Before setting up the CoE Starter Kit
The Center of Excellence (CoE) Starter Kit is a collection of components and tools to help you get started with developing a strategy for adopting and supporting Microsoft Power Platform, with a focus on Power Apps and Power Automate. For more information about individual components, see CoE Starter Kit explained
This article prepares you to install the CoE Starter Kit and provides guidance on:
- The identity used to install and run the solutions.
- The environment type to use for your solutions.
- All prerequisites needed to use the CoE Starter Kit.
Which identity should I use to install the CoE Starter Kit?
The CoE Starter Kit requires access to your tenant's Power Platform environments. Therefore, the identity you set up for the CoE Starter Kit needs the following licenses and roles:
Microsoft Power Platform service admin or global tenant admin.
Note
Dynamics 365 service admin doesn't work, since it:
- Can't gather all environment types, for example the teams type.
- Doesn't allow privilege escalation.
Power Apps Per User license (nontrial) and Microsoft 365 license.
Power Automate Per User license, or Per Flow licenses (nontrial).
Power BI Premium per user or per capacity (if using Data Export for inventory)
The identity must have access to an Office 365 mailbox that meets all requirements to use the Office 365 Outlook connector.
If you'd like to collect usage information, such as app launches and unique users per app, you must have access to an Azure app registration. The app registrations need to have permissions to read data from the Microsoft 365 audit log to complete the setup. You only need this app registration if you're using Cloud flows for inventory.
If you'd like to share the Power BI report that's part of the CoE Starter Kit, this identity needs to have the Power BI Pro license.
These roles and licenses must be available to a user directly and permanently.
Configure multifactor authentication for the account by following the recommended settings for conditional access and multifactor authentication in Power Automate.
How to communicate with your admins, makers, and users
Consider how you want to communicate with different groups of people, or personas, before you start the setup:
- Admin persona
- Power Platform admins communicate with each other.
- Power Platform makers contact Power Platform admins.
- Maker persona
- Power Platform admins contact Power Platform makers.
- Power Platform makers communicate with each other.
- User persona
- Power Platform admins contact Power Platform users.
We recommend using three Microsoft 365 groups, one for each persona. This group type is an email-enabled security group and can be associated with a Microsoft team for collaboration between the people in the group.
Important
As part of the inventory of a tenants Power Platform resources, makers are added to the group you define for the Power Platform Maker persona.
To add makers to the group, the admin or service account setting up the inventory components needs to be an owner of the group. You can share apps and other resources relevant to makers with this group.
Individual as an admin
Some processes in the CoE Starter Kit send Power Automate Approvals and Adaptive Cards for Microsoft Teams. These cards can't be assigned to a group.
You need an individual named admin to receive these communications:
- Individual to receive chat bot chats
- Individual to receive approvals
What data source should I use for my Power Platform inventory?
At the heart of the CoE Starter Kit are processes that gather information about your Power Platform inventory to provide processes to manage, govern, and nurture Power Platform adoption in your tenant.
The CoE Starter Kit offers two mechanisms to gather this data:
Data Export (preview)
You can export Power Platform inventory and usage data directly into Azure Data Lake Storage using the Data Export feature in the Power Platform admin center. Since the admin center provides the data, this mechanism is high in performance. Data Export must be configured in advance from the Power Platform Admin Center to use this option.
Important
The CoE Starter Kit using data provided by Data Export for inventory is currently in experimental preview. We recommend to first test the kit in a dedicated test environment. Trying this feature helps us validate that the feature meets your needs and prevents unintended side effects.
For more information, see Try out the Data Export feature.
Cloud flows
Cloud flows use Power Platform admin connectors to query and crawl your tenant and store inventory and usage data in Dataverse tables.
This method is suitable for small to medium sized tenants but can cause performance issues in tenants where Power Platform inventory exceeds 10,000 objects (combined number of environments, apps, flows).
How can I try out the Data Export feature?
Enable the Data Export feature in your tenant.
Proceed with the CoE Starter Kit configuration only when you see inventory data files in your storage account. The initial data export can take up to five days.
Download the version of the CoE Starter Kit that integrates with Data Export and use the setup wizard to configure the feature in your tenant.
Post your feedback by raising an issue on GitHub. Your feedback is critical to this process.
For more information, see Frequently asked questions about the Data Export integration.
Plan your upgrade strategy
A new version of the CoE Starter Kit is released monthly, usually in the first full week of each month. This release cadence is important to know so you can review, organize, plan, and test the latest version.
We recommend upgrading the CoE Starter Kit solution at least every three months. With the fast pace of change for Power Platform, leaving updates longer than three months can result in unexpected issues with your next update.
We recommend testing upgrades in a dedicated test environment, before upgrading your production environment. Focus your test efforts on your favorite features of the CoE Starter Kit. Verify that components you use continue to work when you add new features that meet your requirements.
In your test environment, set the ProductionEnvironment variable to no. A no setting means no emails are sent to makers and end users as you test features.
For more information, see Updating the Center of Excellence (CoE) Starter Kit.
