web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Citizen Devs and prope...
Power Apps
Answered

Citizen Devs and proper Application Lifecyclemanagement

(0) ShareShare
ReportReport
Posted on by Lucas001 2,529 Super User 2026 Season 1
Hi everyone,
 
I was wondering wether somebody has other options or that approach would be best practice.
 
Current state:
- assumption is having multiple Citizen Developers with there own developer environment
- We have the default environment and some enterprise environements
- When a citizen developer wants to share the app with a group of users I would like to move it out of the developer env. 
 
Currently it's done in a way that he/she can export import the app and move it to the default env.
In some cases unmanaged solutions are used so the the cit dev can work on the app etc. inside the default env and does not need to use a managed approach.
If the app is going to be used by more than 20 people, another dedicated env is used but an admin imports the solution, leading to some issues with connections as it's now all imported with the admins user and its context.
 
Suggestion is to use a dedicated pipeline from each cit dev env to one of the others and make it managed. To get the latest version and also being able to update it later on, I still need the unmanaged solution somehow.
An approach would be to use a pipeline which also saves the unmanaged version in a dedicated place in case we would like to move the app from one cit dev to another. We could than continue working on the app and still deploy it managed to prod. 

Any opinions or best practices to handle these cases?
Thanks in advance
Categories:
Building Power Apps
I have the same question (0)
  • Verified answer
    AndyCutler Profile Picture
    AndyCutler 39 on at
     

    Great question — this is a scenario many organizations face as they scale citizen development.

    In my experience, the most sustainable approach is to support both citizen-led innovation and a formal application lifecycle once a solution matures. Here's the model we use successfully:

    Dedicated Citizen Developer Environment: We encourage citizen makers to learn, experiment, and build personal productivity apps in a separate Citizen Developer environment — not the Default environment.

    Once a maker demonstrates readiness and starts building solutions that impact a team or business process, we grant access to our DEV environment and treat them as a competent developer.

    Microsoft recommends establishing separate environments for personal productivity vs. ALM-governed work.

     

    https://learn.microsoft.com/en-us/power-platform/guidance/adoption/environment-strategy?utm_source=chatgpt.com
     

    DEV>TEST>PROD Pipeline: In our DEV environment, solutions remain unmanaged to allow flexibility and iterative development. When ready for broader use, we move solutions through a DEV>TEST>PROD pipeline as managed solutions.

    This ensures:

    • Proper version control
    • Deployment consistency
    • Governance and change discipline

    Managed solutions are the recommended deployment method for production.

    https://learn.microsoft.com/en-us/power-platform/alm/solution-concepts-alm?utm_source=chatgpt.com

    No Personal Ownership in Production: Promotion to TEST/PROD is done via a service account, not a user’s identity. This avoids issues when a maker leaves the organization or changes role.

    Microsoft notes that citizen-built apps often become business-critical and require centralized management.

     

    Avoid Using the Default Environment: We keep the Default environment strictly for personal productivity. Citizen-built solutions with business usage are not deployed there.

    Microsoft explicitly advises securing and restricting the Default environment.

    https://learn.microsoft.com/en-us/power-platform/guidance/adoption/secure-default-environment?utm_source=chatgpt.com

    This model helps us:

    • Let citizen devs innovate safely
    • Maintain control over shared/critical solutions
    • Avoid orphaned apps owned by individuals
    • Ensure smooth upgrades with managed ALM

    The last thing you want is a solution used by dozens of colleagues living in a Citizen environment under a user's account — and then that user leaves and everything breaks.

     
     
  • Lucas001 Profile Picture
    Lucas001 2,529 Super User 2026 Season 1 on at
     
    appreciate your answer, my thoughts are similar than.
    Just a question to your dev environment. 
    How do you maintain these solutions?
    Do you just share all apps and flows respectively so that somebody leaving can hand it over or is there a better approach?
     
     
  • AndyCutler Profile Picture
    AndyCutler 39 on at

    Short answer: we don’t rely on just sharing apps/flows and hoping people hand them over before they leave. We try to design things so that no single individual is a “single point of failure”.

    Here’s how we handle it in our DEV environment and downstream:

    1. Controlled access to DEV

    Access to our DEV environment is managed via a security group, so we always know who is developing there and can manage access centrally.

    This follows Microsoft’s general guidance to use multiple environments and control access as part of your ALM/environment strategy.

    2. Everything must be in a Solution (with naming convention)

    We have a simple rule: no “loose” apps or flows in DEV.

    Every asset (apps, flows, tables, etc.) has to live inside a Solution. We enforce a solution naming convention that tells us:

    • What the solution is for
    • Which business unit / group company it belongs to
    • Whether it’s internal, external, POC, etc.

    This means there are no stray apps/flows floating around that nobody can trace back to an owner or team.

    3. First deployment: manual sanity check, then pipelines

    When a new Solution is ready for the first time:

    We usually do a manual export/import from DEV>TEST>PROD for the initial release, just to validate:

    • Connections
    • Environment variables
    • Any dependencies

    Once that’s stable, we switch to Power Platform pipelines so that our more mature citizen devs can deploy updates themselves without an admin doing every import.

    This aligns with Microsoft’s ALM guidance around using multiple environments and automating deployments once your basic process is solid.

    4. “Non-human” account for promotion & ownership

    This is the key part that answers your question about people leaving.

    For DEV>TEST>PROD we do not deploy as my personal account (e.g. AndyCutler@mycompany.com).
    Instead, we use what I call a “non-human” account, for example: 12345678@mycompany.com

    Characteristics:

    • It’s a dedicated service account in Entra ID / M365
    • It’s aliased to me (and a backup person), so we handle login, MFA, etc.
    • It owns the solutions and connections in TEST/PROD, rather than an individual user
    • If I leave the company, and my personal account is disabled, all the PROD solutions keep working because the service account remains under IT control

    This is very much in line with Microsoft’s concept of system / application users and non-interactive accounts used for back-end or service scenarios.

    5. How we handle maintenance & handover in practice

    So, to your question:

    “Do you just share all apps and flows respectively so that somebody leaving can hand it over or is there a better approach?”

    Our approach is:

    In DEV:

    Multiple makers can be co-owners of apps/flows inside the same Solution.

    The Solution itself lives in a controlled, shared environment — not in a personal environment.


    In TEST/PROD:

    The service account is the owner of the Solution and key connections.

    Makers don’t need to be owners in PROD to maintain the app; they update in DEV, and the pipeline/service account pushes the managed Solution downstream.

    If a developer leaves:

    We reassign any remaining DEV-side assets (if needed) and/or remove them from the security group.

    No PROD outages, because nothing critical is owned by their personal account.

    So we’re not relying on “please share everything before you leave”; the ownership is already abstracted away from individual users.

    6. Why this works well

    Reduces risk of orphaned apps/flows when someone leaves

    Keeps PROD ownership under central IT / service account control

    Lets citizen devs still work fairly independently in DEV, but within a governed ALM model

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 505

#2
WarrenBelz Profile Picture

WarrenBelz 502 Most Valuable Professional

#3
Haque Profile Picture

Haque 324

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans