Tag: powerapps

Exam AB-731: AI Transformation Leader

What better way to start 2026 then to talk about a Microsoft certification, especially one for a totally NEW type of user!

Following on the steps of the other AB exams I’ve been writing about my experience with (see Exam AB-730: AI Business Professional, Exam AB-100: Agentic AI Business Solutions Architect and Exam AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals ), this article will cover the AB-731 exam.

This exam is focusing on the Microsoft AI capabilities from a Business Leader perspective, and to the best of my knowledge is the first time that Microsoft has ever created an exam from a ‘Business Leader’ perspective. Taking this exam was a complete mindset shift to me, especially when seeing the questions – it’s not about understanding the in depth technical capabilities, but more around the breadth of technology options (spanning Azure, Microsoft 365 Copilot, Copilot Studio & other tools), and what they bring/enable from a BUSINESS perspective.

The official description of the proposed exam candidate is:

As a candidate for this Microsoft Certification, you should understand how to recognize opportunities for AI transformation, identify the right AI tools and resources, plan for AI adoption, optimize business processes, and drive innovation by using Microsoft 365 Copilot and Azure AI services.

This Certification is designed for business decision-makers at all levels who are responsible for guiding transformation and innovation within their teams or organizations. In this role, you’re expected to demonstrate AI fluency, strategic vision, and the ability to lead AI adoption across teams and functions but are not expected to write any code.

As a candidate for this Certification, you should be able to evaluate AI opportunities, champion responsible AI practices, and align AI investments with business goals. You need experience leading adoption or change management in a business context. You must also be familiar with Microsoft 365 services, Azure AI services, and general AI capabilities.

The overall information for the exam can be found at Microsoft Certified: AI Transformation Leader, and there is an official Learning Path available for it.

As I’ve posted before around my exam experiences, it’s not permitted to share any of the exam questions. This is in the rules/acceptance for taking the exam. I’ve therefore put an overview of the sorts of questions that came up during my exam. (Note: exams are composed from question banks, so there could be many things that weren’t included in my exam, but could be included for someone else!). It’s also in beta at the moment, which means that things can obviously change for when it comes out of beta.

Overall, the exam approach was quite different to me – though I do talk with organisations frequently around general AI matters, I’ve never taken an example written in this way beforehand. However, I do feel that it’s very helpful to have this in place, to ensure that business leaders can demonstrate that they actually do know what they’re talking about 😉

I’ve tried to group things as best together as I feel (in my recollection), to make it easier to revise.

  • Azure Components & Capabilities
    • AI Vision – what it can be used for, benefits of using it, capabilities that it has
    • AI Language – what it can be used for, benefits of using it, capabilities that it has
    • AI Document Intelligence – what it can be used for, benefits of using it, capabilities that it has
    • Machine Learning – what it can be used for, benefits of using it, capabilities that it has
    • AI Foundry – what it can be used for, benefits of using it, capabilities that it has
    • AI Search – what it can be used for, benefits of using it, capabilities that it has
  • Microsoft 365 Copilot Chat
    • What license is needed
    • What data does it have access to
    • What security controls are in place
  • Microsoft 365 Copilot
    • What is it, what can it be used for
    • What can it do
    • How does it connect to data
    • What are the connectors for it (standard & custom)
    • Benefits of using it (vs 3rd party AI tooling)
    • Different agents (eg Analyst & Researcher) within it – what they do, how to access and use them
  • Microsoft Copilot Studio
    • What is it, what can be used for
    • What can it do
    • What license is needed
    • What data can it access
  • Microsoft Security Copilot
    • What is it, what can be used for
    • What can it do
    • Benefits that it provides
  • Security & Governance
    • Content filtering controls within Copilot
    • Policies
    • Handling requirements to prevent inappropriate language & responses
    • Responsible AI principles
    • Governance ownership, responsibility & requirements
  • Generative AI
    • AI model hallucinations
    • Grounding in data
    • Improving response quality
    • Prompt engineering
    • Pre trained models vs fine tuned models
    • Reasoning models vs non-reasoning models
    • Understanding usage costs (including different pricing models)
    • What is RAG, and how can it be used for business scenarios
    • Adoption throughout organisations – personas to involve in adoption team

    I hope that this is helpful for anyone who’s thinking of taking it – good luck, and please do drop a comment below to let me know how you found it! I’d also be interested in your thoughts/opinions around the direction that Microsoft has taken for this!

    Exam AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals

    Following on the steps of the other AB exams I’ve been writing about my experience with (see Exam AB-730: AI Business Professional & Exam AB-100: Agentic AI Business Solutions Architect), this article will cover the AB-900 exam.

    This exam is focusing on the Microsoft 365 Copilot capabilities from a user & administration perspective, and doesn’t cover/include anything from Copilot Studio.

    Now, though it’s a Fundamentals exam, to be honest it’s the HARDEST fundamentals exam that I’ve ever taken!

    The approach is around being able to demonstrate understanding of how to use the Microsoft 365 Copilot, as well as a lot of focus on how to control & administer it.

    The official description of the proposed exam candidate is:

    As a candidate for this Microsoft Certification, you should be familiar with Microsoft 365, including core services, security, identity and access, data protection, and governance, along with Microsoft 365 Copilot and agents.

    Additionally, you should be familiar with the admin centers used to access Microsoft 365 workloads, such as Exchange Online, SharePoint in Microsoft 365, Microsoft Teams, Microsoft Entra, and Microsoft Purview. You need to have experience with AI-driven productivity tools and modern IT management practices.

    You must be able to identify the roles of the core features and objects available in Microsoft 365, such as users, groups, teams, sites, and libraries. Plus, you should understand the core security features of Microsoft 365, such as authentication methods, conditional access policies, and single sign-on (SSO).

    The overall information for the exam can be found at Microsoft 365 Certified: Copilot and Agent Administration Fundamentals, and there is an official Learning Path available for it.

    As I’ve posted before around my exam experiences, it’s not permitted to share any of the exam questions. This is in the rules/acceptance for taking the exam. I’ve therefore put an overview of the sorts of questions that came up during my exam. (Note: exams are composed from question banks, so there could be many things that weren’t included in my exam, but could be included for someone else!). It’s also in beta at the moment, which means that things can obviously change for when it comes out of beta.

    One thing to keep in mind about this exam – though I do mention Microsoft Purview in the list of items below, I haven’t gone into it extensively. However, there were a LOT of questions that touched on Purview (& other governance stuff as well) – you REALLY need to be knowing & understanding these capabilities to be able to take & pass the exam. Just guessing the answers is not going to help at all!

    Overall, the exam seemed to me to be pretty decent, though with indeed a heavy focus on security & governance (as I’ve mentioned above). I don’t see this as a bad thing though, as it can help to show that administrators really do know what they’re talking about.

    I’ve tried to group things as best together as I feel (in my recollection), to make it easier to revise.

    • Agent types
      • Native Microsoft 365 Copilot agent
      • Native Microsoft 365 Copilot advanced agents (eg Researcher & Analyst). What they are, how to access, what to use them for
      • Custom Microsoft 365 Copilot agent
      • SharePoint agent
    • Creating/using Agents
      • Using natural language to create agents
      • How to handle/perform multi-step reasoning
      • Use of notebooks
      • Custom instructions
      • Scheduling prompts
      • Querying data types
        • Structured
        • Unstructured
    • Governance & security
      • Blocking access to different types of searches & collateral
      • Blocking access to specific agents
      • Tools to use for blocking
      • How to share agents with other users
      • Assigning licenses to users
      • Data retention policies
      • Data labelling policies
      • Use of Microsoft Purview, covering capabilities, tools, auditing, how to use, etc
      • Use of DLP
      • Data source permissions
      • Conditional access policies
      • Microsoft Defender – what it is, capabilities it has, how to use it, etc.
      • Types of authentication
    • Reporting
      • Licensing & usage
      • Adoption & interactions
    • Payment options & capabilities
      • Credit usage – internal vs external users
      • Pay As You Go Billing, and scenarios you can use it for

    I hope that this is helpful for anyone who’s thinking of taking it – good luck, and please do drop a comment below to let me know how you found it! I’d also be interested in your thoughts/opinions around the direction that Microsoft has taken for this!

    Exam AB-730: AI Business Professional

    Following on from the recent launch of the new Exam AB-100: Agentic AI Business Solutions Architect exam, Microsoft has now developed & released other exams in the AB series – this post is on the AB-730 exam.

    The approach continues to be around how to use AI within technology for business purposes, rather than needing to be able to create AI or code. This exam focused on the Microsoft 365 Copilot experience, how to use it within various Microsoft Office applications, etc.

    The official description of the proposed exam candidate is:

    As a candidate for this Microsoft Certification, you should have experience using generative AI–powered productivity tools, including Microsoft 365 Copilot, Researcher, and Analyst. You take advantage of AI to improve daily work, drive business outcomes, and make informed decisions in business contexts—without building AI apps or writing code.

    You should have a basic understanding of Microsoft 365 and should be comfortable navigating core apps, such as Outlook, Word, Microsoft Teams, PowerPoint, and Excel. You should also be familiar with common business processes, including drafting emails, creating presentations, generating images, and managing documents.

    The overall information for the exam can be found at at Microsoft Certified: AI Business Professional (beta) – Certifications | Microsoft Learn, and there is an official Learning Path available for it.

    As I’ve posted before around my exam experiences, it’s not permitted to share any of the exam questions. This is in the rules/acceptance for taking the exam. I’ve therefore put an overview of the sorts of questions that came up during my exam. (Note: exams are composed from question banks, so there could be many things that weren’t included in my exam, but could be included for someone else!). It’s also in beta at the moment, which means that things can obviously change for when it comes out of beta.

    One thing that I found I didn’t like about the exam is the new question type of ‘Best Answer’. This question type gives various options, whilst telling you that more than one answer choice may achieve the goal, but asking you to select the BEST answer. I believe that questions like this are subjective, and the answers will vary based on each person’s knowledge, understanding & experience, so I’m not quite sure why Microsoft have decided that this would be good to use. It will be interesting to see what happens when the exam comes out of Beta, and if these questions are still around or not then.

    Overall, the exam seemed to me to be pretty decent – I initially thought it would be quite generic, but you really do need to know how all the Copilot offerings work including Copilot Chat and Copilot in the Office applications.

    If you’re new to Copilot, and/or not really sure as to how it actually works & the capabilities, I’d suggest not to take the exam yet. Instead, go and take a look at the learning paths, and look to find out how it actually works & operates.

    I’ve tried to group things as best together as I feel (in my recollection), to make it easier to revise.

    • Microsoft 365 Copilot vs Microsoft 365 Copilot Chat
      • What each one does/doesn’t do
      • When to use each one
    • What to include when prompting Copilot
    • Copilot security framework
      • How data is used
      • The different data controls that are in place
      • How data protection works, different data protection capabilities & using them
      • Removing data & prompts from Copilot,
    • Copilot capabilities in Microsoft Word
    • Copilot capabilities in Microsoft Excel
    • Copilot capabilities in Microsoft Outlook
    • Copilot capabilities in Microsoft PowerPoint
    • Copilot capabilities for Teams
      • Using Copilot within Teams for queries
      • Using Copilot within Teams for meetings (preparing for them, during the meeting, after the meeting)
    • Collaboration with Copilot report outputs
    • Copilot Researcher agent – getting access, capabilities & use cases, inputs & outputs
    • Copilot Analyst agent – getting access, capabilities & use cases, inputs & outputs
    • Using custom instructions within Copilot – how to do this, how it is used/applied, etc
    • Using documents with Copilot for answers & generating material. Updating new versions of documents, and how Copilot will behave
    • Microsoft 365 agents – creating, configuring, sharing, security etc
    • Creating, sharing & scheduling prompts, including limitationsent

    I hope that this is helpful for anyone who’s thinking of taking it – good luck, and please do drop a comment below to let me know how you found it! I’d also be interested in your thoughts/opinions around the direction that Microsoft has taken for this!

    Exam AB-100: Agentic AI Business Solutions Architect

    It’s always interesting when Microsoft release a new type of exam, especially when it’s not tied to specific functionality, but rather to an overall approach. The AB-100 exam (don’t pay too much attention to the ‘100’ designator, in my opinion) follows the approach that we’re seeing Microsoft taking – needing to use technology (& here, specifically AI in technology) holistically across multiple solution.

    I took the exam in Beta as soon as it launched, though due to preparing for the Power Platform Community Conference (which I’m currently writing this at), it’s taken a bit of time to get this blog post up and published.

    As an architect, AI isn’t new to us – we know of multiple different capabilities (spanning Microsoft 365, Copilot Studio & Azure AI Foundry), which we need to use appropriately to handle customer scenarios. AI isn’t new to exams either – there are multiple Azure exams with AI in them, we have multiple Business Application exams with Copilot Studio in them, etc.

    However, exams to date focus on a specific part of the technology stack. For example, the PL-600 focused on Power Platform & Dynamics 365 Customer Engagement. The MB-700 focused on Dynamics 365 Finance & Operations, and so on and so forth.

    This new exam is somewhat of a paradigm shift – needing to understand AI holistically as an architect across multiple parts of the technology stack, what & how it’s used for and where, etc. This is most definitely a new approach, and it will be interesting to see how it users react to it.

    Truthfully, having taken it, I’d personally say that it feels a bit more like an enterprise architect exam approach (which also doesn’t exist in the Microsoft stack), albeit focused around Business Applications. Given the way in which Microsoft partners have specialists in each technology part of the stack, it will be interesting to see if this approach will pivot the way in which people are trained/skilled, and deliver projects. I think that there’s likely to be a lot of feedback to Microsoft that it’s not the way that the partner landscape currently works – though perhaps Microsoft is specifically trying to influence this itself to change. Only time will tell…

    The overall information for the exam can be found at Microsoft Certified: Agentic AI Business Solutions Architect (beta) – Certifications | Microsoft Learn, though there is NO learning path that’s been created (at the time of writing). I think that this is because Microsoft may want to see the reaction to this new approach, and pivot appropriately, rather than needing to create a lot of content that may potentially need to be re-done.

    The official description of the exam can be found at the link above (it’s too long to post here), so please go take a look!

    So, as I’ve posted before around my exam experiences, it’s not permitted to share any of the exam questions. This is in the rules/acceptance for taking the exam. I’ve therefore put an overview of the sorts of questions that came up during my exam. (Note: exams are composed from question banks, so there could be many things that weren’t included in my exam, but could be included for someone else!). It’s also in beta at the moment, which means that things can obviously change for when it comes out of beta.

    I’ve tried to group things as best together as I feel (in my recollection), to make it easier to revise.

    • Business usage of AI
      • Different agents usage and results
      • How to use appropriately for business/agent analysis
      • Different types of metrics and results
      • Best practices for building Copilot Studio agents, and using Copilot Studio agents
      • Looking at the ROI for using Copilot Studio agents
      • Designing the usage of different AI and agent capabilities for business needs
    • Building agents
      • What Copilot Studio agents need to work
      • Data types that agents can use
      • Data sources that agents can use
      • Use of knowledge sources for agents
      • Usage of custom connectors
      • Handling token usage with Azure AI Foundry
      • How to handle testing for Copilot Studio agents
      • Different testing types & approaches
      • Extending Microsoft 365 Copilot
      • Using Power Automate with Copilot Studio agents
      • Speech to Text/Text to Speech
      • Handing conversation to live customer service representative using Dynamics 365 Contact Centre
      • Using RPA within an agent
    • Models
      • Different types of models that could be used within Azure AI Foundry
      • Orchestration
      • Improving performance
    • Security
      • How to handle Copilot Studio security
      • Governance & compliance tooling (eg Purview)
      • Handling/restricting connectors for Copilot Studio agents
      • Ensuring user security when using agents (ie not able to retrieve data that the user cannot access directly)
    • Reporting
      • Monitoring tools for Copilot Studio agents
      • Metrics, usage & analytics for Copilot Studio agents
      • Investigating Copilot Studio agent transcripts
      • Monitoring tools for Azure AI models
      • Evaluating Azure AI Foundry model outputs
    • Application Lifecyle Management
      • Focusing on AI Agents for Dynamics 365 CE, Finance & Operations, and Power Platform
      • How/what components to use and include
      • What tooling to use for ALM

