This article is just a list of recommended best practices for the Default environment curated from other Power Platform sites.
What makes the Default Environment so special?
A single default environment is automatically created by Power Apps for each tenant and shared by all users in that tenant.
Users with a standard Power Apps/Power Automate license always have access to the default environment with the role Environment Maker.
Users cannot be blocked from creating apps or flows so it is important to restrict their capabilities prior to giving them access.
The default environment cannot be deleted.
You can rename it to something more suitable, such as Personal Productivity
, and it is recommended to rename the default environment as soon as possible.
For more information, see Defining a Power Platform Environment Strategy | Microsoft Learn.
Rename the default environment.
Navigate to the Power Platform Admin Center, click on Environments and select the default environment – the Type will be set to Default
.
Click Edit and then set the Name to Personal Productivity
and click Save.
It will probably take several minutes to make the change, but once done, you should see the new name reflected when viewing a list of environments.
Apply a restrictive DLP policy to the default environment.
Navigate to the Power Platform Admin Center, expand Policies and click Data Policies.
Click + New Policy.
I named my policy after the default
environment, as a reminder to myself that this policy should only be applied to the default
environment.
Move all non-blockable connectors to the business category.
Filter the Non-business connectors to only show non-blockable connectors.
Select all the connectors and then click Move to Business.
Move all blockable connectors to the blocked category.
Click Clear all filters and you will be left with all blockable connectors.
Select all the connectors and then click Block.
Set default group to blocked.
Click Set default group, select Blocked and click Apply.
Assign to default environment.
On the Scope screen select Add multiple environments and click Next.
Select the default
environment and click Add to policy.
Click Next.
Review the policy and then click Create policy.
Your Default Environment is now locked down and ready for Users!
For more information, see 8 Power Platform DLP Policy Best Practices (matthewdevaney.com) by Matthew Devaney.
Please share any other best practices that you are aware of in the comments section!
Thanks!
Discover more from Matt Ruma
Subscribe to get the latest posts sent to your email.