The Microsoft Power Platform continues to drive unprecedented innovation through low-code tools and integrated AI. For businesses this rapid expansion or sprawl requires an equally powerful set of controls.  Thankfully Microsoft has added a number of newer governance features that we have summarised below.

3 key ways to improve Power Platform Governance

Managed Environments

Managed Environments remain the central pillar for modern governance, offering a strategic layer of control with minimal administrative effort. The latest updates further streamline this experience:

  • Simplified Environment Strategy: Admins now benefit from a more streamlined admin centre experience with a greater focus on security and Copilot adoption. This includes enhanced tenant-wide inventory views and tools to simplify environment creation and lifecycle management at scale, essential for large enterprises managing hundreds of individual workspaces.
  • Targeted Sharing Controls: Admins gain granular control over solution distribution. They can now limit how broadly canvas apps can be shared, excluding specific security groups or capping the total number of individuals with access. This prevents departmental pilot apps from accidentally becoming enterprise-wide production risks.
  • Power Platform Advisor: This integrated tool now provides proactive recommendations based on best practices, helping admins optimise their operational framework for security and compliance, moving governance from reactive policing to proactive guidance.

DLP and Isolation

Data Loss Prevention (DLP) policies are the security guardrails of the Power Platform, defining where data can and cannot flow. Recent enhancements make these policies more intelligent and precise:

  • Connector Action Control: Going beyond simply allowing or blocking a connector, admins can now configure connector action control. This allows them to specify exactly which actions (e.g., “Read” but not “Write” to a specific service) are permitted within a policy’s Business or Non-Business group. This provides fine-grained control that protects sensitive data without blocking necessary connections entirely.
  • DLP for Desktop Flows: Security has been extended to Power Automate for desktop (RPA). Administrators can now classify desktop flow modules and individual module actions as Business, Non-Business, or Blocked, ensuring automation that touches legacy systems is compliant with enterprise data policies.
  • Cross-Tenant Isolation: To combat sophisticated external attacks and prevent unintended data leakage, new features allow admins to configure cross-tenant isolation rules, ensuring that data flow to or from external Microsoft 365 tenants is explicitly allowed or disallowed.

AI Governance

The platform’s deep integration of Copilot and autonomous AI agents brings immense productivity but also new governance requirements. New features address this head-on:

  • Comprehensive Copilot Policies: IT administrators now have a suite of governance capabilities for all Copilot features across Power Platform and Dynamics 365. This includes defining policies that set Copilot access and behaviour to specifically address security and regulatory compliance requirements related to Generative AI.
  • Agent Observability and Auditing: With AI agents now capable of performing multi-step business logic, it is critical to know what they are doing. Enhanced auditing and monitoring provide data-driven insights to evaluate Copilot’s impact, return on investment (ROI), and, crucially, its compliance status within the organisation.

These new governance capabilities allow Bridgeall customers to confidently embrace the future of low-code and AI-powered automation. By enforcing guardrails, streamlining administration, and providing enhanced visibility, the Power Platform is equipped to scale while maintaining enterprise-grade security and compliance. As a Microsoft Power Platform Partner, we offer a range of services to help organisations, our Power Platform Quick start helps setup all the governance controls for you.