    Overall, the exam seemed to me to be pretty decent – I was worried that it would focus just on Copilot Studio, with not much else in it, but there’s a good balance across other AI capabilities as well.

    The big change, for me at least, were the questions around Dynamics 365 Finance and Operations – this isn’t an area that I’m an expert in generally, and most definitely not for AI tooling. I think that this, as I mention above, is what may get the biggest pushback/feedback into Microsoft.

    I’m going to be quite interested in seeing how the exam is actually launched (as it’s currently in Beta of course). Having chatted with a few others who have taken the exam (whilst obviously respecting the NDA!), they also think that this is an approach pivot from Microsoft, and are wondering about the real world application of it.

    I hope that this is helpful for anyone who’s thinking of taking it – good luck, and please do drop a comment below to let me know how you found it! I’d also be interested in your thoughts/opinions around the direction that Microsoft has taken for this!

    MB-280: Microsoft Dynamics 365 Customer Experience Analyst

    It’s been a while since taking a Microsoft certification exam, but with the new MB-280 exam being launched in the last few days, I’ve obviously needed to take a look at it! It felt a little strange, as I’m now used to the certification renewal process (which is why I haven’t taken any exams in a while), but thankfully things went alright with the overall exam.

    For those who haven’t been following the news, Microsoft made an announcement a few months back that some exams would be retiring, and the new MB-280 exam would be the replacement for this. In short, this is supposed to replace the MB-210 (Sales), MB-220 (Customer Insights – Journeys) & MB-260 (Customer Insights – Data). Malin Martnes wrote a good blog post in June – I’d suggest to take a look at it at for more general information around it.

    Now I’m all up for new certifications being created & made available. However, and I know this could be considered controversial, I have ABSOLUTELY NO IDEA as to why this exam was created in THIS specific way. If an exam had been created, for example, to bring together the two sides of Customer Insights (ie to cover both Data & Journeys in a single exam), I think that would have been quite good.

    But with having taken this, my thoughts (& feedback to Microsoft directly) is that they should un-deprecate (if that’s a word/phrase?) the MB-210 exam, and continue it forward. There’s no reason that I can see having Marketing & Sales together in a single exam – it feels like two (or technically 3?) lego bricks lumped together without any rhyme or reason.

    The learning path for the exam was also launched in the last few days, and can be found at Study guide for Exam MB-280: Microsoft Dynamics 365 Customer Experience Analyst | Microsoft Learn

    The official description of the exam is:

    As a candidate for this exam, you’re a Microsoft Dynamics 365 customer experience analyst who has:

    • Participated in or plans to participate in Dynamics 365 Sales implementations.
    • An understanding of an organization’s sales process.
    • An understanding of the seller’s perspective (user experience).
    • The ability to demonstrate Dynamics 365 Customer Insights – Data and Customer Insights – Journeys capabilities.

    You’re responsible for configuring, customizing, and expanding the functionality of Dynamics 365 Sales to create business solutions that support, automate, and accelerate the company’s sales process. You use your knowledge of customer experience capabilities in Dynamics 365 Sales and Microsoft Power Platform to inform the following design and implementation tasks:

    • Configure Dynamics 365 Sales standard and premium features.
    • Implement collaboration features.
    • Configure the security model.
    • Perform Dynamics 365 Sales customizations.
    • Extend Dynamics 365 Sales with Microsoft Power Platform.
    • Deploy the Dynamics 365 App for Outlook.

    As a candidate, you need:

    • An understanding of the Dataverse security model and features, including business units, security roles, and row ownership and sharing.
    • Experience configuring model-driven apps in Microsoft Power Apps.
    • An understanding of accounts, contacts, and activities.
    • An understanding of leads and opportunities.
    • An understanding of the components of model-driven apps, including forms, views, charts, and dashboards.
    • An understanding of model-driven app personal settings.
    • Experience working with Dataverse solutions.
    • An understanding of Dataverse, including tables, columns, and relationships.
    • Familiarity with Power Automate cloud flow concepts, such as connectors, triggers, and actions.

    More can be found at the exam page itself, which is located at Exam MB-280: Microsoft Dynamics 365 Customer Experience Analyst (beta) – Certifications | Microsoft Learn

    Now during my exam, I was looking forward to seeing the ‘new’ capability around being able to use Microsoft Learn during the exam (new to me – as I haven’t taken any other exams in the last year or so since it was announced!). However there didn’t seem to be any capability to launch Microsoft Learn – I’m not sure why it wasn’t available, as this isn’t a Fundamental level exam

    Questions also used the older terms of references rather than the newer/accepted terms – ie using ‘field’ instead of ‘column’, and ‘entity’ instead of ‘table’. Again, I have no idea why this is – all other exams (including the renewals for them) are using these properly (in my summary below I have ensured I use the correct terms).

