Project Oakdale - governance issues

(1) Share

Report

Posted on by sgsgt43

Hi,

2 issues as for today regarding Project Oakdale governance, hoping to get some light and advice

New environments are created automatically, so Power Platform Admin cannot control them on a daily basis - how can we setup DLP for such Microsoft Teams environments to prevent some connectors from use?
How to deal with 500 environments limit - as users in organization will find P.O. exciting to use they will not be happy, when eventually no new environment can be created

Categories:

Governance & administering

I have the same question (0)

All responses (3)

Answers (0)

CU01081947-0 716 on at

Like (0)

Report

Hello @sgsgt43,
I hope you're well.
Regarding question 1, I agree with you.
One way around this is in the "Scope" use "Add all environments" so whenever an environment gets created the policy will be applied. For us, this option is not what we want though...
We don't want to apply the policy to all environments as we want some environments to not adhere to the policy. Because of this, all our CDS Project Oakdale environments are not adhering to the policy when they get created.
I have a ticket open with Microsoft about this, as there should be a way to avoid this. Currently, we're applying the policy to the CDS Project Oakdale environments manually. We have the COE installed, so whenever a new environment is created a record is created in the COE and we have a Flow to alert us to manually add the CDS Project Oakdale environment into the policy.
It would be nice in the DLP Policy if we could also set the "Type" of environment to be added to the policy. In this case we'd choose "Teams" environments to be immediately added to the policy.

Regarding question 2, I'm not sure, sorry. We'll do some cleanup exercises throughout the years, so remove some of the old environments that were created as tests and never used, much like we do with apps and flows. But is there a technical way to increase this etc, I'm not sure. Sorry.

I'll reply back here when I hear from Microsoft about question 1.

Was this reply helpful? Yes No
Nicokirr 24 on at

Like (0)

Report

@GarryPope , you don't need to have an "apply to all env" DLP policy, but it's definitly a good practice to have a policy that will apply to any "unmanaged env" using the "apply to all env but xxxx".
This is important not only for Oakdale, but also for any env that gets created by users (trial, developpers, etc)

Regarding the 500 limit, you should currently see Okdale envs as "pre-CDS" envs, meaning that it's a transition zone for experimentations and small projects. Important ones should be migrated to CDS for multiple reasons that we can discuss. If this is a limitation in your organization, you should implement a process to accept oakdale en creation or not, for example by asking the user it's business justification when he creates the new oakdale env.
The next version of the CoE Starter Kit will include some items to help in this area.

Was this reply helpful? Yes No
toddkennedy 23 on at

Like (0)

Report

Oakdale seems like a gateway drug to getting a full CDS and license.
We disabled it until the governance improves.

Was this reply helpful? Yes No