is prevented, not detected after the fact.

1937
01:17:23,560 --> 01:17:26,200
ALM pipelines are mandatory for production.

1938
01:17:26,200 --> 01:17:30,200
Applications move through development testing, production through automated pipelines.

1939
01:17:30,200 --> 01:17:31,920
The pipeline runs automated tests.

1940
01:17:31,920 --> 01:17:33,800
The pipeline enforces security scanning.

1941
01:17:33,800 --> 01:17:35,560
The pipeline requires approval gates.

1942
01:17:35,560 --> 01:17:36,880
The pipeline is not optional.

1943
01:17:36,880 --> 01:17:38,240
There is no alternative path.

1944
01:17:38,240 --> 01:17:39,680
No manual imports.

1945
01:17:39,680 --> 01:17:41,760
No direct production deployments.

1946
01:17:41,760 --> 01:17:43,960
The pipeline is the only way to reach production.

1947
01:17:43,960 --> 01:17:47,600
This creates a two-week deployment cycle instead of instant deployment.

1948
01:17:47,600 --> 01:17:48,560
This is intentional.

1949
01:17:48,560 --> 01:17:50,720
Instant deployment to production is not responsible

1950
01:17:50,720 --> 01:17:51,720
for engineering.

1951
01:17:51,720 --> 01:17:53,680
Tested review tracked deployment is.

1952
01:17:53,680 --> 01:17:55,200
Ownership enforcement is clear.

1953
01:17:55,200 --> 01:17:58,000
Production applications are owned by service accounts.

1954
01:17:58,000 --> 01:17:59,000
Not users.

1955
01:17:59,000 --> 01:18:00,000
Service accounts.

1956
01:18:00,000 --> 01:18:01,800
This ensures continuity.

1957
01:18:01,800 --> 01:18:04,200
When the developer leaves, the service account remains.

1958
01:18:04,200 --> 01:18:05,960
The application has a permanent steward.

1959
01:18:05,960 --> 01:18:09,560
Quarantly reviews assess whether applications are delivering value.

1960
01:18:09,560 --> 01:18:12,240
Applications showing zero usage for 90 days are deprecated.

1961
01:18:12,240 --> 01:18:14,280
Not kept as often, actually retired.

1962
01:18:14,280 --> 01:18:16,840
The organization stops paying for infrastructure.

1963
01:18:16,840 --> 01:18:18,440
Stops maintaining connections.

1964
01:18:18,440 --> 01:18:20,360
Stops managing security permissions.

1965
01:18:20,360 --> 01:18:22,760
Stops managing applications that deliver no value.

1966
01:18:22,760 --> 01:18:24,680
The center of excellence is not advisory.

1967
01:18:24,680 --> 01:18:26,320
The QE has authority.

1968
01:18:26,320 --> 01:18:27,840
Environment requests go through the COE.

1969
01:18:27,840 --> 01:18:30,880
The COE approves or denies based on architecture.

1970
01:18:30,880 --> 01:18:32,440
Connector requests go through the COE.

1971
01:18:32,440 --> 01:18:35,000
The COE determines tier one, tier two, tier three.

1972
01:18:35,000 --> 01:18:37,160
LMP pipeline exceptions go through the COE.

1973
01:18:37,160 --> 01:18:38,480
The COE documents and approves.

1974
01:18:38,480 --> 01:18:39,840
The COE owns the architecture.

1975
01:18:39,840 --> 01:18:41,400
The COE enforces it.

1976
01:18:41,400 --> 01:18:42,400
Measurement is continuous.

1977
01:18:42,400 --> 01:18:43,880
Dashboards track adoption.

1978
01:18:43,880 --> 01:18:44,880
Track cost.

1979
01:18:44,880 --> 01:18:46,080
Track app portfolio health.

1980
01:18:46,080 --> 01:18:47,920
Track technical debt accumulation.

1981
01:18:47,920 --> 01:18:49,080
Track success metrics.

1982
01:18:49,080 --> 01:18:50,760
The organization knows what is running.

1983
01:18:50,760 --> 01:18:52,280
Know what is delivering value.

1984
01:18:52,280 --> 01:18:55,120
Know what is consuming resources without delivering benefit.

1985
01:18:55,120 --> 01:18:56,760
This measurement informs decisions.

1986
01:18:56,760 --> 01:18:59,320
This measurement makes life cycle management possible.

