web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / How to secure and admi...
Power Apps
Unanswered

How to secure and adminster the default Environment for enterprise scale deployment

(1) ShareShare
ReportReport
Posted on by evmurdock 4

I'm am looking for experiences people have in securing, establishing data loss protection polices, and administering the default environment.  With thousands of users creating apps, how can one support a restrictive approach for protecting business data?

In reference to documentation at: https://docs.microsoft.com/en-us/power-platform/admin/database-security.    Using the "Minimum privileges to run app", I am able to restrict the creation of a model based app for specific environments. I would also like to restrict the ability for specific users to create canvas apps in the default environment. 

 

Categories:
Governance & administering
I have the same question (0)
  • Pstork1 Profile Picture
    Pstork1 69,427 Most Valuable Professional on at

    Users who have a valid PowerApps license, but are not assigned a Maker or Administrator role in an environment can still run apps that are shared with them.  But they are unable to see the Environment so they can't create or edit Apps in that environment. So if you want to keep specific users from creating Apps just remove all roles from them in the default or any other environment where you wish to restrict their ability to create PowerApps.  

  • v-yutliu-msft Profile Picture
    v-yutliu-msft Microsoft Employee on at

    Hi @emurdock ,

    Firstly, you could inactive different kinds of users with different licenses.

    Usually, the functions from simple to complex: Office365->P1->P2

    I recommend you inative common users with Office365, developers with P1, administrators with P2.

    Since only users with P2 could create environments, they could create environments accoding to your company's demand and then give different permission to other users. You could refer the link that you listed to see permission in datails.

    Here's a doc about guidance to those administrators responsible for planning, securing, deploying, and supporting applications built on the PowerApps platform for your reference:

    https://powerapps.microsoft.com/en-us/blog/powerapps-enterprise-deployment-whitepaper/

     

     

    Best regards,

    Community Support Team _ Phoebe Liu

     

     

     

  • evmurdock Profile Picture
    evmurdock 4 on at

    Thanks all.  I found the "Administering a PowerApps Enterprise Deployment" whitepaper helpful across many topics.  Page 10 of the whitepaper articulates my problem well: 

     

    The "default" environment has a few unique characteristics from other environments that you create. This environment can’t be disabled or deleted. All tenant users are added automatically to the maker role for the default environment and you can’t remove them from that role.  

     

    I have users (external 3rd parties) that require access to specific applications deployed in PowerApps Prod Environments.  These Prod environments are have CDS provisioned and the security model works very well.  

     

    I want to prevent these users from having the maker role in the default environment.

  • v-yutliu-msft Profile Picture
    v-yutliu-msft Microsoft Employee on at

    Hi @emurdock 

    The Environment Admin role can add or remove a user or group from either the Environment Admin or Environment Maker role. You could limit the permission of the users that you mentioned.

    Here's a doc for your reference:

    https://docs.microsoft.com/en-us/power-platform/admin/environments-overview

     

    Best regards,

    Community Support Team _ Phoebe Liu

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Vish WR Profile Picture

Vish WR 893

#2
Valantis Profile Picture

Valantis 571

#3
11manish Profile Picture

11manish 482

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans