Tim Coalson is a Senior Consultant in the Transformation Practice at ThreeWill. Tim has been developing solutions on the SharePoint platform for over 15 years and has been a developer/consultant for over 30 years. Tim has been involved in migrating SharePoint on-premises farms to the Microsoft Cloud, Power Apps, and Power Automate (aka Flow) which are part of the Microsoft no code/low code solutions.
Top 5 Things I Learned From the Rencore Governance Tool
Before I share my Top 5, I have a confession to make. If you asked me to list my Top 100 or even Top 1000 areas of interest, Governance would not be included in either list. I would rate governance just after “pulling weeds in the garden” in my list of interesting things to do.
However, circumstances recently led me to review the ThreeWill M365 tenant through the lens of the Rencore Governance tool and I have to say that I found some interesting and even surprising things that I’d like to share. Maybe you will be intrigued enough to download a trial version of the Rencore Governance tool and see if you have similar surprises in your own M365 tenant or at least review the various Admin Centers in your tenant to discover what you can.
1. There are a lot of unused Flows in our tenant (Power Automate)
With new technologies, people often want to try things out so they create things but don’t clean them up when they are finished with them. Or sometimes things are created for a specific purpose that has a short duration. When these artifacts are not cleaned up when their usefulness has expired, this can lead to a lot of clutter. This makes it difficult to know what is really needed and what is not.
Here’s an example of the Power Automate Dashboard where “Unused Flows” is just one of many pieces of information that are surfaced through the Governance tool. From the screenshot below, you can see there are 84 flows that meet the criteria for “unused flows”.
I can click on the number and drill-down to see information about the 83 unused flows.
Next, click on a single flow and drill down into the details and see the number of owners, connections, actions, triggers, etc. I can also see what other compliance checks this flow either passed or failed.
2. There are several Flows using a premium license in our tenant
Licensing is generally a concern within a tenant. Premium licenses are more expensive so it’s helpful to know when premium licenses are being used. Here’s one of the widgets on the Cost Dashboard that shows the number of flows using premium licenses.
When I click on the “3” under the “Violations found” header to drill down, I see the 3 flows using premium license along with the date they were created, the Creator, the current State, and the Last modified date. Additional columns are available to be displayed by clicking on the Columns drop-down.
I can next click on the name of a Flow to see the details
I can now see that this flow is using a Microsoft Dataverse connection which is considered a premium connector. Then I follow up with Mike to see if this is really needed. In fact, I can create an Automation that will automatically email Mike and request he takes a look at this to see if it is still necessary. Automations are a nice feature provided by Rencore where you can automatically take an action on any check (governance policy) that gets violated. There are a number of automation actions including sending an email, sending a message to a Teams channel, set visibility of a group, send HTTP Requests, and Trigger an Azure Function.
3. We have a lot of external users
I guess this should come as no surprise. We are a consulting firm that works with many different clients and to effectively work with these clients we need to collaborate. So, we invite our clients who are “external users” to participate in our Teams.
You can click on the “Total” header and drill-down to view the specific Teams. Since this is our Production tenant, I won’t do that here. There are also other views related to external users. They include the total number of external users, groups with external users, and externally shared files. These all represent a potential vulnerability. It is good to manage and remove access when it is no longer needed.
4. We have a lot of Unused SharePoint Sites
For ThreeWill, this is not unexpected. We have a naming convention for our sites that allows us to know if this is expected or not.
Again, I won’t drill down to look at the specific sites but this is possible. You can see the name of the site, the URL, the SharePoint template, and the associated Group Id if the SharePoint site is associated with an M365 group.
Unused SharePoint sites can pose some liability if they contain sensitive documents. We see this a lot when we do migrations. Wading through a lot of unused sites to determine if they need to be retained in the migration is costly. Deleting unused sites when possible is definitely the best option.
5. We have Power Apps using premium APIs
Similar to Power Automate (Flows) using premium connectors, Power Apps can leverage premium APIs which has additional licensing costs.
I can click on the “Total” header to see the 15 violations or 15 Power Apps using premium APIs
Then drill down into each app to see the details of the app by clicking on the app name.
Then I can create automation and send an email to the owner to question the use of a Premium API.
First, I hope that you recognize through these examples the need for Governance. Security, Costs, and Clutter are 3 areas that we’ve touched on with these 5 examples. So, there is a need to monitor these areas on a regular basis to ensure you are not losing control of your tenant. Second, I hope you can see the value of a Governance tool such as the Rencore Governance tool to help surface the content of the various services in a simple and organized User Interface. In addition to surfacing this content based on out-of-the-box or custom checks you configure, take action when a check is violated by leveraging the Automation portion of the governance tool. Whether you choose to use a tool or not, these are areas that deserve some attention. Many times some action is required to resolve unnecessary security risks, expenses, and clutter.
Let us know if ThreeWill can help you create your own governance plan and, where desired, configure a tool to simplify the time and effort to enforce this plan by reviewing the data and taking appropriate action!
To learn more about the ThreeWill and Rencore partnership click here.