Why Your Teams Apps Turn Into A Compliance Nightmare

1
00:00:00,000 --> 00:00:01,680
Stop building apps in Teams.

2
00:00:01,680 --> 00:00:03,540
You know it, I know it.

3
00:00:03,540 --> 00:00:06,000
Teams is becoming the SharePoint graveyard

4
00:00:06,000 --> 00:00:09,560
with better emojis, custom ACs feel quick

5
00:00:09,560 --> 00:00:12,440
while quietly building a compliance landfill.

6
00:00:12,440 --> 00:00:15,760
Today I'll show you why SPFX Adaptive Card extensions

7
00:00:15,760 --> 00:00:18,560
rot fast and how to stop the mess.

8
00:00:18,560 --> 00:00:20,400
You'll get a ruthless checklist,

9
00:00:20,400 --> 00:00:23,160
a reference architecture that doesn't implode,

10
00:00:23,160 --> 00:00:26,560
and a decision tree so you can say no without being the villain.

11
00:00:26,560 --> 00:00:28,160
Then we'll fix it with SharePoint,

12
00:00:28,160 --> 00:00:31,200
a Viva and Power Platform, proper ALM,

13
00:00:31,200 --> 00:00:34,920
real governance, fewer 2AM incidents.

14
00:00:34,920 --> 00:00:38,720
The ASE Trap, why quick apps rot fast.

15
00:00:38,720 --> 00:00:41,120
You know that simple ASE request,

16
00:00:41,120 --> 00:00:43,640
a rotating announcement card pulling from a list,

17
00:00:43,640 --> 00:00:46,240
no back end, no database.

18
00:00:46,240 --> 00:00:48,320
Just Jason, that's the trap.

19
00:00:48,320 --> 00:00:52,240
It ships fast, it demos great, then it ages like milk.

20
00:00:52,240 --> 00:00:53,640
Here's the pattern.

21
00:00:53,640 --> 00:00:58,120
Someone hard codes ASE behavior to a SharePoint list,

22
00:00:58,120 --> 00:01:00,760
because it's configurable.

23
00:01:00,760 --> 00:01:03,080
The schema and data live in list columns,

24
00:01:03,080 --> 00:01:06,240
it's flexible until the moment you need validation,

25
00:01:06,240 --> 00:01:10,120
versioning of card templates or an audit trail.

26
00:01:10,120 --> 00:01:13,000
Then your schema is a rumor and your data is cosplay.

27
00:01:13,000 --> 00:01:15,920
The thing most people miss is governance is a workload,

28
00:01:15,920 --> 00:01:16,800
not a feature.

29
00:01:16,800 --> 00:01:19,720
ASEs don't give you life cycle out of the box.

30
00:01:19,720 --> 00:01:22,600
Owners leave, cards keep surfacing.

31
00:01:22,600 --> 00:01:24,680
You end up with often solutions,

32
00:01:24,680 --> 00:01:27,080
front and center in Viva connections,

33
00:01:27,080 --> 00:01:28,920
powered by a list nobody owns,

34
00:01:28,920 --> 00:01:30,960
referencing a template nobody remembers.

35
00:01:30,960 --> 00:01:31,720
Can you hear me?

36
00:01:31,720 --> 00:01:34,880
That's the sound of your compliance officer opening a new ticket.

37
00:01:34,880 --> 00:01:36,040
Why this rot fast?

38
00:01:36,040 --> 00:01:36,840
Apps Brawl.

39
00:01:36,840 --> 00:01:39,840
ASEs are easy to deploy to the dashboard,

40
00:01:39,840 --> 00:01:43,720
so people do a lot, one per department, one per campaign.

41
00:01:43,720 --> 00:01:46,160
Then they multiply like shared Excel files.

42
00:01:46,160 --> 00:01:49,040
Your dashboard turns into a flea market.

43
00:01:49,040 --> 00:01:53,120
Orphaned owners, teams changes, contractors roll off,

44
00:01:53,120 --> 00:01:55,440
the original app catalog approvals leaves.

45
00:01:55,440 --> 00:01:58,720
No ownership register, no life cycle policy,

46
00:01:58,720 --> 00:02:00,280
no succession plan.

47
00:02:00,280 --> 00:02:02,160
The ASE doesn't die.

48
00:02:02,160 --> 00:02:04,440
It haunts data silos.

49
00:02:04,440 --> 00:02:08,120
Each ace points at its own list, its own schema,

50
00:02:08,120 --> 00:02:10,480
its own power automate.

51
00:02:10,480 --> 00:02:14,240
Suddenly the organization has five announcement systems

52
00:02:14,240 --> 00:02:17,600
and none agree on what today means.

53
00:02:17,600 --> 00:02:18,960
Compliance gaps.

54
00:02:18,960 --> 00:02:22,640
Content shows up in Teams mobile without sensitivity labels,

55
00:02:22,640 --> 00:02:26,600
retention logic or DLP context because the JSON payload

56
00:02:26,600 --> 00:02:28,800
isn't tied to data classification.

57
00:02:28,800 --> 00:02:32,000
Broadcast meets breach risk, broken life cycle,

58
00:02:32,000 --> 00:02:35,520
no archiving triggers, no sunset rules,

59
00:02:35,520 --> 00:02:37,440
no environment boundaries.

60
00:02:37,440 --> 00:02:41,440
Production becomes a museum of one's urgent cards.

61
00:02:41,440 --> 00:02:44,560
Now why does the quick approach fail even when it works?

62
00:02:44,560 --> 00:02:47,920
Because it assumes the surface area is tiny.

63
00:02:47,920 --> 00:02:50,080
But ASEs live in Teams and Viva,

64
00:02:50,080 --> 00:02:53,080
which means mobile endpoints, offline caches

65
00:02:53,080 --> 00:02:55,400
and users forwarding screenshots.

