Introducing Microsoft Flow Admin Center
Last week, we introduced environments for Microsoft Flow. In case you missed it, you can catch up by reading this blog post. With the General Availability of Microsoft Flow, we are also introducing a brand new admin center experience.
The Microsoft Flow Admin Center, (https://admin.flow.microsoft.com) allows you to create environments, manage permissions and set up Data Loss Prevention (DLP) policies, if you have admin privileges to an environment and a Microsoft Flow Plan 2. You can also find a link to the Flow admin center in the setting menu in the Flow portal. When you use the Microsoft Flow Admin Center, environments and policies that you create will also impact Microsoft PowerApps.
Creating a new environment
Environments provide data locality, an isolation boundary for all resources, and the ability to create data loss prevention policies. Creating a new environment is easy, click on the “+ New Environment” in the top right corner of the Admin Center. In the wizard, choose a name and region for your environment. Remember, all the resources created in each environment will be geo-located to the region where your environment was created. This can NOT be changed later.
When creating environments be sure to be aware of the limitations of environments — since they are an isolation boundary you can never reference different resources across environments. For example, you can only access the Common Data Service from the same environment as where the database is. As a result, be sure to create environments only where you need them.
Managing environment permissions
Administrators have control over who can administrate, and create new content inside of environments, as well as who have access to the Database.
Environments have two built-in roles that provide access to permissions within an environment. You can configure these roles on the Security tab when you select an environment.
- Environment Admin role can perform all administrative actions on an environment including the following:
- Add or remove a user or group from either the Environment Admin or Environment Maker role.
- Provision a Common Data Service database for the environment.
- View and manage all resources created within an environment.
- Set Data Loss Prevention policies
- Environment Maker role can create new resources within an environment including flows, connections, custom APIs, gateways, and apps using PowerApps.
NOTE: Users or groups assigned to these environment roles are not automatically given access to the environment’s database (if it exists) and must be given access separately by a Database owner. Users or security groups can be assigned to either of these two roles by another Environment Admin.
The User roles and Permission sets tabs are for configuring access to the Common Data Service at runtime.
The second tab in the Microsoft Flow Admin Center is for establishing data loss prevention policies. This allows admins to define which services specific business data can be shared with. For example, an organization that uses Flow may not want its business data that's stored in SharePoint to be automatically published to its Twitter feed. To prevent this, you can create a DLP policy that blocks SharePoint data from being used as the source for tweets. You can read more about how to set up Data loss prevention policies in this blog post.