Set up core components

Note

Effective November 2020:

  • Common Data Service has been renamed to Microsoft Dataverse. Learn more
  • Some terminology in Microsoft Dataverse has been updated. For example, entity is now table and field is now column. Learn more

This article will be updated soon to reflect the latest terminology.

The Center of Excellence (CoE) core components solution provides components that you need to get started with setting up a CoE. They sync all your resources into tables and build admin apps on top of that to help you get more visibility into the apps, flows, and makers that exist in your environment. Additionally, apps like DLP Editor and Set App Permissions help with daily admin tasks.

The core components solution contains assets that are only relevant to admins.

Watch how to setup the core components solution.

Import the solution

The Core Components can be used in both Production environments and Dataverse for Teams environments. Where you install it will depend on your organization setup, your adoption of Microsoft Power Platform so far and what you want to achieve with the CoE Starter Kit. Before you decide, compare Dataverse vs Dataverse for Teams

Learn more: What is Dataverse for Teams

Option 1: Import the solution into a Production environment

This is the first step of the installation process and is required for every other component in the starter kit to work. You'll need to create an environment in which to set up the CoE. For more information about how to decide on the best strategy for your organization, go to Establishing an Environment Strategy for Microsoft Power Platform and Environment strategy for ALM.

  1. Download the CoE Starter Kit compressed file (aka.ms/CoeStarterKitDownload).

    Important

    Extract the zip file after downloading and before moving on to the next step. The CoE Starter Kit compressed file contains all solution components as well as non-solution aware components that make up the CoE Starter Kit.

  2. Create an environment in which to set up the CoE.

    1. Go to the Power Platform admin center.
    2. Select Environments > + New, and then enter a name, type, and purpose.
    3. Select Yes for creating the database, and then select Next.
    4. Leave Sample apps and data set to No
    5. Select Save.
  3. Go to your new environment.

    1. Go to make.powerapps.com.
    2. Go to the environment you just created, in which the CoE solution will be hosted. In the example in the following screenshot, we're importing to the environment named Contoso CoE.

    Power Apps maker portal environment selection.

  4. On the left pane, select Solutions.

  5. Select Import, and then Browse.

  6. Select the Center of Excellence core components solution from File Explorer (CenterOfExcellenceCoreComponents_x_x_x_xx_managed.zip).

  7. When the compressed (.zip) file has been loaded, select Next.

  8. Review the information, and then select Next.

  9. Establish connections to activate your solution. If you create a new connection, you must select Refresh. You won't lose your import progress.

    Establish connections to activate your solution.

    When you create the connection for HTTP with Azure AD enter the following into the Base Resource URL and Azure AD Resource URI (Application ID URI): https://graph.microsoft.com.

    Establish HTTP with Azure AD.

  10. Update environment variable values. The environment variables are used to store application and flow configuration data with data specific to your organization or environment. This means that you only have to set the value once per environment and it will be used in all necessary flows and apps in that environment. All the flows in the solution depend on all environment variables' being configured.

    Update environment variable values.

    Configure the following variables for the core components solution, and then select Save. (If you need to change the value of an environment variable after you import the solution, go to Update environment variables.)

