Engineering fundamentals checklist for Power Platform enterprise development¶
Checklist follows the best practices outlined in the Microsoft Solutions Playbook's Engineering Fundamentals Checklist. It helps development teams implement essential engineering principles for enterprise development on the Power Platform. By adhering to these guidelines, teams can effectively build and deliver high-quality solutions.
Source Control¶
- Develop and implement a Power Platform solutions strategy for the project.
- Develop and implement a Power Platform environment strategy for the development team.
- Create an Azure DevOps repo or GitHub repo for each business application that targets a production environment. A business application may consist of one or more Power Platform solutions, and optional high-code assets.
- Deploy only managed solutions beyond development environments (Test, QA, Staging, Production etc.).
- A branching strategy is determined and documented, and all non-dev branches are secured to only accept changes via pull requests.
CI/CD¶
- A build and release pipeline/workflow is established for each Power Platform solution aimed at a production environment.
- Commits to the primary development branch are validated via automatic build pipeline/workflow.
- Commits to the primary testing branch trigger solution deployment via automatic build pipeline/workflow.
- Commits to the production branch trigger solution deployment via automatic build/release pipeline/workflow.
- Consider adopting the ALM Accelerator for Power Platform.
Testing¶
- Automated tests for supported components are integrated into build pipelines. For components that don't support automated tests, a thorough manual testing strategy is devised and documented.
Security¶
- Consider and agree on the requirement for Multi-factor Authentication (MFA) to Power Apps with Azure AD conditional access.
- When using Dataverse as part of the solution, discuss and develop security management approach with due considerations, but not limited, to the following;
- For Encryption key management, discuss pros and cons and agree with customer IT and security team on the management approach, either Microsoft Managed Key (MMK) or Customer-Managed Key (CMK).
- Manage user membership with Azure AD Group Teams.
- For integration points security with Dataverse, if possible use "server-side authentication" and application user.
- Refine user access authorization using Dataverse security measures such as Business Units, Security Roles, Access Teams, and Field Level Security.
Dataverse¶
- At the go-live stage, estimate the requirements for Database and File storage. If feasible, collaborate with the architect and IT administrator to predict the growth trajectory.
- Consider service protection API limits and its impacts in solution design.
- Discuss and implement data retention policy.
Developing Canvas Apps & Power Automate Cloud Flows¶
- Consider responsiveness principles and agree on form factors and target device(s) for the canvas app(s), consider using of responsive layouts container controls.
- Consider adopting the PowerApps Canvas app coding standards and guidelines whitepaper and customize it to meet the specific requirements of your project and customers.
- Implement error handling in Power automate cloud flows.
- During development, practice frequent use of,
- App checker in Maker studio for Power Apps.
- Flow Checker for Power Automate.
- Solution checker for Power Platform solutions.
Licensing¶
- For project team, assign appropriate Power Platform license for the development team during the project development**.
- Before UAT and go-live, it is crucial to comprehend the Power Platform License requirements for the different elements used in the target solution. The elements include Power Apps, Power Automate, Power Virtual Agent, Power Pages, and Dataverse storage requirements. Understanding these licensing aspects is essential for the target end-user groups.
- Assist procurement team and Microsoft reps if necessary in determining the right license SKUs on Production.
- Consider performance profiles for Power Automate, determine the required licensing accordingly.
- Take into account the API request limits and entitlements of the Power Platformwhen dealing with bulk data operations and integration requirements. These limits are crucial to consider while working on the solution.