1987
01:18:59,320 --> 01:19:02,000
Real outcome is what differentiates sustainable

1988
01:19:02,000 --> 01:19:03,160
from aspirational.

1989
01:19:03,160 --> 01:19:05,160
Organizations that implement this architecture

1990
01:19:05,160 --> 01:19:07,480
report faster innovation, not slower.

1991
01:19:07,480 --> 01:19:08,920
Report lower costs, not higher.

1992
01:19:08,920 --> 01:19:10,800
Report better compliance, not worse.

1993
01:19:10,800 --> 01:19:12,160
This seems paradoxical.

1994
01:19:12,160 --> 01:19:14,200
More governance should slow innovation.

1995
01:19:14,200 --> 01:19:15,640
More rules should increase cost.

1996
01:19:15,640 --> 01:19:18,440
More restrictions should reduce compliance violations.

1997
01:19:18,440 --> 01:19:19,640
But here is what actually happens.

1998
01:19:19,640 --> 01:19:22,880
Governance removes the chaos that slows innovation.

1999
01:19:22,880 --> 01:19:25,280
Removes the rework that increases cost.

2000
01:19:25,280 --> 01:19:28,520
Removes the unmanaged sprawl that creates compliance violations.

2001
01:19:28,520 --> 01:19:31,840
A developer in a well-governed organization knows what the rules are.

2002
01:19:31,840 --> 01:19:33,160
Knows what gets approved.

2003
01:19:33,160 --> 01:19:35,440
Can iterate rapidly within defined boundaries.

2004
01:19:35,440 --> 01:19:36,840
Knows that once they reach production,

2005
01:19:36,840 --> 01:19:38,400
their application will be maintained.

2006
01:19:38,400 --> 01:19:40,000
Will be monitored, will be supported.

2007
01:19:40,000 --> 01:19:42,520
Innovation accelerates because the uncertainty is gone.

2008
01:19:42,520 --> 01:19:44,440
A developer in an unmanaged organization

2009
01:19:44,440 --> 01:19:48,360
faces constant friction, friction from unexpected production failures.

2010
01:19:48,360 --> 01:19:50,280
Friction from unsustainable technical debt.

2011
01:19:50,280 --> 01:19:51,800
Friction from unclear ownership.

2012
01:19:51,800 --> 01:19:55,440
Friction from applications that become unmentanable.

2013
01:19:55,440 --> 01:19:57,000
This friction slows innovation.

2014
01:19:57,000 --> 01:19:58,720
This friction increases cost.

2015
01:19:58,720 --> 01:20:00,560
This friction creates compliance violations

2016
01:20:00,560 --> 01:20:03,800
because people bypass governance to avoid the friction.

2017
01:20:03,800 --> 01:20:06,440
Sustainable architecture removes that friction

2018
01:20:06,440 --> 01:20:09,160
by making governance fast and automated.

2019
01:20:09,160 --> 01:20:12,200
Environment requests are processed in days, not weeks.

2020
01:20:12,200 --> 01:20:13,800
ALM pipelines are automated.

2021
01:20:13,800 --> 01:20:15,920
Connector governance is enforced by the platform,

2022
01:20:15,920 --> 01:20:17,400
not by manual review.

2023
01:20:17,400 --> 01:20:19,080
Lifecycle management is automatic.

2024
01:20:19,080 --> 01:20:22,320
The organization does not ask permission to retire zombie applications.

2025
01:20:22,320 --> 01:20:24,120
The organization executes the policy.

2026
01:20:24,120 --> 01:20:25,320
The rules are clear.

2027
01:20:25,320 --> 01:20:26,560
The enforcement is fast.

2028
01:20:26,560 --> 01:20:28,160
The path to compliance is efficient.

2029
01:20:28,160 --> 01:20:30,400
This is the architecture that succeeds.

2030
01:20:30,400 --> 01:20:32,000
The mindset shift required.

2031
01:20:32,000 --> 01:20:33,720
The entire framework we have described,

2032
01:20:33,720 --> 01:20:36,200
environment architecture, ALM pipelines,

2033
01:20:36,200 --> 01:20:38,280
connector governance, lifecycle policies,

2034
01:20:38,280 --> 01:20:41,600
centers of excellence, all of it depends on the single prerequisite.

2035
01:20:41,600 --> 01:20:44,880
A fundamental mindset shift about what power platform is.

2036
01:20:44,880 --> 01:20:47,280
The old narrative is, low code means less

2037
01:20:47,280 --> 01:20:48,120
governance.

2038
01:20:48,120 --> 01:20:49,720
This narrative is seductive.

2039
01:20:49,720 --> 01:20:51,960
Low code platforms are marketed on speed,

2040
01:20:51,960 --> 01:20:54,040
on accessibility, on democratization.

2041
01:20:54,040 --> 01:20:57,000
The narrative says that low code removes the IT backlog

2042
01:20:57,000 --> 01:20:59,680
by enabling non-technical users to build applications

2043
01:20:59,680 --> 01:21:01,200
without needing developers.

2044
01:21:01,200 --> 01:21:03,960
Removes the friction of traditional software development.

2045
01:21:03,960 --> 01:21:06,320
Removes the overhead of formal processes.

2046
01:21:06,320 --> 01:21:07,600
Low code means fast.

2047
01:21:07,600 --> 01:21:08,880
Low code means simple.

2048
01:21:08,880 --> 01:21:10,560
Low code means less governance.

2049
01:21:10,560 --> 01:21:12,440
This narrative is wrong.

2050
01:21:12,440 --> 01:21:16,200
The new reality is, low code means distributed governance.

2051
01:21:16,200 --> 01:21:18,600
Power platform is not replacing software engineering.

2052
01:21:18,600 --> 01:21:21,960
It is distributing software engineering across the organization.

2053
01:21:21,960 --> 01:21:25,360
Every citizen developer who builds an application in power platform

2054
01:21:25,360 --> 01:21:27,480
is performing software engineering work.

2055
01:21:27,480 --> 01:21:29,240
They are architecting data models.

2056
01:21:29,240 --> 01:21:30,640
They are building business logic.

2057
01:21:30,640 --> 01:21:32,000
They are integrating systems.

2058
01:21:32,000 --> 01:21:33,520
They are making security decisions.

2059
01:21:33,520 --> 01:21:35,240
They are handling sensitive information.

2060
01:21:35,240 --> 01:21:37,080
They are performing functions that have traditionally

2061
01:21:37,080 --> 01:21:39,640
been the domain of professional software engineers.

2062
01:21:39,640 --> 01:21:41,080
The governance did not disappear.

2063
01:21:41,080 --> 01:21:42,480
The governance became distributed.

2064
01:21:42,480 --> 01:21:45,000
The organization went from one team of developers

2065
01:21:45,000 --> 01:21:48,240
implementing one governance model to hundreds of makers

2066
01:21:48,240 --> 01:21:52,080
implementing governance or not implementing governance independently.

2067
01:21:52,080 --> 01:21:54,400
The complexity of governance increased exponentially.

2068
01:21:54,400 --> 01:21:57,800
The organization now needs governance discipline, not just in IT.

2069
01:21:57,800 --> 01:22:00,000
Governance discipline across the entire platform.

2070
01:22:00,000 --> 01:22:03,120
Across every maker, across every application.

2071
01:22:03,120 --> 01:22:06,360
This is the uncomfortable truth that most organizations avoid.

2072
01:22:06,360 --> 01:22:08,600
Citizen developers are software engineers.

2073
01:22:08,600 --> 01:22:10,040
They have different skill levels.

2074
01:22:10,040 --> 01:22:11,320
They have different backgrounds.

2075
01:22:11,320 --> 01:22:12,600
They have different training.

2076
01:22:12,600 --> 01:22:14,680
But they are performing software engineering work.

2077
01:22:14,680 --> 01:22:17,560
The organization that enables them without applying software engineering

2078
01:22:17,560 --> 01:22:20,080
discipline to their work is enabling architectural failure.

2079
01:22:20,080 --> 01:22:21,680
Here is what this actually requires.

2080
01:22:21,680 --> 01:22:22,880
It requires training.

2081
01:22:22,880 --> 01:22:26,480
Not here is how to click buttons in power apps, training, real training,

2082
01:22:26,480 --> 01:22:29,480
training in data modeling, training in integration architecture,

2083
01:22:29,480 --> 01:22:32,600
training in security principles, training in performance optimization,

2084
01:22:32,600 --> 01:22:36,280
training in documentation discipline, training that transform citizen developers

2085
01:22:36,280 --> 01:22:38,120
into competent software engineers.

2086
01:22:38,120 --> 01:22:39,520
It requires accountability.

