PL-900 — Session 2 — Administration & Governance

Power Platform Admin Center

The centralized portal for administrators to manage environments, settings, and resources across Power Apps, Power Automate, and Dynamics 365. Single unified interface for health, security, and performance oversight.

Actions

Recommendations to enhance security and reliability — e.g., optimizing app performance or securing data connections.

Manage

Organize environments and tenant settings across departments.

Monitor

Track operational health metrics to ensure apps and workflows run efficiently.

Security tools

Data loss prevention policies and role-based access controls for compliance and data protection.

Copilot (admin)

Educational resources, usage tracking, and governance controls for responsible AI adoption.

Deployment (ALM)

Manage pipelines, approve deployment requests, and troubleshoot issues at scale.

Licensing

Visibility into license consumption and alerts for environments requiring attention.

Power Apps Maker Portal — make.powerapps.com

The workspace for building, managing, and monitoring apps. Supports both technical and non-technical users. Central to working with Microsoft Dataverse tables.

Tables

Create, modify tables, define relationships, customize forms and views — all without code. Core of Dataverse modeling.

Flows

Automate processes via Power Automate flows built directly in the portal.

Solutions

Package and deploy complete, self-contained app solutions.

Websites

Build external-facing sites via Power Pages integration.

Agents

Create AI-powered chatbots via Copilot Studio.

Monitor

Track resource health. Catalog provides templates. Data flows handle transformations and imports.

Other Maker Portals

Portal	URL	Purpose
Power Automate	make.powerautomate.com	Build and manage automated workflows; reduce manual tasks
Power BI	app.powerbi.com	Create interactive dashboards and reports from multiple data sources
Power Pages	make.powerpages.com	Build secure modern business websites for employees and customers
Copilot Studio	copilotstudio.microsoft.com	Design intelligent conversational AI agents; embed in apps or websites

What is Microsoft Dataverse?

A cloud-based, low-code data service and app platform. Stores and manages data in structured tables with built-in business logic, security, and compliance. Cloud-native — cannot be hosted on-premises; requires an internet connection. Globally available but deployed geographically for data residency compliance.

Dataverse Architecture — What's in the Box?

Five key sections, each with a distinct role. Click to expand ↓

🔒 Security

Authentication · Authorization · RBAC · Auditing · Duplicate detection

Ensures data is protected, access is controlled, and compliance is maintained. Role-based access control (RBAC) governs who can do what with which records.

⚙️ Logic

Calculated/rollup fields · Business rules · Plugins · Workflows · Jobs

Automates business processes and enforces logic without writing extensive code. Business rules validate data entry; plugins trigger custom logic on record updates.

📋 Data

Modeling · Cataloging · Reporting · Common Data Model · Multi-language · Multi-currency

Ensures data is structured, discoverable, and globally usable. The Common Data Model (CDM) provides standardized schemas for business concepts like Account and Campaign.

🗄️ Storage

SQL (relational) · Blob Storage (files/images) · Cosmos DB (semi-structured) · Data Lake (analytics)

Layered storage optimizes performance and scalability for different data types. SQL handles relational records, Blob handles media, Cosmos DB handles logs, and Data Lake handles large-scale analytics.

🔗 Integration

Web hooks · ALM (Azure DevOps) · Connectors (GitHub, Azure Synapse)

Enables seamless data exchange and lifecycle management. Web hooks provide real-time notifications. Azure DevOps and GitHub support controlled deployments across the Microsoft ecosystem.

Table Types in Dataverse

Standard tables

Out-of-the-box entities (Account, Contact, User) aligned with the Common Data Model. Integrated into M365 and Dynamics 365. Always use these first before creating custom tables.

Custom tables

User-defined structures for unique business needs. Example: a logistics company creates a Shipment table to track deliveries and carrier details.

Activity tables

Specialized for tracking time-based interactions: emails, phone calls, appointments. Useful for service industries needing communication history.

Virtual tables

Integrate external data sources without duplicating data in Dataverse. Good for real-time access to external systems like ERP inventory data in a Power App.

Elastic tables

Optimized for high-volume scenarios (tens of millions of rows). Ideal for IoT sensor data or large-scale transaction logs.

