3kites logo

With great power (apps) comes great responsibility says 3Kites

Let’s start with a quick review, at a very high level, of what the “Microsoft Power Platform” is. The Wikipedia definition is: “Microsoft Power Platform is a line of business intelligence, app development and app connectivity software applications”

So, what does this mean? Included as part of your Microsoft 365 subscription are tools which enable you to create complex reports, workflows, mobile/web applications and external portals/websites-all in a low code environment (we describe low code as a software tool that allows non-developers to create IT solutions). The below diagram shows the different products that make up the Power Platform:

Microsoft continues to add to this platform, with PowerBI as perhaps the tool that we are more commonly aware of. The use of these additional products (to provide services such as mobile/web applications, client portals and workflow) is becoming more established and importantly, third party products are looking to the Power Platform to enhance their own products capabilities. A key feature of this platform is that it is low code, thus removing the need for a developer to create reports, applications and web pages which can easily be shared within your firm and externally. It’s this ease of creation that introduces the risk – let’s discuss this in more depth.

Interest in utilising the Power Platform within professional services is on the rise, and in recent months we have seen solutions expanding beyond client reporting to client portals, administrative workflows, simple databases (such as Deals, Deeds and Wills systems) and client management systems. These may be standalone solutions, but additional “power” comes from linking to third party systems to expand upon the functionality of a product or to pull data from multiple sources into one report/application/view. In recent meetings with Document and Practice Management suppliers, the move to support and integrate with the Power Platform is evident with PowerBI increasingly being used as the approach to reporting and Power Apps providing functionality that is not available out of the box in some products. One practice management system provider has very recently changed its focus to PowerBI over its own purpose-built reporting tool.

So, what could go wrong? As mentioned earlier, the low code functionality opens the door beyond developers, anyone with an interest in IT can create an application or a report within the Power Platform and whilst this is a great strength, it also exposes several risks. The most common issue we have seen to date involves the ongoing management of items in the Power Platform, with multiple examples of reports that have been created without the knowledge of the IT/Reporting teams. If the original report creator leaves the firm, who then becomes responsible for maintenance of the report? This often results in a knock on the virtual door of the IT Team, with the expectation that they will assume responsibility for the report without any prior knowledge of its existence. In a number of instances, these reports have been shared with clients, putting teams under pressure to support what has become a standard report in the clients’ eyes.

The Power Platform is open to anyone with an Office/Microsoft 365 account, and in most firms now that means pretty much anyone within the firm could start to create reports, applications or workflows. We are not proposing that access to these tools is blocked, but instead awareness is raised of how they should be managed and in some cases access to certain databases blocked. In the same way that firms have grappled with policies for the use of SharePoint and now Teams, something similar is needed with the Power Platform. Key questions to consider are:

  • If a workflow or a report is intended for personal use, is this a problem?
  • Should departments be responsible for maintenance of workflows they have created rather than business support teams?
  • Should Power Platform products be shared with clients?
  • Should a central repository of selected developed solutions be maintained?
  • Should any Power Platform products be reviewed and signed off by a central team before they are used?
  • If useful solutions are being built, how is knowledge of these shared to save recreating the wheel?
  • Are new repositories of data being created which may contradict other data sources (how to ensure a single version of the truth is maintained)?
  • If linking to data sources, are they being interpreted incorrectly?

Whilst developers are not necessary in a low code environment, a developer (or similar) who understands the firm’s processes, data and database structures can add significant value to any solution being considered. Misinterpretation of the data is perhaps the biggest risk in any developed solution. Full access to all pertinent information is required to ensure correct decisions/assumptions are being made.

Before starting to utilise any of the Power Platform products, licensing is a further consideration (which won’t come as a surprise to anyone with Microsoft Licensing experience). There are lots of components to the Power Platform, and whilst Microsoft provides access as part of a Microsoft 365 subscription, those wishing to expand functionality for exampling linking to an external database, may find additional licenses or usage costs are required.

The purpose of this article is not to cast a negative light on the Power Platform (or other low code products) – if used correctly, it has the potential to enhance business processes and allow firms to utilise its data further. However, without considering how to utilise these tools responsibly it could quickly become a considerable web to entangle.

3kites logo
Independent consultants to the professional services sector.