2087
01:22:39,520 --> 01:22:42,600
Not you are responsible for your application accountability.

2088
01:22:42,600 --> 01:22:46,080
Real accountability, performance reviews that assess whether applications meet

2089
01:22:46,080 --> 01:22:47,200
architectural standards.

2090
01:22:47,200 --> 01:22:51,800
Career progression that rewards engineers who follow discipline and penalizes those who do not.

2091
01:22:51,800 --> 01:22:55,800
Accountability that makes clear that building without discipline is not acceptable.

2092
01:22:55,800 --> 01:22:57,400
It requires architecture discipline.

2093
01:22:57,400 --> 01:22:59,960
Not here are some guidelines, real discipline.

2094
01:22:59,960 --> 01:23:01,200
Standards that are enforced.

2095
01:23:01,200 --> 01:23:02,640
Patterns that are mandatory.

2096
01:23:02,640 --> 01:23:04,200
Approaches that are required.

2097
01:23:04,200 --> 01:23:05,800
Alternatives that are blocked.

2098
01:23:05,800 --> 01:23:09,000
Discipline that makes following the rules easier than breaking them.

2099
01:23:09,000 --> 01:23:11,880
It requires governance enforcement, not advisory governance.

2100
01:23:11,880 --> 01:23:15,000
Real enforcement, environment restrictions that cannot be bypassed.

2101
01:23:15,000 --> 01:23:16,840
Elm pipelines that are mandatory.

2102
01:23:16,840 --> 01:23:19,480
Connector policies that are technical boundaries.

2103
01:23:19,480 --> 01:23:22,000
Life cycle policies that automatically execute.

2104
01:23:22,000 --> 01:23:23,960
Governance that is built into the infrastructure.

2105
01:23:23,960 --> 01:23:26,120
The benefit of making this shift is real.

2106
01:23:26,120 --> 01:23:29,480
Organizations that treat power platform as a development platform

2107
01:23:29,480 --> 01:23:33,040
that requires development discipline, unlock genuine productivity gains.

2108
01:23:33,040 --> 01:23:34,960
They build faster. They build more reliably.

2109
01:23:34,960 --> 01:23:36,640
They build with lower technical debt.

2110
01:23:36,640 --> 01:23:37,960
They operate with lower risk.

2111
01:23:37,960 --> 01:23:39,200
They accumulate less sprawl.

2112
01:23:39,200 --> 01:23:40,680
They achieve sustainable growth.

2113
01:23:40,680 --> 01:23:43,040
The risk of not making this shift is equally real.

2114
01:23:43,040 --> 01:23:45,880
Organizations that pretend low code means less governance.

2115
01:23:45,880 --> 01:23:48,040
End up with everything we have described.

2116
01:23:48,040 --> 01:23:48,720
sprawl.

2117
01:23:48,720 --> 01:23:50,200
debt. Security exposure.

2118
01:23:50,200 --> 01:23:51,360
Compliance violations.

2119
01:23:51,360 --> 01:23:52,680
Escalating costs.

2120
01:23:52,680 --> 01:23:54,240
Unmanageable complexity.

2121
01:23:54,240 --> 01:23:56,440
They end up with uncontrolled development platforms

2122
01:23:56,440 --> 01:23:58,960
masquerading as productivity tools.

2123
01:23:58,960 --> 01:24:01,040
Real observation from enterprise audits.

2124
01:24:01,040 --> 01:24:04,760
The difference between successful and unsuccessful power platform implementations

2125
01:24:04,760 --> 01:24:05,680
is not tooling.

2126
01:24:05,680 --> 01:24:09,200
Both successful and unsuccessful organizations use the same platform.

2127
01:24:09,200 --> 01:24:10,880
They have access to the same features.

2128
01:24:10,880 --> 01:24:12,760
They have access to the same governance tools.

2129
01:24:12,760 --> 01:24:14,240
The difference is mindset.

2130
01:24:14,240 --> 01:24:18,080
Successful organizations understand that power platform is a development platform.

2131
01:24:18,080 --> 01:24:19,720
They apply development discipline.

2132
01:24:19,720 --> 01:24:21,200
They enforce architecture.

2133
01:24:21,200 --> 01:24:22,480
They measure outcomes.

2134
01:24:22,480 --> 01:24:25,000
They retire applications that do not deliver value.