Relationships in Dataverse

Type	Description	Example	Implementation
One-to-many (1:N)	One parent record links to many child records; each child links to only one parent	One Invoice → many Line Items	Primary key (parent) + Foreign key (child)
Many-to-many (N:N)	Records in both tables can associate with multiple records in the other	Contacts ↔ Events (a contact attends many events; each event has many contacts)	Intermediary/junction (bridge) table

Business Logic Methods

Method	Type	Best for	Example
Business Rules	No-code	Simple validations, setting column values, showing error messages	Auto-set order status to "completed" when all items are marked shipped
Power Fx	Low-code	Dynamic real-time logic, large datasets, offline functionality	Calculate discounts based on customer loyalty tier, updating totals live
Power Automate	Low/no-code	Automation across Dataverse and external systems; cloud, instant, and scheduled flows	Automatically email a customer when their support ticket is updated

Data Import Methods

Method	File types	Best for	Limitation
Data import wizard	CSV, TXT, XML, Excel, ZIP (multi-table)	Diverse sources, multiple tables in one import, column mapping	No advanced transformation; not ideal for very large imports
Import from Excel (model-driven app)	Excel template only	Users already in a model-driven app needing to populate a single table	Single file → single table only
Import via Power Apps maker portal	Excel/CSV (simple)	Quick flat-data imports (e.g., a product SKU list)	No support for choice values or relationships

Data Export Methods

Export to Excel

Up to 100,000 rows. Options: Static, Dynamic, or Dynamic Pivot Table. Ideal for analysis and real-time performance tracking.

Word & Excel templates

Generate structured, presentation-ready documents. Excel: specific columns; Word: data from one or multiple rows. Good for invoices and contracts.

Power Apps maker portal

Export all rows and columns from selected tables as CSV files packaged in a ZIP. Useful for bulk extraction or external system integration.

Power Automate

Automated, event-driven data exports using cloud flows.

Azure Synapse Link

Continuous data replication to Azure for large-scale analytics and real-time sync between operational and analytical systems.

What is a Dataverse Environment?

A structured container within your Microsoft Entra ID tenant (formerly Azure Active Directory) that stores apps, flows, data, and connectors in an isolated space. Each environment can have its own Dataverse database. Environments are tied to a geographic region — critical for data residency and compliance.

🏭 Production Live

Hosts live, business-critical apps. Requires at least 1 GB of Dataverse database capacity. Optimized for stability and long-term use.

⚙️ Default Auto-created

Automatically created for each Entra ID tenant. Accessible to all licensed users. Best for personal productivity or exploration — not for sensitive workloads.

🧪 Sandbox Non-production

Used for development, testing, and training. Safe to experiment without affecting production. Can be reset or copied.

⏱ Trial Expires 30 days

Temporary; expires after 30 days unless converted to production. Ideal for POC projects and evaluating new features.

👤 Developer

Created by users with the Power Apps Developer Plan. For individual use and personal experimentation only.

💬 Dataverse for Teams

Auto-created when apps are built or installed within a Microsoft Teams team. Best for lightweight, team-specific solutions.

Environment Best Practices — ALM Pattern

Dev environment

Build and iterate on new features. Unmanaged solutions only here.

Test environment

Validate features using representative data before going live.

Prod environment

Host live applications used by employees or customers. Deploy using managed solutions only.

Regional binding

Resources (Dataverse data, apps, flows, connectors) are bound to the environment's geographic region, reducing latency and supporting compliance.

Managed Environments — Premium Governance Features

Limit sharing

Restrict how broadly users can share Canvas apps — prevents sensitive apps from being shared across the entire org without oversight.

Weekly usage insights

Analytics delivered to admin mailboxes: top apps, inactive resources, most impactful makers.

Data policies

Define which connectors can share data — prevents accidental exposure to unsecured services.

Pipelines

Automate deployment workflows across dev → test → production environments.

Solution checker

Analyzes solutions for problematic patterns before deployment — enforces best practices.

Geo-binding

All items created in a managed environment (connections, gateways, flows) are bound to the environment's geographical location.

