Managing Environments in Power Platform - Risk Management Part-2

Environment in Power Platform is where you would store, share and manage your business data, Dynamics 365 and Portal apps, Power Automate flows, chatbots and connections. It is important to understand, control and manage your environments. This blogs provides some of the considerations in environment management for Power Platform / Dynamics 365 - Dataverse. The focus of this blog is on environments with Dynamics 365 apps & Dataverse database.

1. Environment Scope - Each Power Platform environment is created in the Azure AD tenant and bound to a geo location. Only users within the AD tenant can access the environment. An environment may only have a single Dataverse database.

Typically you will have multiple environments - Dev / Test / Staging / Production. Each environment will have its own Dataverse database. Any Power platform resource - app, chatbot, portal apps created within the environment will only connect to the environments Dataverse database. You can move, migrate solution and data from one environment to another. The data is stored in the environment's geo location data centers. This is important to know when storing customer data.

Environment and Tenant

2. Environment Types - The system will create a default environment. The default environment should not be used for building any Power Platform resource. Admin users can create multiple environments of type Sandbox. A sandbox environment can be converted to a type Production. You can have multiple Production environment within a Tenant. A production environment can also be converted to sandbox.

In addition there are other type of environment - Trial environment which are active for 30 days, developer environment for personal dev use and Microsoft Dataverse for Teams environment.

3. Environment Security Access -

To add a user to an environment the user needs to be added in the Azure AD Tenant, provisioned a license and also given the correct security role to access the data in the environment. There are 2 main roles Environment Admin and Environment Maker for Environments that do not have a Dataverse database.

Environments with Dataverse database have the following roles - 

Security Roles

The security roles can be assigned to a user, owner team and Azure AD group team. The Azure AD Group team can be Security or Office group team. The Azure AD groups can be used to manage licensed users apps and data access.  

4. Environment Backup and Restore - The system backs up all environments except Trial environment. The difference is only in how long the backups are stored. The Production environment backup with Dynamics 365 Apps are stored for 28 days. All other environments backups are stored for 7 days.

The backup is a continuous backup using Azure SQL Database. You can also do manual backups. You cannot download the backup. There are other options to download Dynamics 365 data such as using data migration. 

You can only restore a backup to a non production environment. To restore to a Production environment first convert the Production environment to Sandbox and than do the restore.

I hope the above helps you to understand and manage the Power Platform Environments with Dynamics 365 apps. Let me know if you have any questions. Thanks for reading. 

@mihircrm

365WithoutCode