2135
01:24:25,000 --> 01:24:28,720
They invest in the governance infrastructure required to operate at scale.

2136
01:24:28,720 --> 01:24:32,640
Unsuccessful organizations understand that power platform is a productivity tool.

2137
01:24:32,640 --> 01:24:33,560
They enable it.

2138
01:24:33,560 --> 01:24:34,600
They encourage use.

2139
01:24:34,600 --> 01:24:35,800
They avoid bureaucracy.

2140
01:24:35,800 --> 01:24:37,240
They treat governance as optional.

2141
01:24:37,240 --> 01:24:38,640
They accumulate debt and sprawl.

2142
01:24:38,640 --> 01:24:41,320
They eventually face crisis and attempt remediation.

2143
01:24:41,320 --> 01:24:44,600
The mindset shift is the prerequisite for everything else.

2144
01:24:44,600 --> 01:24:46,960
Without it governance is theatrical.

2145
01:24:46,960 --> 01:24:48,880
Infrastructure exists but is not enforced.

2146
01:24:48,880 --> 01:24:51,120
Rules are published but are not maintained.

2147
01:24:51,120 --> 01:24:53,040
Architecture is designed but is not implemented.

2148
01:24:53,040 --> 01:24:55,080
With it everything becomes possible.

2149
01:24:55,080 --> 01:24:56,600
Governance is enforced.

2150
01:24:56,600 --> 01:24:58,120
Infrastructure enables compliance.

2151
01:24:58,120 --> 01:24:59,440
Rules are maintained.

2152
01:24:59,440 --> 01:25:00,640
Architecture is sustainable.

2153
01:25:00,640 --> 01:25:02,440
This mindset shift is not technical.

2154
01:25:02,440 --> 01:25:03,440
It is cultural.

2155
01:25:03,440 --> 01:25:04,800
It requires executive sponsorship.

2156
01:25:04,800 --> 01:25:06,440
It requires sustained communication.

2157
01:25:06,440 --> 01:25:10,160
It requires visible commitment that power platform is a platform not a toy.

2158
01:25:10,160 --> 01:25:12,400
That governance is how the organization operates.

2159
01:25:12,400 --> 01:25:13,800
Not an optional layer.

2160
01:25:13,800 --> 01:25:17,560
The organizations that make this shift early gain competitive advantage.

2161
01:25:17,560 --> 01:25:18,560
They scale faster.

2162
01:25:18,560 --> 01:25:19,760
They operate with more confidence.

2163
01:25:19,760 --> 01:25:24,560
They unlock real value from low-code platforms without drowning in debt.

2164
01:25:24,560 --> 01:25:26,320
Immediate governance checklist.

2165
01:25:26,320 --> 01:25:28,200
Start with default environment lockdown.

2166
01:25:28,200 --> 01:25:29,200
Restrict connectors.

2167
01:25:29,200 --> 01:25:30,600
Disable production apps.

2168
01:25:30,600 --> 01:25:33,720
Create three tier environments personal team enterprise.

2169
01:25:33,720 --> 01:25:35,720
DLP policies and ALM pipelines.

2170
01:25:35,720 --> 01:25:37,720
In forced service account ownership.

2171
01:25:37,720 --> 01:25:40,400
Retire unused apps after 90 days of zero usage.

2172
01:25:40,400 --> 01:25:43,000
Establish a center of excellence with genuine authority.

2173
01:25:43,000 --> 01:25:44,760
Track adoption and cost.

2174
01:25:44,760 --> 01:25:46,520
Timeline 12 weeks.

2175
01:25:46,520 --> 01:25:47,960
Executive risk summary.

2176
01:25:47,960 --> 01:25:53,240
For IT leadership the power platform problem is not fundamentally a citizen developer initiative problem.

2177
01:25:53,240 --> 01:25:55,320
Citizen developers are symptoms not causes.

2178
01:25:55,320 --> 01:25:57,160
The problem is a platform governance problem.

2179
01:25:57,160 --> 01:26:00,280
You have deployed a development platform without development discipline.

2180
01:26:00,280 --> 01:26:03,680
You are operating that platform without architecture enforcement.

2181
01:26:03,680 --> 01:26:07,920
You are pretending governance is optional because the platform is popular and adoption is strong.

2182
01:26:07,920 --> 01:26:09,240
Reframed this in your mind.

2183
01:26:09,240 --> 01:26:11,200
Power platform is not a productivity tool.