    So, as I’ve posted before around my exam experiences, it’s not permitted to share any of the exam questions. This is in the rules/acceptance for taking the exam. I’ve therefore put an overview of the sorts of questions that came up during my exam. (Note: exams are composed from question banks, so there could be many things that weren’t included in my exam, but could be included for someone else!). It’s also in beta at the moment, which means that things can obviously change.

    I’ve tried to group things as best together as I feel (in my recollection), to make it easier to revise.

    • Sales Apps
      • Configuring forms, columns & tables
      • Configuring security roles & access to records
      • Configuring relationships between records (including deletion properties)
      • Sales Mobile App – security & deployment
      • Forecasting – setting up & configuring
      • Configuring Goals
      • Configuring Opportunities
      • Handling currencies
    • Copilot for Sales
      • Setting up & deploying to users
      • Configuring access
    • Outlook App
      • Deploying & setting up
      • Configuring forms & information
    • Exchange
      • Connecting to mailboxes
      • Configuring folder permissions
      • Configuring multiple domains
    • Product Families & Catalogue
      • Creating & setting up
      • Configuring options
      • Adding items to be used
    • Price Lists
      • Creating & setting up
      • Configuring options, including discounts
      • Using time-restricted price lists
      • Handling currencies
    • Document Management
      • Different document management capabilities
      • Usage of SharePoint in different ways
    • Data Import
      • Usage of Power Query
      • Data manipulation
      • Handling duplicate records
    • SMS
      • Setting up & configuring SMS provider
    • Journeys
      • Different triggers to use based on scenarios & requirements
      • How to trigger journeys
      • How to set up emails to be used within a journey
    • Segments
      • Different types of segments
      • Creating & modifying segments
    • Searching/Filtering
      • Using Advanced Find
      • Setting up/modifying queries to include/exclude records based on conditions
    • Business Process Flows
      • Modifying business process flows
      • Handling conditions within business process flows

    As a Sales exam, it seemed alright. But as mentioned above, the Customer Insights questions just seemed strange to me – I’d expect a consultant to be very technically skilled in Customer Insights, but not in Sales (& vice versa), so I’m not understanding bringing these two sides together.

    I’m going to be quite interested in seeing how the exam is actually launched (as it’s currently in Beta of course). Having chatted with a few others who have taken the exam (whilst obviously respecting the NDA!), they also can’t really understand the landscape. Personally, I think that if it continues like this, Microsoft is going to hear quite a few complaints around it.

    I hope that this is helpful for anyone who’s thinking of taking it – good luck, and please do drop a comment below to let me know how you found it! I’d also be interested in your thoughts/opinions around the direction that Microsoft has taken for this!

    Default Environment – How to handle?

    As we’re all aware, the default (Power Platform) environment in any Azure tenant is a very ‘interesting’ thing to have. It’s there by default when an Azure tenant is created, all users within the Azure tenant automatically have access to it, we’re not able to restrict users from being in it, etc etc.

    Though it’s able to be backed up, it’s not able to be restored over itself, there’s no SLA/support available on it….the list goes on & on…!

    Many of us have come up against issues caused by people using the default environment whilst not knowing about challenges involving it, which usually results in pulling out our hair, banging our head against the wall, and other like-minded productive approaches.

    However, it is the first place that users, being new to Power Platform, land up, and instinctively they’ll start building applications, automations etc within it (though usually without using solutions as a container for the development of items). So to date, there’s not really anything that’s been able to be done around this, apart from monitoring users & chasing them after the fact.

    Now, we’re all about enabling our users in the right way, helping educate & support them. Telling them a big NO doesn’t help, and can even be an initial blocker to having people start playing around & building technological solutions.

    So how can we go about enabling our users, but also having the appropriate level of governance over the top? Well, there are several steps that I think we can take, which will help us with these. Now, not all of these are yet in place, though they have been talked about publicly. So let’s go take a look at them

    1. The first step, in my mind, is to start off with enabling the default environment as a managed environment (yes, this can ACTUALLY be done!). Managed environments have many different properties associated with them, but the one of most interest (for this at least) is the requirement to have a premium license in place.

    All users within an organisation should by default have an M365 license SKU against them (usually this would be an E3 or E5). Users with these can immediately use the seeded Power Platform capabilities within them to create Power Platform collateral (using standard connector capabilities). However, with the default environment being managed, they will NOT be able to access it!

    Note: For the moment, I’m leaving out users who have premium Power Platform licenses – this is deliberate

    1. Environment routing. Announced recently is the environment routing capabilities. This will enable users to be automatically routed to an appropriate environment, based on various conditions that can be set. With this, we could create appropriate business unit ‘sandboxes’, and we could route users to these. The user experience would be that when logging in, they would automatically then go to the right environment, rather than trying to work out which environment they should actually go to. This will save on confusion, and be a good user experience (in my opinion).
    1. Just-In-Time (JIT) Environment Creation. One of the items mentioned by Charles Lamanna at the European Power Platform Conference 2023 in Dublin is a new capability that’s coming in soon (I hope!). From the sound of it, this will give the ability to automatically create a new environment for users who do not already have one.