66
00:02:55,400 --> 00:02:57,120
You want it just a card.

67
00:02:57,120 --> 00:03:00,360
Aseesh Taissev, E. Kissel.

68
00:03:00,360 --> 00:03:02,760
You accidentally built a distribution channel.

69
00:03:02,760 --> 00:03:07,200
This clicked for me when clients, one ace, to rule announcements,

70
00:03:07,200 --> 00:03:09,400
morphed into six variants.

71
00:03:09,400 --> 00:03:11,640
Each with a slightly different schema

72
00:03:11,640 --> 00:03:14,560
jammed into a multi-line text column.

73
00:03:14,560 --> 00:03:16,880
One power automate tried to keep them fresh.

74
00:03:16,880 --> 00:03:20,320
It broke every time someone pasted JSON with smart quotes.

75
00:03:20,320 --> 00:03:22,960
Fast forward, marketing complaints that Tuesday's card

76
00:03:22,960 --> 00:03:24,640
shows last quarter's pricing.

77
00:03:24,640 --> 00:03:28,280
It gets pulled in, governance shows up late to the party

78
00:03:28,280 --> 00:03:32,240
and has to retrofit labels, ownership and change control.

79
00:03:32,240 --> 00:03:35,560
That quick win just became a slow bleed.

80
00:03:35,560 --> 00:03:37,840
Here's the shortcut nobody teaches.

81
00:03:37,840 --> 00:03:41,920
Treat an ace like a UI skin, not an application.

82
00:03:41,920 --> 00:03:45,680
If the data matters, govern the system of record, not the card.

83
00:03:45,680 --> 00:03:48,600
If the process matters, push it into a platform

84
00:03:48,600 --> 00:03:52,280
with environments, ALM and policy enforcement.

85
00:03:52,280 --> 00:03:55,600
The card should be the final mile, not the whole highway.

86
00:03:55,600 --> 00:03:58,560
Let me show you exactly how this spirals.

87
00:03:58,560 --> 00:04:02,680
A developer deploys the ace tenant wide from the app catalog.

88
00:04:02,680 --> 00:04:05,080
No scope draw-out plan, no owner of owners.

89
00:04:05,080 --> 00:04:06,240
Success!

90
00:04:06,240 --> 00:04:09,320
Site owners copy the list for flexibility.

91
00:04:09,320 --> 00:04:12,800
Now you've got three sources of truth and a scavenger hunt.

92
00:04:12,800 --> 00:04:15,400
Someone asks for submit in the quick view.

93
00:04:15,400 --> 00:04:18,040
Sorry, ace quick views are great for read.

94
00:04:18,040 --> 00:04:22,800
Rights mean APIs, a youth, CSRF and support you did not budget.

95
00:04:22,800 --> 00:04:25,040
Legal asks for retention.

96
00:04:25,040 --> 00:04:27,320
You discover the card payload isn't labeled

97
00:04:27,320 --> 00:04:30,560
and the list has no retention policy tied to content type.

98
00:04:30,560 --> 00:04:33,120
Oops, security requests and access review.

99
00:04:33,120 --> 00:04:35,800
You can't find the owner because there isn't one.

100
00:04:35,800 --> 00:04:37,520
Now here's where most people mess up.

101
00:04:37,520 --> 00:04:40,280
They try to fix it with more ACs.

102
00:04:40,280 --> 00:04:41,800
A governance notice ace.

103
00:04:41,800 --> 00:04:43,440
A tips ace.

104
00:04:43,440 --> 00:04:45,880
A catalog of aces ace.

105
00:04:45,880 --> 00:04:48,440
It's like installing more printers to fix a jam.

106
00:04:48,440 --> 00:04:52,200
If you remember nothing else, an ace is a distribution layer.

107
00:04:52,200 --> 00:04:56,400
Govn the source, the deployment and the life cycle outside the card.

108
00:04:56,400 --> 00:05:00,000
The reason this works is you move risk to places with controls.

109
00:05:00,000 --> 00:05:01,960
SharePoint with classification.

110
00:05:01,960 --> 00:05:04,480
Viva for curated experiences.

111
00:05:04,480 --> 00:05:07,680
Power platform for ALM and environments.

112
00:05:07,680 --> 00:05:11,320
Then keep the card dead, simple and disposable.

113
00:05:11,320 --> 00:05:13,320
Quick win you can do today.

114
00:05:13,320 --> 00:05:18,560
Every ace in your tenant, map each to its data source, owner and retention label.

115
00:05:18,560 --> 00:05:20,680
If any are missing two of those three,

116
00:05:20,680 --> 00:05:24,880
freeze new ace deployments until you fix ownership and policy.

117
00:05:24,880 --> 00:05:26,080
It's boring.

118
00:05:26,080 --> 00:05:27,760
It saves weekends.

119
00:05:27,760 --> 00:05:31,240
The five governance failures you'll see every time.

120
00:05:31,240 --> 00:05:33,680
Let's name the five ghosts that always show up.

121
00:05:33,680 --> 00:05:39,320
Apps Brawl, orphaned owners, data silos, compliance gaps and broken life cycle.

122
00:05:39,320 --> 00:05:41,320
You've met them, you tried to ignore them.

123
00:05:41,320 --> 00:05:42,920
They ate your roadmap.

124
00:05:42,920 --> 00:05:44,520
Apps Brawl first.

125
00:05:44,520 --> 00:05:47,080
Aces are tiny, like gremlins.

126
00:05:47,080 --> 00:05:50,240
And like gremlins, if you feed them after the demo, they multiply.