2184
01:26:11,200 --> 01:26:13,120
It is not an alternative to spreadsheets.

2185
01:26:13,120 --> 01:26:17,520
It is a distributed development environment embedded inside Microsoft 365.

2186
01:26:17,520 --> 01:26:18,600
Treated accordingly.

2187
01:26:18,600 --> 01:26:20,440
The risk categories are concrete.

2188
01:26:20,440 --> 01:26:22,440
Architecture sprawl is the first category.

2189
01:26:22,440 --> 01:26:24,960
Unmanaged app proliferation creates visibility gaps.

2190
01:26:24,960 --> 01:26:26,560
It creates operational complexity.

2191
01:26:26,560 --> 01:26:28,520
It creates dependencies you cannot see.

2192
01:26:28,520 --> 01:26:31,400
An application in the default environment depends on a connector.

2193
01:26:31,400 --> 01:26:34,800
That connector depends on a service account that service account gets deprovisioned.

2194
01:26:34,800 --> 01:26:36,520
The application fails silently.

2195
01:26:36,520 --> 01:26:38,040
Nobody knows it failed for weeks.

2196
01:26:38,040 --> 01:26:39,360
The ripple effects cascade.

2197
01:26:39,360 --> 01:26:42,680
This is architecture sprawl creating operational risk.

2198
01:26:42,680 --> 01:26:45,320
Security exposure is the second category.

2199
01:26:45,320 --> 01:26:49,360
Overly permissive connectors move sensitive data outside the organization.

2200
01:26:49,360 --> 01:26:52,640
Missing the LP segmentation allows risky connector combinations.

2201
01:26:52,640 --> 01:26:56,680
Often applications retain security permissions for accounts that no longer exist.

2202
01:26:56,680 --> 01:27:00,680
Zombie flows continue running against business critical data nobody is monitoring.

2203
01:27:00,680 --> 01:27:02,360
Each of these creates an attack surface.

2204
01:27:02,360 --> 01:27:05,200
Each expands the pathways an attacker can exploit.

2205
01:27:05,200 --> 01:27:07,720
Each increases the likelihood of a breach.

2206
01:27:07,720 --> 01:27:10,520
Hidden operational costs are the third category.

2207
01:27:10,520 --> 01:27:13,600
Licensing surprises emerge when dataverse storage explodes.

2208
01:27:13,600 --> 01:27:15,680
Premium connector usage skyrockets.

2209
01:27:15,680 --> 01:27:18,320
Environment sprawl requires additional licensing tiers.

2210
01:27:18,320 --> 01:27:22,440
The organization suddenly discovers power platform is a top 5 SaaS cost.

2211
01:27:22,440 --> 01:27:25,960
But the organization cannot determine which applications justify the cost.

2212
01:27:25,960 --> 01:27:27,440
Cannot determine which are abandoned.

2213
01:27:27,440 --> 01:27:29,320
The cost is real but the value is invisible.

2214
01:27:29,320 --> 01:27:32,240
This is operational cost without operational insight.

2215
01:27:32,240 --> 01:27:34,040
Compliance issues are the fourth category.

2216
01:27:34,040 --> 01:27:37,160
Unmanaged data flows violate compliance requirements.

2217
01:27:37,160 --> 01:27:40,320
Missing audit trails prevent demonstrating regulatory compliance.

2218
01:27:40,320 --> 01:27:42,400
Often applications break compliance controls.

2219
01:27:42,400 --> 01:27:44,920
Shadowite in a power platform creates the same risks.

2220
01:27:44,920 --> 01:27:49,680
Shadowit in unapproved SaaS tools creates regulatory bodies do not distinguish between governance

2221
01:27:49,680 --> 01:27:52,760
failure in power platform and governance failure in other systems.

2222
01:27:52,760 --> 01:27:54,600
A compliance breach is a compliance breach.

2223
01:27:54,600 --> 01:27:56,480
A data exposure is a data exposure.

2224
01:27:56,480 --> 01:27:58,480
The quantified risk is stark.

2225
01:27:58,480 --> 01:28:02,760
Organizations without formal power platform governance face 3 to 4 times higher rates of security

2226
01:28:02,760 --> 01:28:08,600
violations and compliance breaches not statistically higher, not marginally higher, 3 to 4 times.

2227
01:28:08,600 --> 01:28:09,760
This is not a minor risk.