    This sounds really cool. With the recent advent of Development Environments (& the ability for all users to have multiples of these), this could work REALLY well with the environment routing capability mentioned above. When a user would log in for the first time, it could look to see if they have a developer environment – if yes, then route them to it. But if the user didn’t, then to automatically spin up & create a new developer environment, and route them to it.

    Now there are some caveats with this approach, leaving aside that some of the functionality isn’t GA yet.

    It would mean that organisations would need to be alright with changing the default environment to become a managed environment. Obviously, risk assessments would need to be carried out with this, and non-premium solutions migrated elsewhere.

    It’s also important to call out that organisations which have a CDS 1.0 implementation (ie before Power Platform became GA etc) will only have the ability to upgrade default to managed. They are not able to downgrade back to an unmanaged default environment, given limitations of the original CDS implementation (I’ve heard some truly HORRIFIC stories around this, so be careful!)

    The above, however, is just the start of things. There are many other concepts to keep in mind, such as Landing Zones, Policies, etc. I’m going to be looking to cover these in upcoming posts, so keep an eye out for them!

    Power Platform Capacity Monitoring

    If I look back at customer engagements over the last few years around Power Platform, whether it was a new capability or an existing capability, there was ONE thing that stood out above all. This was the ability to be able to track capacity usage over time, and to be honest, most organisations weren’t really doing very well at it.

    For those who are unaware, there are actually three different types of capacity present within Power Platform environments. These are:

    • Data
    • File
    • Log

    Each one is used for a specific purpose – broadly speaking, File holds all attachements that are uploaded directly into Dataverse, Log is used for auditing purposes, and Data holds everything else (hence the name)!

    Now this data is shown within the Power Platform Admin Centre, under the ‘Resources/Capacity’ section’. An example of this is:

    There’s also a nice little breakdown of capacity allocation through licenses etc, which essentially shows where the available capacity has come from:

    If we drill down a bit further, we can open up a specific environment, and see not only the overall usage per capacity type, but also which tables are consuming the most amount of data:

    All of this is well & good so far, for someone wanting to take a look at what is currently happening. But this is a manual action – it is possible to manually export the data, but again, this isn’t automated.

    It’s also not possible (at least not at this point in time) to query the underlying records that hold these values. So we’re a little stuck. If an organisation wanted to see historical data usage, and/or predict data trends (such as ‘how much capacity would we need to have in 6 months if we continued our scaling’), there’s no way to do this. At least not automatically – someone would need to store the values down manually, then report on it. A hassle, to say the least.

    Now when it comes to looking overall at Power Platform, the Centre of Excellence Starter Toolkit is really quite amazing. The Microsoft PowerCAT team continue to iterate existing functionality within it, as well as bring new functionality as well.

    At this point in time, however, it doesn’t have any capacity monitoring in it. Well, it sort of does – we can implement notifications to alert us when capacity reaches a certain value. But this doesn’t solve the challenge as laid out above.

    So with this in mind, I set out to create a solution to handle it. I’ve always wanted to create some sort of tool for giving back to the community & helping others, and I saw this as my chance to do so (I’m in awe of the various XrmToolBox tool creators, for the record).

    So, I’m releasing a capacity monitoring tool. I’m using GitHub as the host, and the repo can be accessed at https://github.com/thecrmninja/Power-Platform-Capacity-Monitoring (it was a learning experience as well as how to use GitHub as a source repository, as I’ve not done that before!).

    Model-Driven App:

    Reporting Dashboard:

    This is just the first version – I have various ideas about how to iterate on it, and tweak functionality. Each release will include release notes & important information to be aware of (such as security needing to run it). Also importantly, thanks to the amazing Matt Collins-Jones for reviewing some of my work around this.

    The audience for this tool is aimed at IT/Power Platform admins who are already familiar with the Microsoft CoE toolkit solution, and have appropriate access to it.

    If you find any issues, please raise an appropriate GitHub Issue item, and I’ll look into it. Also, if you have any ideas that you think could be worthwhile, please feel free to suggest them!

    Finally, I’d be interested in hearing how you think this could support you or your organisation – feel free to drop a comment below!

    Recognition as Microsoft Partner for Business Application Solutions

    It’s been a little while since I’ve previously blogged around developing customer solutions and the Microsoft Specialisations. Since I spoke about it last year (Apps & Microsoft Partner Specialisations) the landscape has moved on a little, and I thought that it would be good to take a look again at it.

    Currently in the Business Applications space, there’s a single specialisation. This is the ‘Microsoft Low Code Application Development Advanced Specialisation’, which is covered in detail at the Microsoft page for it (Microsoft Low Code Application Development Advanced Specialization).

    In essence, this specialisation is aimed at partners who are developing Power Apps (yes, this is specifically aimed at Power Apps), and has been around for a year or so.

    In order for Microsoft to track the qualifying metrics against this specialisation, it’s very important to carry out the PAL (Partner Attach Link) process. The details of how to do this is in my earlier post, which includes some of my thoughts at the time around how a partner should best implement the procedure.

    Since then, my blog post has gained a good amount of traction, and several Microsoft partners have engaged with me directly to understand this better, and to implement the process into their project playbook. I’m really delighted at having been able to help others understand the process, and the reasoning behind it.

    Now that’s all good for a partner who is staying in place at a customer. However there are multiple scenarios that can differ from this. Examples of this are:

    1. Multiple partners developing a single application together
    2. One partner handing over the application to a second partner for further development
    3. One partner implementing a solution, with a second partner providing support

    Now, there’s really a single answer to all of the above scenarios, but it’s a matter of how to go about implementing this properly. Let me explain.