    Name Description
    Admin eMail Admin eMailed with this solution, and copy the web link (to launch the app) and paste it into this variable. This environment variable is not used until you adopt the Developer Compliance Center.
    Also Delete from CoE Recommend Yes here to delete objects from the CoE inventory when they are deleted from the tenant. No will keep a record that an app or flow existed in the past
    Approval Admin The email address used in flows to send approvals to admins; this cannot be a distribution list.
    Community URL Link to your internal Microsoft Power Platform community (for example, Yammer or Teams).
    Developer Compliance Center URL Leave empty on Import and do the following to populated after set up of the Governance components.
    Navigate to the details page of the Developer Compliance Center (canvas app) included with this solution, and copy the web link (to launch the app) and paste it into this variable.
    Environment Request Admin App Url Link to the Admin - Power Platform Resouce RMS canvas app included in this solution. Leave empty on Import and fill it in once the app is installed.
    To do that, navigate to the details page of the Admin - Power Platform Resouce RMS (canvas app) included with this solution, and use the wek link (to launch the app).
    PowerApp Maker environment variable The maker URL used by PowerApps for your cloud, including trailing slash. Here are examples:
    For a US environment: https://make.powerapps.com/
    For a GCC environment: https://make.gov.powerapps.us/
    For a GCC High environment: https://make.high.powerapps.us/
    PowerApp Player environment variable The player URL used by PowerApps for your cloud, including trailing slash. Here are examples:
    For a US environment: https://apps.powerapps.com/
    For a GCC environment: https://apps.gov.powerapps.us/
    For a GCC High environment: https://apps.gov.powerapps.us/
    Power Automate environment variable The URL used by flow for your region. Here are examples:
    For a US environment: https://us.flow.microsoft.com/manage/environments/
    For a Canadian environment: https://canada.flow.microsoft.com/manage/environments/
    For an EMEA environment: https://emea.flow.microsoft.com/manage/environments/
    For a GCC environment: https://gov.flow.microsoft.us/manage/environments/
    For a GCC High environment: https://high.flow.microsoft.us/manage/environments
    If your region is not listed here, navigate to flow.microsoft.com and copy the URL the page directs to from the browser.
    Power Platform Maker Microsoft 365 Group The Admin | Welcome Email flow sends a welcome email to onboard new makers and adds them to a Microsoft 365 group. You can use this group to send communications to your makers or invite them to a Yammer or Teams group. Configure the group ID here.
    TenantID Your Azure Tenant ID.
  11. Select Import.

The import can take up to 10 minutes to be completed.

Option 2: Import the solution into a Dataverse for Teams environment

This is the first step of the installation process and is required for every other component in the starter kit to work.

Before you begin:

  1. Download the CoE Starter Kit compressed file (aka.ms/CoeStarterKitDownload).

    Important

    Extract the zip file after downloading and before moving on to the next step. The CoE Starter Kit compressed file contains all solution components as well as non-solution aware components that make up the CoE Starter Kit.

  2. Open to the Power Apps app in Teams, select Build, and select the Team you want to add the solution to.

  3. Select See All

    Open the Power Apps app in Teams to import a new solution.

  4. Select Import

  5. In the pop-up window, select Choose File.

  6. Select the Center Of Excellence Core Components for Teams solution: CenterOfExcellenceCoreComponentsTeams_x_x_x_xx_managed.zip.

  7. When the compressed (.zip) file has been loaded, select Next.

  8. Establish connections to the required connectors including:

    • Microsoft Dataverse
    • Microsoft Dataverse (current environment)
    • Power Apps for Admins
    • Power Apps for Makers
    • Power Platform for Admins
    • Power Automate for Admins
    • Power Automate Management
    • Office 365 Users
    • Office 365 Outlook
    • Office 365 Groups
    • SharePoint
    • Microsoft Teams
    • HTTP with Azure AD: set the Resource URL and Azure AD Resource URI to https://graph.microsoft.com/ for a commercial tenant, and https://graph.microsoft.us/ for a GCC High tenant.

    If you create a new connection, you must select Refresh. You won't lose your import progress.

    Establish connections to all connectors used in the solution.

  9. Update environment variable values. The environment variables are used to store application and flow configuration data with data specific to your organization or environment. This means that you only have to set the value once per environment and it will be used in all necessary flows and apps in that environment. All the flows in the solution depend on all environment variables' being configured.

    Set environment variable values.

    Configure the following variables for the core components solution, and then select Save. (If you need to change the value of an environment variable after you import the solution, go to Update environment variables.)