2228
01:28:09,760 --> 01:28:11,760
This is a material risk to the organization.

2229
01:28:11,760 --> 01:28:13,880
The business case for governance is straightforward.

2230
01:28:13,880 --> 01:28:17,240
The organization can invest in architecture and governance now.

2231
01:28:17,240 --> 01:28:20,240
The organization can implement environment segmentation.

2232
01:28:20,240 --> 01:28:22,120
The organization can enforce ALM pipelines.

2233
01:28:22,120 --> 01:28:26,000
The organization can establish a center of excellence with genuine authority.

2234
01:28:26,000 --> 01:28:30,920
This investment prevents exponentially larger costs in remediation and technical debt later.

2235
01:28:30,920 --> 01:28:32,920
Or the organization can defer governance.

2236
01:28:32,920 --> 01:28:36,160
The organization can continue enabling power platform without discipline.

2237
01:28:36,160 --> 01:28:40,240
The organization can continue accumulating sprawl debt and compliance exposure.

2238
01:28:40,240 --> 01:28:43,520
The organization can continue until crisis forces remediation.

2239
01:28:43,520 --> 01:28:46,000
At that point the cost is orders of magnitude higher.

2240
01:28:46,000 --> 01:28:48,320
The remediation is organizational disruption.

2241
01:28:48,320 --> 01:28:51,040
The recovery is measured in years, not months.

2242
01:28:51,040 --> 01:28:53,440
Real pattern from enterprise audits.

2243
01:28:53,440 --> 01:28:57,720
The organization can address power platform governance, proactively report better security outcomes,

2244
01:28:57,720 --> 01:29:04,400
lower compliance violation rates and lower total cost of ownership than organizations that attempt retroactive remediation.

2245
01:29:04,400 --> 01:29:07,040
Not slightly better outcomes, significantly better.

2246
01:29:07,040 --> 01:29:10,360
The investment in governance early prevents the crisis later.

2247
01:29:10,360 --> 01:29:13,360
For the executive making decisions about power platform governance.

2248
01:29:13,360 --> 01:29:15,960
The question is not whether governance is worth the investment.

2249
01:29:15,960 --> 01:29:18,960
The question is whether the organization can afford not to invest.

2250
01:29:18,960 --> 01:29:22,800
Whether the organization can sustain the risk of operating a distributed development platform

2251
01:29:22,800 --> 01:29:24,080
without development discipline.

2252
01:29:24,080 --> 01:29:27,480
Whether the organization can accept the compliance and security exposure.

2253
01:29:27,480 --> 01:29:30,480
Whether the organization can absorb the escalating costs.

2254
01:29:30,480 --> 01:29:33,880
The answer across every enterprise that has assessed this is no.

2255
01:29:33,880 --> 01:29:36,440
The organization cannot afford not to invest in governance.

2256
01:29:36,440 --> 01:29:40,480
The organization cannot afford to operate power platform without architecture discipline.

2257
01:29:40,480 --> 01:29:43,000
The central thesis power platform is not the problem.

2258
01:29:43,000 --> 01:29:46,200
The problem is pretending it isn't a real development platform.

2259
01:29:46,200 --> 01:29:50,640
Organizations that treat it as a toy end up with low-code, debt, sprawl security exposure

2260
01:29:50,640 --> 01:29:52,760
and escalating costs.

2261
01:29:52,760 --> 01:29:56,080
The recommendations that treat it as a platform with architecture discipline,

2262
01:29:56,080 --> 01:29:59,120
governance enforcement and ownership accountability,

2263
01:29:59,120 --> 01:30:01,680
unlock real productivity and sustainable growth.

2264
01:30:01,680 --> 01:30:05,160
The choice is clear, invest in governance now or pay for sprawl later.

2265
01:30:05,160 --> 01:30:11,280
Subscribe to M365FM for more deep dives into Microsoft ecosystem architecture and strategy.

2266
01:30:11,280 --> 01:30:14,800
If this episode resonated, please leave a review on your podcast platform.

2267
01:30:14,800 --> 01:30:17,560
It helps us reach more IT leaders and architects.

2268
01:30:17,560 --> 01:30:19,640
Connect with me on LinkedIn and let me know.

2269
01:30:19,640 --> 01:30:23,120
Power platform governance challenges are you facing in your organization?

2270
01:30:23,120 --> 01:30:24,840
Your feedback shapes the next episodes.