127
00:05:50,240 --> 00:05:52,120
Every department wants their card.

128
00:05:52,120 --> 00:05:57,480
HR wants announcements, facilities wants outages, marketing wants campaigns,

129
00:05:57,480 --> 00:05:59,680
finance wants quarter close reminders.

130
00:05:59,680 --> 00:06:00,640
None of that is evil.

131
00:06:00,640 --> 00:06:04,720
The mess happens when each card brings its own list, its own JSON schema,

132
00:06:04,720 --> 00:06:07,160
and its own power automate babysitter.

133
00:06:07,160 --> 00:06:10,720
Suddenly your Viva Connections dashboard looks like a yard sale.

134
00:06:10,720 --> 00:06:15,120
There's no portfolio of you, no capacity planning, no rollout schedule,

135
00:06:15,120 --> 00:06:17,120
just tiles and hope.

136
00:06:17,120 --> 00:06:18,960
The fix is boring and effective.

137
00:06:18,960 --> 00:06:25,120
Central intake, catalog every ace, require a data source registration and a business owner.

138
00:06:25,120 --> 00:06:29,720
Publish a dashboard placement calendar like you would a home page hero slot

139
00:06:29,720 --> 00:06:32,520
and cap the number of concurrent cards.

140
00:06:32,520 --> 00:06:39,000
Scarsity forces prioritization, prioritization kills sprawl, now orphaned owners.

141
00:06:39,000 --> 00:06:42,960
Corporate musical chairs means someone's leaving every quarter.

142
00:06:42,960 --> 00:06:47,360
Meanwhile your ace is cling to life like ancient workflow emails.

143
00:06:47,360 --> 00:06:49,720
The person who uploaded the package, gone.

144
00:06:49,720 --> 00:06:51,240
The SharePoint list owner?

145
00:06:51,240 --> 00:06:52,240
Left the org.

146
00:06:52,240 --> 00:06:53,520
The dashboard admin?

147
00:06:53,520 --> 00:06:54,600
Transferred.

148
00:06:54,600 --> 00:06:58,360
Ownership drift is how simple UI turns into operational risk.

149
00:06:58,360 --> 00:06:59,560
You don't need heroics.

150
00:06:59,560 --> 00:07:01,280
You need an owner of owners.

151
00:07:01,280 --> 00:07:07,800
Create a solution record per ace in your catalog with business owner, technical owner, platform

152
00:07:07,800 --> 00:07:10,240
steward, require two owners minimum.

153
00:07:10,240 --> 00:07:12,560
Back it with a quarterly access review.

154
00:07:12,560 --> 00:07:18,880
If an owner loses mailbox access or leaves the Entra ID tenant, the app's active status

155
00:07:18,880 --> 00:07:24,640
auto flips to degraded and placement is yanked until a successor is assigned.

156
00:07:24,640 --> 00:07:27,360
It's not punishment, it's uptime protection.

157
00:07:27,360 --> 00:07:29,200
Data silos next.

158
00:07:29,200 --> 00:07:36,080
When each ace hard codes its own configurable schema, you aren't flexible, you're fragmented.

159
00:07:36,080 --> 00:07:42,620
The restaurant menu card uses items, the news card uses entries, the event card uses sessions,

160
00:07:42,620 --> 00:07:45,160
and none of them agree on date formats.

161
00:07:45,160 --> 00:07:46,760
Then someone asks for analytics.

162
00:07:46,760 --> 00:07:50,520
You can't roll anything up because your schema is performance art.

163
00:07:50,520 --> 00:07:53,200
The way out is a reference data contract.

164
00:07:53,200 --> 00:07:56,920
Define canonical content types for announcement, event alert.

165
00:07:56,920 --> 00:08:00,560
Store the content in a govern site or a dataverse table.

166
00:08:00,560 --> 00:08:03,440
The ACE only reads from those bounded sources.

167
00:08:03,440 --> 00:08:04,440
New card idea?

168
00:08:04,440 --> 00:08:07,080
It maps to a known contract or it doesn't ship.

169
00:08:07,080 --> 00:08:08,920
And yes, add schema versioning.

170
00:08:08,920 --> 00:08:14,200
A single template version field saves you from the smart quotes apocalypse.

171
00:08:14,200 --> 00:08:15,200
Compliance gaps.

172
00:08:15,200 --> 00:08:18,480
Aces look harmless because they just show Jason.

173
00:08:18,480 --> 00:08:21,840
That's like saying a megaphone just amplifies air.

174
00:08:21,840 --> 00:08:27,560
If the underlying content lacks sensitivity labels, retention or DLP, you've built a broadcast

175
00:08:27,560 --> 00:08:29,560
channel for unlabeled data.

176
00:08:29,560 --> 00:08:31,520
Mobile notifications make it worse.

177
00:08:31,520 --> 00:08:33,560
People screenshot everything.

178
00:08:33,560 --> 00:08:35,760
Mitigation is policy not vibes.

179
00:08:35,760 --> 00:08:38,600
Tie ace placement to data classification.

180
00:08:38,600 --> 00:08:40,800
No label, no surface.

181
00:08:40,800 --> 00:08:45,240
Use Microsoft purview retention labels on the source list or dataverse table.

182
00:08:45,240 --> 00:08:50,600
Block tenant-wide deployment until the package passes a deployment checklist.

183
00:08:50,600 --> 00:08:56,520
A location documented label required retention policy linked external sharing scoped.

184
00:08:56,520 --> 00:09:02,560
If the content is external API data, document the processor, data flow and cache rules.

185
00:09:02,560 --> 00:09:05,080
We pull it live is not a compliance plan.

186
00:09:05,080 --> 00:09:06,400
Broken life cycle.

187
00:09:06,400 --> 00:09:08,080
This is the graveyard part.

188
00:09:08,080 --> 00:09:10,480
Without life cycle, content never dies.

189
00:09:10,480 --> 00:09:12,160
It just lingers.

190
00:09:12,160 --> 00:09:16,840
That critical outage card from two winters ago still rotates in the queue because nobody

191
00:09:16,840 --> 00:09:18,000
set an end date.

192
00:09:18,000 --> 00:09:25,720
The list used start and end but the power automate failed on daylight savings and nobody noticed.

193
00:09:25,720 --> 00:09:27,760
Solve it with three rails.

194
00:09:27,760 --> 00:09:33,040
Content life cycle, app life cycle and placement life cycle.

195
00:09:33,040 --> 00:09:34,480
Content life cycle.

196
00:09:34,480 --> 00:09:36,600
Start an end date required.

197
00:09:36,600 --> 00:09:42,280
Retention label applied and a nightly job archives expired items to a read only library.

198
00:09:42,280 --> 00:09:43,720
App life cycle.

199
00:09:43,720 --> 00:09:50,160
Reace has a sunset date by default, reviewed at QBR, renewed or removed.

200
00:09:50,160 --> 00:09:51,640
Placement life cycle.

201
00:09:51,640 --> 00:09:53,840
Dashboard slots expire.

202
00:09:53,840 --> 00:09:58,120
Owners must re-assert or the slot freeze for other content.

203
00:09:58,120 --> 00:09:59,920
Automation enforces all three.

204
00:09:59,920 --> 00:10:02,280
Manual enforcement is how you get museums.

205
00:10:02,280 --> 00:10:05,520
Now how these five stack into one disaster.

206
00:10:05,520 --> 00:10:08,680
Sproul means 10 cards compete for attention.

207
00:10:08,680 --> 00:10:11,680
Often ownership means nobody answers the page.

208
00:10:11,680 --> 00:10:15,080
Silos mean you can't fix one without breaking three.

209
00:10:15,080 --> 00:10:20,760
Compliance gaps mean leadership gets a screenshot of unlabeled HR data on a phone.

210
00:10:20,760 --> 00:10:24,480
And broken life cycle means it keeps happening because nothing ever exits.

211
00:10:24,480 --> 00:10:28,640
Then your exec asks, why is teams full of stale stuff?

212
00:10:28,640 --> 00:10:33,880
And you with a straight face say, because we build five apps instead of one platform.

213
00:10:33,880 --> 00:10:37,360
The thing most people miss is the unit of governance.

214
00:10:37,360 --> 00:10:43,240
For governing the distribution layer, while letting the systems of record run feral, flip

215
00:10:43,240 --> 00:10:49,320
it, standardize the data layer, centralize ownership, restrict surfaces and automate life

216
00:10:49,320 --> 00:10:50,440
cycle.

217
00:10:50,440 --> 00:10:56,200
The ace becomes a view on a governed pipeline, not a bespoke snowflake demanding constant

218
00:10:56,200 --> 00:10:57,720
care.

219
00:10:57,720 --> 00:11:01,840
Quick checks you can run tomorrow, count aces per dashboard.

220
00:11:01,840 --> 00:11:04,360
If it's over five, you're in sprawl.

221
00:11:04,360 --> 00:11:06,000
Pull an ownership export.

222
00:11:06,000 --> 00:11:09,160
If fewer than two owners per ace, you're in drift.

223
00:11:09,160 --> 00:11:11,360
Sample three ace schemas.

224
00:11:11,360 --> 00:11:16,720
If they don't share an ID, a timestamp and a label, you're in silo land.

225
00:11:16,720 --> 00:11:22,080
Scan for labels if cards display unlabeled content, pause deployments.

226
00:11:22,080 --> 00:11:24,080
Review expiration.

227
00:11:24,080 --> 00:11:30,600
If half your content has no end date, turn off auto rotate until life cycle is enforced.

228
00:11:30,600 --> 00:11:31,920
Fix these five.

229
00:11:31,920 --> 00:11:34,200
And the rest actually gets easier.

230
00:11:34,200 --> 00:11:36,520
Think nor them and congrats.

231
00:11:36,520 --> 00:11:43,280
You've rebuilt SharePoint 2013, but this time it's in everyone's pocket.

232
00:11:43,280 --> 00:11:45,840
The reference architecture that doesn't rot.

233
00:11:45,840 --> 00:11:47,160
Here's the fix.

234
00:11:47,160 --> 00:11:49,960
Treat the ace like a thin shell over governed platforms.

235
00:11:49,960 --> 00:11:50,960
Uiskin on top.

236
00:11:50,960 --> 00:11:52,600
Zero business logic in the card.

237
00:11:52,600 --> 00:11:55,600
All risk and rules live beneath it.

238
00:11:55,600 --> 00:11:58,400
Layer one, identity and environments.

239
00:11:58,400 --> 00:12:03,560
Start with Entra ID groups that mirror responsibility.

240
00:12:03,560 --> 00:12:08,800
This owner, tech owner, platform stewards, then split environments.

241
00:12:08,800 --> 00:12:10,320
Dev test, prod.

242
00:12:10,320 --> 00:12:16,880
If you're using dataverse grade, if not use three SharePoint sites, content dev, content

243
00:12:16,880 --> 00:12:19,480
test, content prod.

244
00:12:19,480 --> 00:12:26,240
Provision with site designs that auto apply sensitivity labels, default retention, versioning

245
00:12:26,240 --> 00:12:28,560
and blocked external sharing.

246
00:12:28,560 --> 00:12:30,040
No personal ownership.

247
00:12:30,040 --> 00:12:32,280
All lists and tables owned by groups.