    Name Description
    Admin eMail Admin eMailed with this solution, and copy the web link (to launch the app) and paste it into this variable. This environment variable is not used until you adopt the Developer Compliance Center.
    Also Delete from CoE Recommend Yes here to delete objects from the CoE inventory when they are deleted from the tenant. No will keep a record that an app or flow existed in the past
    Approval Admin The email address used in flows to send approvals to admins; this cannot be a distribution list.
    Community URL Link to your internal Microsoft Power Platform community (for example, Yammer or Teams).
    Developer Compliance Center Leave empty on Import and do the following to populated after set up of the Governance components.
    Navigate to the details page of the Developer Compliance Center (canvas app) included with this solution, and copy the web link (to launch the app) and paste it into this variable.
    Environment Request Admin App Url Link to the Admin - Power Platform Resouce RMS canvas app included in this solution. Leave empty on Import and fill it in once the app is installed.
    To do that, navigate to the details page of the Admin - Power Platform Resouce RMS (canvas app) included with this solution, and use the wek link (to launch the app).
    PowerApp Maker environment variable The maker URL used by PowerApps for your cloud, including trailing slash. Here are examples:
    For a US environment: https://make.powerapps.com/
    For a GCC environment: https://make.gov.powerapps.us/
    For a GCC High environment: https://make.high.powerapps.us/
    PowerApp Player environment variable The player URL used by PowerApps for your cloud, including trailing slash. Here are examples:
    For a US environment: https://apps.powerapps.com/
    For a GCC environment: https://apps.gov.powerapps.us/
    For a GCC High environment: https://apps.gov.powerapps.us/
    Power Automate environment variable The URL used by flow for your region. Here are examples:
    For a US environment: https://us.flow.microsoft.com/manage/environments/
    For a Canadian environment: https://canada.flow.microsoft.com/manage/environments/
    For an EMEA environment: https://emea.flow.microsoft.com/manage/environments/
    For a GCC environment: https://gov.flow.microsoft.us/manage/environments/
    Power Platform Maker Microsoft 365 Group The Admin | Welcome Email flow sends a welcome email to onboard new makers and adds them to a Microsoft 365 group. You can use this group to send communications to your makers or invite them to a Yammer or Teams group. Configure the group ID here.
    TenantID Your Azure Tenant ID.
  10. Select Import.

The import can take up to 60 minutes to be completed. Learn more about the apps and flows in the Core components: What's in the Core Components

Update and turn on child flows

There are several child flows which will need their Run only users properties updated.

  • HELPER - CloudFlowOperations
  • HELPER - CanvasAppOperations
  • HELPER - ObjectOperations
  • CLEANUP HELPER - Check Deleted (Canvas Apps)
  • CLEANUP HELPER - Check Deleted (Cloud Flows)
  • CLEANUP HELPER - Check Deleted (Model Driven Apps)
  • CLEANUP HELPER - Check Deleted (PVA)

For all of these flows, go to the details page and click the Run only users edit button.

You will see all the connections in the child flow. For each one, change the value to Use this connection (userPrincipalName@company.com). If there is no connection for any of the connectors, go to Data > Connections, and create one for the connector.

Find setting for run only users. Configure run only users.

Once you have updated the run only users, turn on all the child flows.

Activate the flows

The Admin | Sync Template flows part of this solution crawl through all the resources stored in Microsoft Power Platform and make a copy of details in each resource (for example, apps and flows) to Dataverse (table definitions are provided in this solution). All data displayed in most of the starter kit components must be in Dataverse, which means that the sync template must be configured for everything else to work. The sync flows run daily overnight.

When you first set up the CoE Starter Kit, enable these flows in a specific order which will start the process of crawling and storing the information in Dataverse. Depending on the size of your tenant, the first run of may take long to complete. See the limitations information for more details.

We will more quickly resolve issues around dependencies between tables by enabling the flows in an explicit order. Enabling the flows in this order is not required, but it may cause errors or incorrect data during the first week until the inventory dependencies align.