CRM Security Model — What it Controls

Record-level access

Defines what actions (read, write, delete, share) a user can perform on records based on identity and record ownership. Example: a sales rep sees only their own leads; a manager sees team-wide records.

UI & feature access

Controls which forms, dashboards, and business process workflows a user can access. Hides irrelevant UI elements to reduce clutter.

Feature controls

Governs actions like exporting to Excel, printing, and using the mobile app — prevents unauthorized data distribution.

Security Roles & RBAC

Security roles define what a user or team can do. Every user must be assigned at least one security role to access the system.

Privilege structure

Specific actions: read, write, delete
Access levels: user, business unit, organization
Granular control over data and features

Three ways to assign roles

Modify a default role before assigning
Copy a default role as a template
Create entirely new security roles

Data Loss Prevention (DLP) Policies

Controls how data flows between connectors. Distinguishes between trusted business connectors and third-party non-business connectors.

Category	Examples	Treatment
Business connectors	Dataverse, SharePoint, SQL Server	Trusted; approved for sensitive data
Non-business connectors	X (Twitter), Gmail, social media	Blocked from accessing sensitive data by DLP rules

Environment-level DLP

Applied to specific environments (dev, test, prod). Allows developer flexibility in sandbox while enforcing stricter controls in production.

Tenant-level DLP

Consistent protection across the entire organization — all environments must adhere to a baseline of data security.

Compliance & Data Security

Microsoft Trust Center

Central hub for transparency on security, privacy, and compliance. Provides compliance docs, data protection impact assessments, and GDPR support tools.

Service Trust portal

Service-specific compliance details complementing the Trust Center.

Encryption in transit

All data in transit between user devices and Microsoft data centers is secured using TLS 1.2 or higher.

Data location management

Organizations set a default geo at the tenant level and target specific geos for environments. Data is replicated within the same region — never moved outside the designated geo.

Application Lifecycle Management (ALM) — 5 Stages

Planning

Define business requirements, goals, and scope through stakeholder collaboration. Ensures the app aligns with strategic objectives.

Development

Build using Power Apps, Power Automate, and Dataverse. Collaborative practices, version control, and modular design improve scalability.

Testing

Validate in a controlled environment. Ensures functional and non-functional requirements are met. Reduces risk of defects reaching production.

Deployment

Move the app to production using solutions that package all components. Ensures consistency and reduces deployment errors.

Maintenance

Address bugs, incorporate user feedback, and adapt to evolving business needs. Ensures the app stays relevant over time.

Solutions — The ALM Container

Solutions are structured containers that manage and track customizations within Dataverse. Each environment (dev, test, prod) maintains its own solutions for isolated, controlled deployments.

What they contain

Entity metadata, forms, views, business rules, workflows, JavaScript plugins, compiled code — any app component.

Who uses them

Internal dev teams, Microsoft (for Dynamics 365), and ISVs (Independent Software Vendors) who distribute products using the same framework.

Managed solutions

Sealed packages for TEST and PRODUCTION environments. Versioned, locked from direct editing, governed through a controlled release. Supports rollback and upgrades. Use for all deployments beyond dev.

Unmanaged solutions

For DEVELOPMENT environments only. Allow full editing of components. Must never be the source of truth — always store in source control (Azure DevOps or GitHub).

Lab Walkthrough Summary — What Was Built

Lab 1 — Solution

Created "Event Management1" solution in Power Apps maker portal. Added standard Account and Contact tables from Dataverse. Set a custom publisher prefix (MSLearn1) for the solution schema.

Lab 2 — Data model

Used Copilot to generate Event table (with Event Name, Date, Location, Max Attendees, Details, Event Type choice, Registration Required choice). Created Event Session and Session Registration tables. Added relationships between all four tables using one-to-many (1:N) patterns.

Relationships built

Contact → Event Session (Speaker), Contact → Session Registration (Participant), Event → Event Session, Event Session → Session Registration.

Equipment table

Used Copilot to generate an Equipment Checkout table with fields: Equipment Name, Item Number, Due Date, Status, Equipment Type (choice: Electronics, Furniture, Accessories, Tools), Category.

Rollup field

Added "Total Registrations" as a rollup field on Event Session — counts records from Session Registration table using aggregation: COUNT.