248
00:12:32,280 --> 00:12:35,000
Layer two, contracts, not vibes.

249
00:12:35,000 --> 00:12:37,480
Define canonical content contracts.

250
00:12:37,480 --> 00:12:39,560
Announcement, alert, event.

251
00:12:39,560 --> 00:12:46,120
Each has an ID, title, summary, body, start, end, label, template, version, source system,

252
00:12:46,120 --> 00:12:47,640
and last modified by.

253
00:12:47,640 --> 00:12:49,960
Put them in dataverse tables if you can.

254
00:12:49,960 --> 00:12:54,120
Otherwise SharePoint with content types that enforce required fields.

255
00:12:54,120 --> 00:12:57,600
Add Jason Schema versions for anything the ace renders.

256
00:12:57,600 --> 00:13:00,680
Your card maps to contract V1 or V2.

257
00:13:00,680 --> 00:13:03,960
It doesn't invent V1.5 on a Tuesday.

258
00:13:03,960 --> 00:13:08,880
Layer three, data pipelines, content flows into the contract tables through controlled

259
00:13:08,880 --> 00:13:10,080
ingestion.

260
00:13:10,080 --> 00:13:13,040
Use power automate or Azure functions.

261
00:13:13,040 --> 00:13:18,480
Each flow writes to dev first, validate Schema, stamps the label and promotes to test and

262
00:13:18,480 --> 00:13:25,080
prod through solution exports if dataverse or controlled flow connections if SharePoint.

263
00:13:25,080 --> 00:13:26,800
No direct writes from the card.

264
00:13:26,800 --> 00:13:29,800
No, we'll just let Combs paste Jason.

265
00:13:29,800 --> 00:13:35,000
In logs every change, rollbacks are possible because versions are real.

266
00:13:35,000 --> 00:13:38,320
Layer four, policy guard rails.

267
00:13:38,320 --> 00:13:43,560
Microsoft purview enforces sensitivity and retention on the data layer, not the card.

268
00:13:43,560 --> 00:13:47,160
DLP rules block exfiltration from those sites and tables.

269
00:13:47,160 --> 00:13:50,080
If an item lacks a label, it can't reach prod.

270
00:13:50,080 --> 00:13:54,400
If a label conflicts with the surface, the card refuses to bind.

271
00:13:54,400 --> 00:13:58,400
The ace checks the label and template version before rendering.

272
00:13:58,400 --> 00:14:04,720
If they don't match allowed combinations, it displays a safe fallback or nothing.

273
00:14:04,720 --> 00:14:07,040
Layer five, deployment control.

274
00:14:07,040 --> 00:14:12,960
The spfx package lives in a repo with branch policies, automated builds and tenon scope

275
00:14:12,960 --> 00:14:15,480
deployment disabled by default.

276
00:14:15,480 --> 00:14:21,560
You publish to the tenon app catalog through CI, but you scope availability to specific dashboards

277
00:14:21,560 --> 00:14:23,800
via a placement registry.

278
00:14:23,800 --> 00:14:29,840
Note of it as an allo list, site ID, slot name, dates and the contract it's allowed to read.

279
00:14:29,840 --> 00:14:31,600
No placement record, no card.

280
00:14:31,600 --> 00:14:33,640
That registry lives with change control.

281
00:14:33,640 --> 00:14:36,520
Layer six, observability.

282
00:14:36,520 --> 00:14:38,440
Telemetry is not optional.

283
00:14:38,440 --> 00:14:45,920
The ace emits events, render success, contract mismatch, empty data set, blocked by policy,

284
00:14:45,920 --> 00:14:49,000
store that in application insights or lock analytics.

285
00:14:49,000 --> 00:14:55,320
Dashboards show which placements are failing, which contracts are hot and where labels are

286
00:14:55,320 --> 00:14:56,640
missing.

287
00:14:56,640 --> 00:14:58,880
Tile alerts to your platform Stuart Group.

288
00:14:58,880 --> 00:15:04,200
If render errors spike, pull the placement until data passes validation.

289
00:15:04,200 --> 00:15:07,120
Layer seven, life cycle automation.

290
00:15:07,120 --> 00:15:08,120
Content lifecycle.

291
00:15:08,120 --> 00:15:14,560
Nightly job archives, expired items to immutable storage and writes a summary card.

292
00:15:14,560 --> 00:15:18,120
State so users see, this announcement ended.

293
00:15:18,120 --> 00:15:21,520
Rye sheds bali, hee hee hee.

294
00:15:21,520 --> 00:15:22,920
App lifecycle.

295
00:15:22,920 --> 00:15:25,600
Every placement has an end date.

296
00:15:25,600 --> 00:15:30,720
Owners reassert quarterly during access review or the placement deactivates.

297
00:15:30,720 --> 00:15:31,720
Solution lifecycle.

298
00:15:31,720 --> 00:15:35,560
SPFX, major versions require re-approval.

299
00:15:35,560 --> 00:15:38,080
Minor versions can hot swap.

300
00:15:38,080 --> 00:15:43,840
Deprecated contracts display a banner and stop accepting new content after a grace window.

301
00:15:43,840 --> 00:15:46,600
What does the ace actually do in this world?

302
00:15:46,600 --> 00:15:51,480
Three things, one, query the contract endpoint for its placement, two, validate label and

303
00:15:51,480 --> 00:15:52,880
template version.

304
00:15:52,880 --> 00:15:55,560
Three, render the template with the data.

305
00:15:55,560 --> 00:15:59,240
That's it, no rights, no business rules, no secret power automate dance.

306
00:15:59,240 --> 00:16:00,960
It's a reader with opinions.

307
00:16:00,960 --> 00:16:03,720
Where do SharePoint and Viva fit?