    Originally, all developers would register PAL, and this would then be tracked through the environment cadence, and associated appropriately to the partner. This would be from the developers having been the creators of the apps.

    This has now changed a little bit. Microsoft now recognises the capabilities of PAL using both the Owner of the app, as well as any Co-Owners of the app. This is a little more subtle, so let’s explain this in some detail.

    It is possible, of course, to change the owner of an app. More commonly, however, is the practice of adding co-owner/s to an app (I always recommend this as best practice actually, to remove key-person responsibility risks).

    Note: Changing the actual owner of an app requires the usage of a PowerShell command

    So what happens now is that Microsoft will track the owners/co-owners of any app that’s deployed, and PAL association will flow through this. But there are a couple of caveats which it’s important to be very aware of!

    1. All owners/co-owners must have registered PAL with their user accounts (if using a service principal/service account as an owner, there’s a way of doing this using PowerShell)
    2. Microsoft will recognise the LATEST owner/co-owner association with the app as the partner organisation that will receive PAL recognition

    Now if a customer adds co-owners to an app, this shouldn’t be an issue (as none of the users would have registered PAL). But if there are multiple partners in place, ONLY THE LATEST ONE WILL BE RECOGNISED.

    Therefore to take the three scenarios above, let’s see how this would apply.

    1. Multiple partners developing a single app. Recognition would not work for all partners involved, just the latest one to associate with the app
    2. Partner 1 handing over app to Partner 2. Recognition would stop for Partner 1, and would then start for Partner 2
    3. Partner 1 implementing solution, Partner 2 providing support. Care would need to be taken that the appropriate partner is associated as owner/co-owner to the app, for PAL recognition.

    It’s also important for both partners & customers to understand this, in the wider context of being careful about app ownership, and the recognition that it brings from Microsoft for partners delivering solutions. If a partner would go into a customer, and suddenly start taking ownership of apps that it’s not involved in, I don’t think that Microsoft would be very approving of it.

    Now, all of the above is in relation to Power Apps specifically, as I’ve noted. However, the PAL article was updated last week (located at Link a partner ID to your Power Platform and Dynamics Customer Insights accounts with your Azure credentials | Microsoft Docs) and also interestingly talks about:

    Note the differences between each item

    Reading between the lines here, I think that we’re going to be seeing more advanced specialisations coming out at some point. Either that, or else partner status will be including these as well, as I can’t think of any other reason why PAL would need to be tracked for these as well! I’m also wondering if other capabilities (eg Power Virtual Agents, Power Pages, etc) will be added at some point as well…

    Have you had any challenges with the PAL process? Is there anything more you’d like to find out about it? Drop a comment below, and I’ll do my best to respond!

    Security Roles & Assigning Records

    Let’s face it, and call a spade a spade (or a shovel, depending on where in the world you happen to be). Security roles are very important within Dataverse, to control what users can (& can’t!) do within the system. Setting them up can be quite time-consuming, and troubleshooting them can sometimes be a bit of a nightmare.

    Obviously we need to ensure that users can carry out the actions that they’re supposed to do, and stop them doing any actions that they’re not supposed to do. This, believe it or not, is generally common sense (which can be lacking at times, I’ll admit).

    Depending on the size of the organisation, and of course the project, the number of security roles can range from a few, to a LOT!

    Testing out security can take quite a bit of time, to ensure that testing covers all necessary functionality. It’s a very granular approach, and can often feel like opening a door, to then find another closed door behind the first one. Error messages appear, a resolution is implemented, then another appears, etc…

    Most of us aren’t new to this, and understand that it’s vitally important to work through these. We’ve seen lots of different errors over our lifetime of projects, and can usually identify (quickly) what’s going on, and what we need to resolve.

    Last week, however, I had something new occur, that I’ve never seen before. I therefore thought it might be good to talk about it, so that if it happens to others, they’ll know how to handle it!

    The scenario is as follows:

    • The client is using Leads to capture initial information (we’re not using Opportunities, but that’s a whole other story)
    • Different teams of users have varying access requirements to the Leads table. Some need to be able to view, some need to be able to create/edit, and others aren’t allowed to view it at all
    • The lead process is driven by both region (where the lead is located), as well as products (which products the lead is interested in)

    Now, initially we had some issues with different teams not having the right level of access, but we managed to handle those. Typically we’d see an error message along the following lines:

    We’d then use this to narrow down the necessary permissions, adjust the security role, re-test, and continue (sometimes onto the next error message, but hey, that’s par for the course!).

    However, just as we thought we had figured out all of the security roles, we had a small sub-set of users report an error that I had NEVER seen before.

    The scenario was as follows:

    • The users were able to access Lead records. All good there.
    • The users were able to edit Lead records. All good there.
    • The users were trying to assign records (ie change the record owner) to another user. This generally worked, but when trying to assign the record to certain users, they got the following error:

    Now this was a strange error. After all, the users were able to open/edit the lead record, and on checking the permissions in the security role, everything seemed to be set up alright.