Key Terms Flash Reference

Managed environment

Premium governance tier providing enhanced tools: limit sharing, usage insights, DLP, pipelines, solution checker.

Managed solution

Sealed deployment package for test/production. Versioned, locked, governed. Supports rollback.

Unmanaged solution

Development-only. Fully editable. Must be stored in source control — never used as a source of truth.

DLP policy

Data Loss Prevention — controls which connectors can share data together; separates business from non-business connectors.

RBAC

Role-Based Access Control — ensures users only interact with data and features relevant to their role.

Common Data Model (CDM)

Standardized, extensible collection of schemas defining business concepts (Account, Campaign) shared across Power Apps, Power BI, Dynamics 365, and Azure.

ALM

Application Lifecycle Management — the 5-stage process: Plan → Develop → Test → Deploy → Maintain.

Junction table

An intermediary table that implements many-to-many relationships in Dataverse (also called a bridge table).

Rollup field

A calculated field that aggregates data from related records. Example: counting session registrations on an event session record.

Click to reveal answers ↓

What is the difference between a managed and unmanaged solution?▼

Managed solutions are sealed packages intended for test and production environments. Components are versioned, locked from direct editing, and deployed through a controlled process — enabling rollback and upgrades. Unmanaged solutions are for development environments only, allow full editing, and must be stored in source control (Azure DevOps or GitHub). Never treat a dev environment as the source of truth.

What are the six environment types in Power Platform?▼

Production (live apps, requires 1 GB Dataverse capacity), Default (auto-created for each tenant, for personal/exploratory use), Sandbox (non-production for dev and testing), Trial (expires in 30 days, for POC), Developer (individual use with Developer Plan license), and Dataverse for Teams (auto-created when apps are built inside a Teams team).

What is a DLP policy and at what levels can it be applied?▼

A Data Loss Prevention policy controls how data flows between connectors — separating trusted "business" connectors (Dataverse, SharePoint, SQL Server) from "non-business" connectors (Gmail, Twitter/X). It can be applied at the environment level (for specific dev/test/prod environments) or at the tenant level (organization-wide, ensuring all environments meet a baseline of data security).

What are the five architectural sections of Dataverse?▼

Security (authentication, authorization, RBAC, auditing), Logic (business rules, calculated fields, plugins, workflows), Data (modeling, CDM, multi-language, multi-currency), Storage (SQL for relational data, Blob Storage for files, Cosmos DB for semi-structured data, Data Lake for analytics), and Integration (web hooks, ALM tools like Azure DevOps, connectors to GitHub and Azure Synapse).

When should you use Business Rules vs Power Fx vs Power Automate for logic?▼

Use Business Rules (no-code) for simple, table-level validations like setting a column value or showing an error message. Use Power Fx (low-code) for dynamic, real-time logic in apps — especially with large datasets or offline scenarios. Use Power Automate for automation that spans multiple systems or involves external services, such as sending emails, syncing data, or triggering approvals.

What are the five stages of ALM in Power Platform?▼

Planning (define requirements and goals with stakeholders), Development (build using Power Apps, Automate, and Dataverse), Testing (validate in a controlled environment before release), Deployment (move to production using packaged solutions), and Maintenance (address bugs, user feedback, and evolving business needs).

What are the three methods for importing data into Dataverse, and when should you use each?▼

The Data Import Wizard supports multiple file types (CSV, TXT, XML, Excel, ZIP) and is best for diverse sources or multi-table imports — though it lacks advanced transformation. Import from Excel in a model-driven app uses a template and is best for users already in a model-driven app who need to import into a single table. The Power Apps maker portal import is simplest — use it for quick flat-data imports, but it doesn't support choice values or relationships.

What is the Common Data Model (CDM) and why does it matter?▼

The CDM is a standardized, extensible collection of schemas (like Account, Contact, Campaign) that provides a shared data language across Power Apps, Power BI, Dynamics 365, and Azure. It ensures consistent data structure across systems — developers can build apps using familiar structures, and integrators can bring in data without redesigning schemas each time. It also supports extensibility so organizations can customize definitions while staying compatible with the broader Microsoft ecosystem.

Power Platform Administration & Governance