308
00:16:03,720 --> 00:16:08,680
SharePoint hosts the governed content sites with content types, labels and retention.

309
00:16:08,680 --> 00:16:11,800
Viva connections is the curated surface.

310
00:16:11,800 --> 00:16:13,680
The dashboard is not a playground.

311
00:16:13,680 --> 00:16:16,520
It's a broadcast surface with a schedule.

312
00:16:16,520 --> 00:16:20,760
You run a placement calendar the same way you'd manage a home page hero.

313
00:16:20,760 --> 00:16:23,960
If a department wants a slot they bring a contract and an owner.

314
00:16:23,960 --> 00:16:25,760
Where does Power Platform fit?

315
00:16:25,760 --> 00:16:30,000
Use data verse for canonical data and manage solutions for ALM.

316
00:16:30,000 --> 00:16:32,760
Flows handle ingestion, enrichment and promotion.

317
00:16:32,760 --> 00:16:37,240
Power apps handle authoring if you need friendly forms.

318
00:16:37,240 --> 00:16:42,840
Each is bound to environments with DLP policies so connectors can't sneak data to the wrong

319
00:16:42,840 --> 00:16:44,160
place.

320
00:16:44,160 --> 00:16:45,960
What about external feeds?

321
00:16:45,960 --> 00:16:49,800
Tap them in an Azure function that normalizes to your contract.

322
00:16:49,800 --> 00:16:53,480
Stamps provenance in source system and caches to govern storage.

323
00:16:53,480 --> 00:16:56,520
The AC never calls third party APIs directly.

324
00:16:56,520 --> 00:16:59,800
The function owns secrets, retries and rate limits.

325
00:16:59,800 --> 00:17:02,960
Per view policy still apply because the cache is yours.

326
00:17:02,960 --> 00:17:06,840
This architecture scales because each layer owns one problem.

327
00:17:06,840 --> 00:17:11,120
Data is governed, policies enforced, UI is disposable.

328
00:17:11,120 --> 00:17:15,920
And when someone leaves, the group still owns it, the slot expires and your dashboard does

329
00:17:15,920 --> 00:17:18,040
not turn into a museum.

330
00:17:18,040 --> 00:17:22,240
The decision tree, block or allow that teams app.

331
00:17:22,240 --> 00:17:27,680
Here's the decision tree I use so you don't end up approving a tiny card that grows teeth.

332
00:17:27,680 --> 00:17:30,080
Question one, what's the data contract?

333
00:17:30,080 --> 00:17:37,880
If the app can't point to an existing governed contract, announcement, alert, event, or

334
00:17:37,880 --> 00:17:43,960
data verse table with required fields, labels and versioning it's a block, no contract,

335
00:17:43,960 --> 00:17:44,880
no card.

336
00:17:44,880 --> 00:17:49,800
If they say it's just Jason translation, we have no schema discipline.

337
00:17:49,800 --> 00:17:51,920
Block and root them to the contract catalog.

338
00:17:51,920 --> 00:17:56,680
If there is a contract question two, where does the content live today?

339
00:17:56,680 --> 00:18:01,480
If the answer is a team site list will create, that's a provisional block.

340
00:18:01,480 --> 00:18:06,120
Content must live in a governed site or data verse with sensitivity labels and retention

341
00:18:06,120 --> 00:18:07,840
turned on.

342
00:18:07,840 --> 00:18:11,440
If they can migrate or point to the governed store, proceed.

343
00:18:11,440 --> 00:18:13,920
If not block until the source is compliant.

344
00:18:13,920 --> 00:18:15,520
Question three, who owns it?

345
00:18:15,520 --> 00:18:19,560
You need named business and technical owners plus a platform steward group.

346
00:18:19,560 --> 00:18:21,240
Single owner requests get a yellow card.

347
00:18:21,240 --> 00:18:24,600
If they can't produce two owners with mailboxes in your tenant, it's a block.

348
00:18:24,600 --> 00:18:26,360
No owner, no surface.

349
00:18:26,360 --> 00:18:28,640
Question four, what's the right story?

350
00:18:28,640 --> 00:18:33,120
If the ace needs to collect data in quick view, that's a stealth app.

351
00:18:33,120 --> 00:18:34,120
Reads only?

352
00:18:34,120 --> 00:18:35,120
Good.

353
00:18:35,120 --> 00:18:36,120
Rights?

354
00:18:36,120 --> 00:18:40,400
It needs API design, AUTH, CSRF protection and support.

355
00:18:40,400 --> 00:18:46,280
Either move the right path to a power app or web app with proper ALM or block until a

356
00:18:46,280 --> 00:18:49,280
real app is scoped.

357
00:18:49,280 --> 00:18:51,560
Question five, what's the life cycle?

358
00:18:51,560 --> 00:18:56,000
If they can't give you start and end dates for content, a placement end date and a review

359
00:18:56,000 --> 00:18:57,960
cadence, block.

360
00:18:57,960 --> 00:19:03,400
Will keep it fresh is not a life cycle, require auto-expiring quarterly renewal.

361
00:19:03,400 --> 00:19:05,640
Question six, what's the deployment scope?

362
00:19:05,640 --> 00:19:09,000
If they ask for tenant-wide with no placement plan, block?

363
00:19:09,000 --> 00:19:13,040
Questions get scoped to define dashboards and slots via an allow list.

364
00:19:13,040 --> 00:19:15,520
No placement record, no deploy.

365
00:19:15,520 --> 00:19:21,000
Tenant-wide is earned after two stable releases, telemetry in place and an incident-free

366
00:19:21,000 --> 00:19:22,000
quarter.

367
00:19:22,000 --> 00:19:24,400
Question seven, what's the compliance posture?

368
00:19:24,400 --> 00:19:28,840
The content sensitivity label must be compatible with team surfaces.

369
00:19:28,840 --> 00:19:33,080
If HR wants highly confidential in a public dashboard, that's a no.

370
00:19:33,080 --> 00:19:35,640
Per view, DLP must cover the data source.

371
00:19:35,640 --> 00:19:40,440
After data, you need the data flow documented, the processor identified and a cache under

372
00:19:40,440 --> 00:19:41,440
your control.

373
00:19:41,440 --> 00:19:43,200
If any of that is missing, block.

374
00:19:43,200 --> 00:19:45,120
Question eight, what's the rollback plan?

375
00:19:45,120 --> 00:19:51,080
If the app can't fail safe, I'd render nothing on invalid label or contract mismatch.

376
00:19:51,080 --> 00:19:53,920
And the team doesn't have a versioned package ready, block.

377
00:19:53,920 --> 00:19:56,600
You're not deploying a trampoline without a net.

378
00:19:56,600 --> 00:19:59,640
Now the allow path, because sometimes the answer is yes.

379
00:19:59,640 --> 00:20:07,000
You allow when the app uses a standard contract, reads from govern storage, has two owners,

380
00:20:07,000 --> 00:20:14,200
is read only, has life cycle dates, is scoped by placement, passes label, DLP checks and

381
00:20:14,200 --> 00:20:15,680
has a rollback.

382
00:20:15,680 --> 00:20:22,640
Plus, CICD to the app catalog, no manual zip uploads and telemetry wired to your steward

383
00:20:22,640 --> 00:20:23,640
group.

384
00:20:23,640 --> 00:20:29,760
If all green ship it to dev, then test then a limited prod placement with a 30 day probation.

385
00:20:29,760 --> 00:20:34,560
Any render or policy violations over threshold auto pause, the placement.

386
00:20:34,560 --> 00:20:36,160
There's one more fork.

387
00:20:36,160 --> 00:20:42,040
Could this be a SharePoint hero slot, a Viva news card, or a power app tab instead?

388
00:20:42,040 --> 00:20:46,040
If a native surface exists that meets the need, default to that.

389
00:20:46,040 --> 00:20:51,760
Custom ACs are for format specialization, not for replacing first party features.

390
00:20:51,760 --> 00:20:58,800
If they insist, they must justify the delta, accessibility, performance, localization,

391
00:20:58,800 --> 00:21:01,320
analytics against native.

392
00:21:01,320 --> 00:21:04,160
Last check portfolio impact.

393
00:21:04,160 --> 00:21:09,920
If the new app duplicates an existing contract or competes for a critical slot during a busy

394
00:21:09,920 --> 00:21:11,640
window it waits.

395
00:21:11,640 --> 00:21:14,400
Scarsity is policy.

396
00:21:14,400 --> 00:21:19,040
Priority belongs to the highest impact governed content with owners who show up.

397
00:21:19,040 --> 00:21:23,000
You want less graveyard, not a bigger cemetery.

398
00:21:23,000 --> 00:21:25,560
The governance checklist you actually use.

399
00:21:25,560 --> 00:21:27,400
This isn't a 40 page policy.

400
00:21:27,400 --> 00:21:31,400
It's a clipboard you can run in 15 minutes and nobody argues with.

401
00:21:31,400 --> 00:21:32,560
Catalog and owners.

402
00:21:32,560 --> 00:21:35,800
Is the ace in your solution catalog with a unique ID?

403
00:21:35,800 --> 00:21:38,520
Does it list two owners, business and technical?

404
00:21:38,520 --> 00:21:40,360
Are they current entra mailboxes?

405
00:21:40,360 --> 00:21:43,560
If no to any pause placement, contract check?

406
00:21:43,560 --> 00:21:46,240
Does the AC bind to a standard contract?

407
00:21:46,240 --> 00:21:47,240
Announcement?

408
00:21:47,240 --> 00:21:56,080
A word event with required fields, ID, title, summary, start, end, label, template version,

409
00:21:56,080 --> 00:21:57,480
source system.

410
00:21:57,480 --> 00:22:02,760
If they say custom Jason, route to contract onboarding, source of truth.

411
00:22:02,760 --> 00:22:07,440
Is the data stored in governed share point or dataverse with sensitivity labels and retention

412
00:22:07,440 --> 00:22:08,440
on?

413
00:22:08,440 --> 00:22:11,440
Not a random team site, if not migrate or block.

414
00:22:11,440 --> 00:22:12,440
Read only verification.

415
00:22:12,440 --> 00:22:13,960
Does the ace only read?

416
00:22:13,960 --> 00:22:19,480
If it writes, where is the API, AUTH, CSRF protection and support plan?

417
00:22:19,480 --> 00:22:23,320
If missing, move writes to power apps or web app.

418
00:22:23,320 --> 00:22:24,320
Placement scope.

419
00:22:24,320 --> 00:22:28,920
Is there a placement record with site ID, slot, dates and contract version?

420
00:22:28,920 --> 00:22:30,680
No record, no render.

421
00:22:30,680 --> 00:22:32,400
Tenant wide is not the default.

422
00:22:32,400 --> 00:22:33,400
It's an outcome.

423
00:22:33,400 --> 00:22:34,720
Life cycle.

424
00:22:34,720 --> 00:22:38,240
Content has start and dates, placement has an expiry.

425
00:22:38,240 --> 00:22:40,800
App has a sunset unless renewed at QBR.

426
00:22:40,800 --> 00:22:46,960
Writerly archive moves expired content to read only storage, all three documented, compliance,

427
00:22:46,960 --> 00:22:49,920
purview label required and compatible with teams.