Create your environments
We recommend creating two environments to install the CoE Starter Kit solution:
- One for testing
- One for production use
For more information, see Updating the CoE Starter Kit.
Create two production environments to install the CoE Starter Kit solutions:
- Create an environment with a database.
- Choose English as the default language.
- Don't add sample apps and datasets.
- Set the security group to None to allow open access. Some parts of the CoE Starter Kit use approval actions and require makers to be able to interact with the environment.
- After importing the solution and completing the setup steps, set the ProductionEnvironment variable to no in your test environment. This means you can test the CoE Starter Kit processes without impacting makers and end users.
Important
Using Data Export as a mechanism to retrieve inventory and telemetry is currently in preview. We recommend you test this in a dedicated test environment before using this feature in production.
Validate data loss prevention (DLP) policies
The DLP policy applied to your CoE Starter Kit environment needs to allow the following connectors to be used together in the business group:
- Approvals
- Azure Resource Manager
- HTTP
- HTTP with Microsoft Entra ID (preauthorized)
- Microsoft Dataverse
- Microsoft Dataverse (legacy)
- Microsoft Teams
- Office 365 Groups
- Office 365 Outlook
- Office 365 Users
- Power Apps for Admins
- Power Apps for Makers
- Power Automate for Admins
- Power Automate Management
- Power Platform for Admins
- Power Platform for Admins V2
- Power Query Dataflows
- RSS
Note
The CoE Starter Kit collects information about who owns a resource, such as an app or a flow.
- If the resource is owned by an interactive user, the Office 365 Users connector is used to get the owner details.
- If the resource is owned by a service principal (app user), the HTTP with Microsoft Entra ID (preauthorized) connector makes a call to Microsoft Graph to retrieve the app user name to correctly mark ownership of resources to avoid them being marked as orphaned (without an owner).
The HTTP and HTTP with Microsoft Entra (preauthorized) connectors connect to graph.microsoft.com for commercial tenants.
If your tenant is in Government Community Cloud (GCC), GCC High, or DoD, check your service root endpoint for Microsoft Graph.
You can't set up DLP endpoint filtering for these connectors, as DLP Policies don't support dynamic endpoint evaluation.
Check that no other DLP policies apply to this environment. For more information, see Combined effect of multiple DLP policies.
Download the solution
Download the CoE Starter Kit solution and Power BI dashboard files to your device.
The content package contains various files that support different features of the CoE Starter Kit. The setup instructions walk you through when to use each file.
The following table is an overview of each file:
File Name | Description |
---|---|
admintaskanalysis_core_x_xx_managed.zip | Power Platform admin task planner components. |
BYODL_CoEDashboard_MMMYYYY.pbit | CoE Dashboard Power BI template file. Required during configuration of the Power BI dashboard if using experimental Data Export feature. |
CenterofExcellenceAuditComponents_x.xx_managed.zip | Governance components solution file. Required during setup of the Governance components. Has a dependency on Core components being installed first. |
CenterofExcellenceCoreComponents_x.xx_managed.zip | Core components solution file. Required during setup of the Core components in a production environment. |
CenterofExcellenceInnovationBacklog_x.xx_managed.zip | Innovation Backlog components solution file. Required during setup of the Innovation Backlog components. |
CenterofExcellenceNurtureComponents_x.xx_managed.zip | Nurture components solution file. Required during setup of the Nurture components. Has a dependency on Core components being installed first. |
MakerAssessmentStarterData.xlsx | Provides a set of starter questions and answers for the Maker assessment app. Required during configuration of the Maker Assessment app. |
microsoft-video-hub-starter-data.xlsx | Provides a set of starter videos for the Video Hub app. |
Power Platform Administration Planning.pbit | Power Platform admin task planner Power BI template file. Required during configuration of the Power Platform admin task planner components. |
PowerPlatformAdminAnalytics-DF-MMYYYY | Dataflow file required during configuration of the Power BI dashboard if using experimental Data Export feature. |
PowerPlatformGovernance_CoEDashboard_MMMYYYY.pbit | CoE Governance and Compliance Dashboard Power BI template file. Required during configuration of the Power BI dashboard |
Production_CoEDashboard_MMMYYYY.pbit | CoE Dashboard Power BI template file. Required during configuration of the Power BI dashboard |
Pulse_CoEDashboard.pbit | Pulse survey Power BI template file. Required during configuration of Pulse survey components. |
Sample-task-data.xlsx | Provides a set of tasks for the Power Platform admin task planner components app. Configuration of the Power Platform admin task planner components. |
ToolIcons.zip | Provides a set of starter icons for the Innovation Backlog. Required during configuration of the Innovation Backlog. |
What's next: After installing the CoE Starter Kit
Important
We recommend upgrading the CoE Starter Kit solution at least every three months. With the fast pace of change for Power Platform, leaving updates longer than three months can result in unexpected issues with your next update.
If you already installed the CoE Starter Kit, check instructions for
- Update the CoE Starter Kit with a new release.
- Extend the CoE Starter Kit.