  1. For Option 1 (Core Components installed in Production environment):
    1. Go to make.powerapps.com, select Solutions, and then open the Center of Excellence - Core Components solution to view the flows.
  2. For Option 2 (Core Components installed in Dataverse for Teams environment)
    1. Open to the Power Apps app in Teams, select Build, and select the Team you have added the solution to.
    2. Select Installed apps.
    3. Select See all for Center of Excellence - Core Components.
    4. Select Cloud flows.
  3. Turn on: CLEANUP - Admin | Sync Template v3 (Check Deleted).
  4. Wait until it finishes before you turn on any other flows.
  5. Turn on: Admin | Sync Template V3 (Connectors)
  6. Wait until it finishes before you turn on any other flows.
  7. Turn on the Admin | Sync Template flows for the following object types: Apps, Custom Connectors, Desktop Flows, Flows, Model Driven Apps, and PVA
  8. Turn on Admin | Sync Template v3.
  9. Wait for Admin | Sync Template v3 to complete its run and then turn it back off. This will avoid write conflicts for large organizations.
  10. Check the Admin | Sync Template flows for apps, flows and other resources and wait until all of these complete.
  11. Turn back on Admin | Sync Template v3.
  12. Now you're ready to turn on all the other flows
    1. Turn on all the flows starting with CLEANUP.
    2. Turn on the Admin | Capacity Alerts if you would like to receive alerts when environments get close to approved capacity.
    3. Turn on the Admin | Welcome Email v3 if you would like to send welcome emails to new makers.
    4. Turn on the flows starting with Env Request and DLP Request if you are using the Power Platform Request Center
    5. Turn on the flows starting with Command Center App if you are using the Admin - Command Center

Important

Note that Admin | Compliance Detail Request v3 will not pass until you complete setup of the Governance component so you should leave it turned off until then.

(Optional) Create an Azure AD app registration to connect to Microsoft Graph

Note

Only complete this steps if you want to review Power Platform related Microsoft 365 Message Center updates in the Admin - Command Center canvas app.

The Admin - Command Center connects to Microsoft Graph API to get Microsoft 365 Message Center updates.

Using these steps, you'll set up an Azure AD app registration that will be used in a cloud flow to connect to the Graph API. More information: Use the Microsoft Graph API

  1. Sign in to portal.azure.com.

  2. Go to Azure Active Directory > App registrations.

    Azure AD app registration.

  3. Select + New Registration.

  4. Enter a name (for example, CoE Command Center), don't change any other setting, and then select Register.

  5. Select API Permissions > + Add a permission.

    API Permissions - Add a permission.

  6. Select Microsoft Graph, and configure permissions as follows:

    1. Select Delegated permissions, and then select ServiceMessage.Read.All.
    2. Select Application permissions, and then select ServiceMessage.Read.All.
    3. Select Add permissions.
  7. Select Grant Admin Consent for (your organization).

  8. Select Certificates and secrets.

  9. Select + New client secret.

    New client secret.

  10. Add a description and expiration (in line with your organization's policies), and then select Add.

  11. Copy and paste the Secret to a text document in Notepad for the time being.

  12. Select Overview, and copy and paste the application (client) ID value to the same text document; be sure to make a note of which GUID is for which value. You'll need these values in the next step as you configure the custom connector.

  13. Go to make.powerapps.com, select Solutions, and then open the Center of Excellence - Core Components solution to view the flows.

  14. Edit the Command Center App > Get M365 Service Messages flow.

  15. Update the List serviceAnnouncements from Graph with your client ID and client secret. Update HTTP action with client ID and secret

    Note

    We recommend storing the client ID and secret in Azure Key Vault and using the Azure Key Vault connector to retrieve them in the flow.

  16. Save this flow.

Set up Audit Logs solution

The Audit Log Sync flow connects to the Microsoft 365 audit log to gather telemetry data (unique users, launches) for apps. The CoE Starter Kit will work without this flow; however, usage information (app launches, unique users) in the Power BI dashboard will be blank. More information: Set up the audit log connector

Set up the Power BI dashboard

The CoE Power BI dashboard provides a holistic view with visualizations and insights into resources in your tenant: environments, apps, Power Automate flows, connectors, connection references, makers, and audit logs. Telemetry from the audit log is stored from the moment you set up the CoE Starter Kit, so over time you can look back and identify trends for longer than 28 days. More information: Set up the Power BI dashboard

Share apps with other admins

The core components solution contains apps designed to give admins better visibility and overview of resources and usage in their environments. Share those apps with other Power Platform admins. Take a look at the Admin - Command Center app which is your central place to launch all CoE Starter Kit apps from.