428
00:22:49,920 --> 00:22:52,520
DLP policy applied to the data store.

429
00:22:52,520 --> 00:22:55,240
External data has processor, flow diagram and governed cache.

430
00:22:55,240 --> 00:22:58,400
If any of that's guess work, you're not compliant.

431
00:22:58,400 --> 00:22:59,400
Telemetry.

432
00:22:59,400 --> 00:23:01,240
Application insights wired.

433
00:23:01,240 --> 00:23:02,240
Events.

434
00:23:02,240 --> 00:23:03,240
Render success.

435
00:23:03,240 --> 00:23:04,240
Fail.

436
00:23:04,240 --> 00:23:05,240
Empty data set.

437
00:23:05,240 --> 00:23:06,240
Contract mismatch.

438
00:23:06,240 --> 00:23:07,240
Blocked by policy.

439
00:23:07,240 --> 00:23:09,480
Alerts go to platform stewards.

440
00:23:09,480 --> 00:23:11,360
No telemetry, no production.

441
00:23:11,360 --> 00:23:19,040
CI, CD, repo, branch policies, automated build, app catalog deploy via pipeline.

442
00:23:19,040 --> 00:23:22,720
No manual zip uploads from a laptop named Steve.

443
00:23:22,720 --> 00:23:24,800
Scope deployment by allo list.

444
00:23:24,800 --> 00:23:27,640
Accessibility and localization.

445
00:23:27,640 --> 00:23:33,120
Does the card meet contrast, keyboard nav and localization strings?

446
00:23:33,120 --> 00:23:39,840
If this replaces a native card, justify the delta with measurable criteria.

447
00:23:39,840 --> 00:23:40,840
Rollback.

448
00:23:40,840 --> 00:23:44,800
Can the ace fail save to no content on label or contract mismatch?

449
00:23:44,800 --> 00:23:46,480
Is the prior version available?

450
00:23:46,480 --> 00:23:50,360
If not, you're one typo from a banner incident.

451
00:23:50,360 --> 00:23:51,680
Portfolio fit.

452
00:23:51,680 --> 00:23:55,480
Does it duplicate an existing contract or collide with a busy window?

453
00:23:55,480 --> 00:23:58,920
If yes, it waits, scarcity is policy.

454
00:23:58,920 --> 00:24:04,280
On this checklist at three points, intake, pre-prod and quarterly review.

455
00:24:04,280 --> 00:24:09,200
If you fail two items at any stage, pause the placement, onus fix it or the slot goes back

456
00:24:09,200 --> 00:24:10,440
to the pool.

457
00:24:10,440 --> 00:24:12,880
And yes, track time to green.

458
00:24:12,880 --> 00:24:15,320
Slow teams don't get premium slots.

459
00:24:15,320 --> 00:24:17,240
The one rule that saves you.

460
00:24:17,240 --> 00:24:19,080
Treat the ace as a skin.

461
00:24:19,080 --> 00:24:20,680
Everything else lives under governance.

462
00:24:20,680 --> 00:24:23,200
If you hold that line, three good things happen.

463
00:24:23,200 --> 00:24:28,680
First risk moves to places with guardrails, labels, retention, DLP environments.

464
00:24:28,680 --> 00:24:33,760
Second, the card stays disposable, so failures degrade gracefully.

465
00:24:33,760 --> 00:24:37,720
Third, you can scale because you're adding views, not inventing new systems.

466
00:24:37,720 --> 00:24:39,040
You'll get pressure to bend it.

467
00:24:39,040 --> 00:24:41,840
We just need a tiny submit in quick view.

468
00:24:41,840 --> 00:24:43,160
That's a right path.

469
00:24:43,160 --> 00:24:46,600
Redirect to a power app with ALM and policies.

470
00:24:46,600 --> 00:24:48,240
We'll paste Jason into a list.

471
00:24:48,240 --> 00:24:49,880
It's faster.

472
00:24:49,880 --> 00:24:51,040
That's schema drift.

473
00:24:51,040 --> 00:24:53,680
Redirect to the contract and ingestion flow.

474
00:24:53,680 --> 00:24:55,440
Can we go tenant-wide now?

475
00:24:55,440 --> 00:25:00,000
Not until telemetry proves stability and owner's past two reviews.

476
00:25:00,000 --> 00:25:03,080
Use this short test before every approval.

477
00:25:03,080 --> 00:25:08,560
Does the data exist in a governed store under a standard contract with labels and retention?

478
00:25:08,560 --> 00:25:11,080
And does the ace only read and render?

479
00:25:11,080 --> 00:25:12,320
If yes, green.

480
00:25:12,320 --> 00:25:13,880
If no, it's not a card.

481
00:25:13,880 --> 00:25:14,880
It's a project.

482
00:25:14,880 --> 00:25:17,480
Road it to the platform with a real backlog.

483
00:25:17,480 --> 00:25:18,680
Hold this line.

484
00:25:18,680 --> 00:25:20,680
And the dashboard stays clean.

485
00:25:20,680 --> 00:25:22,280
Break it once and congrats.

486
00:25:22,280 --> 00:25:24,400
You're running a museum gift shop.

487
00:25:24,400 --> 00:25:28,720
If you remember nothing else, the ace is just the skin.

488
00:25:28,720 --> 00:25:33,200
Govern the data, the owners, the placement and the life cycle underneath.

489
00:25:33,200 --> 00:25:34,200
Want the full kit?

490
00:25:34,200 --> 00:25:39,600
Grab my governance checklist, reference architecture diagram, and the block or allow decision tree

491
00:25:39,600 --> 00:25:41,160
in the next video.

492
00:25:41,160 --> 00:25:44,400
Subscribe so you can say no with receipts and ship fewer incidents.