    The next step was to go look at the error log. In general, error logs can be a massive help (well, most of the time), assuming that the person looking at it can interpret what it means. The error log gave us the following:

    As an aside, the most amusing thing about this particular error log, in my opinion, was that the HelpLink URL provided actually didn’t work! Ah well…

    So on taking a look, we see that the user is missing the Read privilege (on what we’re assuming is the Lead table). This didn’t make sense – we then went back to DOUBLE-check, and indeed the user who was trying to carry out the action had read privileges on the table. It also didn’t make sense, as the user was able to open the lead record itself (disclaimer – I’ve not yet tried doing a security role where the user has create/write access to a table, but no read access..I’m wondering what would happen in such a scenario)

    Then we had a lightbulb moment.

    photo of bulb artwork

    In truth, we should have probably figured this out before, which I’ll freely admit. See, if we take a look at the original error that the user was getting, they were getting this when trying to assign the record to another user. We had also seen that the error was only happening when the record was being assigned to certain users (ie it wasn’t happening for all users). And finally, after all, the error message title itself says ‘Assignee does not hold the required read permissions’.

    So what was the issue? Well, it was actually quite simple (in hindsight!). The error was occurring when the record was being attempted to be assigned to a user that did not have any permissions to the Lead table!

    What was the resolution? Well, to simply grant (read) access to the Lead table, and ensure that all necessary users had this granted to them! Thankfully a quick resolution (once we had worked out what was going on), and users were able to continue testing out the rest of the system.

    Has something like this ever happened to you? Drop a comment below – I’d love to hear the details!

    Workaround for sharing Canvas Apps

    Don’t you find it absolutely frustrating when there’s a canvas app that you want to get access to, or give other users access to, but can’t see it? It’s REALLY annoying, but it’s sort of the way that Microsoft has designed the platform (at least at this point in time).

    See, when a user creates a canvas app, only the creator is able to see & launch it. If other users want to get access to it, the creator needs to share it. This can be done by sharing the app directly with another user, or by sharing it with an AAD Security Group (which is sort of best practise).

    Now, of course there’s the Microsoft Power Platform Centre of Excellence solution, which includes a very handy app to assign permissions for canvas apps. After all, if a user is on holiday, sick leave, or has left the company, there needs to be some way of assigning permissions for other users to gain access to it. It’s really helpful, but of course needs the CoE solution installed.

    Let’s think of another scenario. What about if we have some canvas apps as part of a solution, that’s deployed through (proper) ALM – such as using Azure DevOps with automated pipelines. Best practise for this is to use service principals (ie non-interactive user logins). This is great, but then the canvas app/s will be owned by this user. So without the use of the CoE ‘Set App Permissions’ canvas app, we’re sort of stuck, as we can’t gain access to the app.

    Or can we…..?

    So this is a scenario that I’ve been dealing with recently, and I’ve found a really cool workaround that doesn’t need the CoE ‘Set App Permissions’ canvas app to be able to handle the situation.

    The example below (amusingly, in my opinion) is actually using the Microsoft CoE solution as an example, but this works with any canvas apps that are held within a solution (against, this heavily supports using solutions for ALL development items!).

    So, this is what the actual installed apps look like in this environment:

    As we can see, there are a lot of them! But what happens if I’m logged in as my regular user? What do I see if I go to the list of apps? Well, I’ll see the following:

    Now, as we can see, I’m able to see the model-driven app (as these aren’t hidden at all). But I’m not able to see ANY of the canvas app! So how can I get access to it, or share it with other users?

    Well, if I take a look at the solution itself, I can see the following when browsing to the list of apps (I’m really loving the new Solution Explorer layout, I’ll freely admit!):

    I can try to play the canvas app (in this case, the ‘Set App Permissions’ app) directly from the solution. But when I try to do this, I’ll get the following error message:

    Now, this is of course happening because I’m not the owner of the app, & the app hasn’t been shared with me at all. So really I was expecting this error to happen.

    However, if I take a look at the menu options displayed for me, I can see that the ‘Share’ option isn’t greyed out. I wonder what happens if I click it…

    Now this is EXCITING! When clicking the ‘Share’ option on the menu, I’m given the regular sharing screen, where I’m able to set app permissions. So it looks like I’m able to do something here. OK – let’s go ahead & try to share the app with my own user:

    So I’ve looked up my own user, and then clicked ‘Share’. This is what happens next…

    Exciting moment – will this work?

    Waiting with bated breath, and then…

    It’s worked! The app sharing has been successful with my user.

    Note: The example that I’m using here is with my own user account. However it doesn’t need to be – I can select any user account or AAD Security Group, and share accordingly.

    Going to my list of apps, I can now see that the app is showing up for me:

    Clicking the app to launch it presents me with the permissions dialogue, and having confirmed permissions, then launches it properly:

    So this is indeed a way in which it’s possible to share canvas apps with users and/or AAD security groups, even when a user isn’t the owner of the canvas app.

    It is important to note that the user carrying this out does need to have one of the following permissions in the environment:

    • System Customiser
    • System Administrator

    Without having one of these roles, it’s not going to be possible to carry out the above (mostly because it’s not possible to see solutions & dig down into them).

    This is a handy little trick that hopefully will help clear up one of the headaches when trying to share canvas apps! Of course it’s possible to use the Microsoft CoE tool to set app permissions, but if a customer doesn’t have it installed, then this would be another way to approach things.

    Have you ever had this issue? How did you go about solving it? I’d love to hear – please drop a comment below…