More information:
Share a canvas app in Power Apps
Publish and add an app to Teams

Wait for flows to finish

After the sync flows have finished running (depending on the number of environments and resources, this can take a few hours), you're ready to use the core components of the CoE Starter Kit.

To check the status of a flow

  1. Select Admin | Sync Template v3.

    This will open a new tab to the Flow detail page.

  2. View Runs.

Update environment variables

Important

You don't have to complete this step during setup, just when you need to change the value of an environment variable that you configured during import.

Environment variables are used to store application and flow configuration data with data specific to your organization or environment.

  1. If you have installed the solution in a Production environment:

    1. Go to flow.microsoft.com.
    2. On the left pane, select Solutions.
    3. Select the Default Solution, and change the filter to show Environment Variables.
    4. Select a variable that you want to update, and then configure its Current Value.
  2. If you have installed the solution in a Dataverse for Teams environment:

    1. Go to flow.microsoft.com.
    2. On the left pane, select Solutions.
    3. Select the Common Data Service Default Solution.
    4. Select + Add > Environment Variables.
    5. Select the existing Environment Variables from the managed solution that you want to update.
    6. Now, change the filter to show Environment Variables.
    7. Select a variable that you want to update, and then configure its Current Value.

    Update one of the following variables for the core components solution, and then select Save.

    Name Description
    Admin eMail Admin eMailed with this solution, and copy the web link (to launch the app) and paste it into this variable. This environment variable is not used until you adopt the Developer Compliance Center.
    Also Delete from CoE Recommend Yes here to delete objects from the CoE inventory when they are deleted from the tenant. No will keep a record that an app or flow existed in the past
    Approval Admin The email address used in flows to send approvals to admins; this cannot be a distribution list.
    Community URL Link to your internal Microsoft Power Platform community (for example, Yammer or Teams).
    Developer Compliance Center Leave empty on Import and do the following to populated after set up of the Governance components.
    Navigate to the details page of the Developer Compliance Center (canvas app) included with this solution, and copy the web link (to launch the app) and paste it into this variable.
    eMail Header Style the CSS / Style to use for eMails
    Note a default is given so this will not appear on setup
    Environment Request Admin App Url Link to the Admin - Power Platform Resouce RMS canvas app included in this solution. Leave empty on Import and fill it in once the app is installed.
    To do that, navigate to the details page of the Admin - Power Platform Resouce RMS (canvas app) included with this solution, and use the wek link (to launch the app).
    Exclude Default environment from Compliance Request flows Set to Yes if you want to Exclude the Default environment from the Admin | Compliance Details request flow.
    Note a default of Yes is given so this will not appear on setup
    FullInventory Determines if you want to only update objects that have changed, or all objects.
    Note a default of No is given so this will not appear on setup
    PowerApp Maker environment variable The maker URL used by PowerApps for your cloud, including trailing slash. Here are examples:
    For a US environment: https://make.powerapps.com/
    For a GCC environment: https://make.gov.powerapps.us/
    For a GCC High environment: https://make.high.powerapps.us/
    PowerApp Player environment variable The player URL used by PowerApps for your cloud, including trailing slash. Here are examples:
    For a US environment: https://apps.powerapps.com/
    For a GCC environment: https://apps.gov.powerapps.us/
    For a GCC High environment: https://apps.gov.powerapps.us/
    Power Automate environment variable The URL used by flow for your region. Here are examples:
    For a US environment: https://us.flow.microsoft.com/manage/environments/
    For a Canadian environment: https://canada.flow.microsoft.com/manage/environments/
    For an EMEA environment: https://emea.flow.microsoft.com/manage/environments/
    For a GCC environment: https://gov.flow.microsoft.us/manage/environments/
    Power Platform Maker Microsoft 365 Group The Admin | Welcome Email flow sends a welcome email to onboard new makers and adds them to a Microsoft 365 group. You can use this group to send communications to your makers or invite them to a Yammer or Teams group. Configure the group ID here.
    ProductionEnvironment Set to false if you are creating a dev type environment. This will allow some flows to set target users to the admin instead of object owners.
    Note a default of Yes is given so this will not appear on setup
    TenantID Your Azure Tenant ID.