From the course: Microsoft Power Platform Developer Associate (PL-400) Cert Prep

Design technical architecture

- [Instructor] Our first objective is to design the technical architecture for a solution. Understanding the architecture of Microsoft Power Platform control is imperative when designing solutions based on it. There are many elements to consider, such as environments and data location, working with data, custom logic, platform limits, and high availability and disaster recovery considerations. Our next objective is to design authentication and authorization strategy. Power Platform includes several services. Some of the security concepts apply to all of them, while other concepts are specific to individual services. Security concepts that are common to all Power Platform services include the Power Platform service architecture, or how information flows through the system, authenticating to Power Platform services, or how users gain access to services, connecting and authenticating to data sources, or how services connect to data sources and users gain access to data, and data storage in Power Platform, or how data is protected, whether it's at rest or in transit between systems and services. Up next, this objective is to determine whether requirements can be met with out-of-the-box functionality. The Power Platform provides excellent out-of-the-box features and it's often preferable to use these features where possible. However, there are times when custom features are required, and that's possible by creating the following. Dataverse Custom tables, custom connectors, Power Apps component framework, or PCF components, AI Builder models, the Dataverse Web API, and much more. Our next objective is to determine when to use Logic Apps versus Power Automate cloud flows. Both Power Automate and Azure Logic Apps provide the ability to automate your processes and integrate with Microsoft and third-party services. However, each service has unique advantages and it's crucial to know when to use each one. Here is a comparison of both services. Let's look into some of the differences. When it comes to users, Power Automate is intuitive and easy to use by anyone, including non-technical people, such as business users. However, Azure Logic Apps may require more technical expertise from users, such as professional developers. And for design tools, Power Automate is managed in browser and using the mobile app only using a UI. But with Azure Logic Apps, it's possible to also use a code view using Visual Studio Code or Visual Studio. This objective is to determine when to use serverless computing, plug-ins, or Power Automate. Leveraging serverless technologies, such as Azure Functions and Logic Apps, can provide the building blocks for APIs to connect to custom backends, services, or Dataverse that stores data across many applications. The benefits of serverless are that the services automatically provision, scale, and manage the infrastructure required to run the code. A plug-in is a custom event handler that executes in response to a specific event raised during processing of a Microsoft Dataverse data operation. Advantages of plug-ins are that they perform well, are powerful, and extend capabilities of Dataverse. And disadvantages of plug-ins are that they require development skills and, if poorly written, could cause significant impact on performance. Power Automate is an excellent low-code tool for automating business processes, which means it can be used by anyone from a basic business user to an IT professional. Flows have the following types. Cloud flows, which can be triggered either automatically, instantly, or via a schedule, desktop flows, which automate tasks on the web or the desktop, and business process flows, which provide a guide for people to get work done. And while Power Automate is an excellent tool, sometimes serverless computing or plug-ins offer extra features necessary. This objective is to determine when to use standard tables, virtual tables, or connectors. Dataverse is the cloud data platform for the Microsoft Power Platform that is easy to use, compliant, secure, scalable, and globally available. Dataverse has the following table types. Standard. Several standard tables, also known as out-of-the-box tables are included. Most of the standard tables included with Dataverse can be customized. Custom tables can also be created if required. And virtual. Virtual tables connect to data from an external data source, such as Microsoft Azure SQL Database or a SharePoint list. A connector is a proxy or a wrapper around an API that allows the underlying service to talk to Microsoft Power Automate, Microsoft Power Apps, and Azure Logic Apps. Popular connectors include Salesforce, Office 365, Twitter, Dropbox, Google Services, and more. This objective is to describe security capabilities of the Microsoft Power Platform, including data policies, or DLP, security roles, teams, business units, and row sharing. Securing the Power Platform is vital because the platform puts the power to quickly and easily create end-to-end solutions in the hands of non-professional and professional developers alike. Data loss prevention or DLP policies can be created to act as guardrails to help prevent users from unintentionally exposing organizational data. DLP policies can be scoped at the environment level or tenant level, offering flexibility to craft sensible policies that strike the right balance between protection and productivity. And DLP policies enforce rules for which connectors can be used together by classifying connectors as either business, non-business, or blocked. And DLP policies are created in the Power Platform admin center. Security roles define how different users access different types of records. To control access to data and resources, you can create or modify security roles and change the security roles that are assigned to your users. A user can have multiple security roles. Users are granted the privileges that are available in each role that's assigned to them. Managing user settings can be done in the Power Platform admin center. Within the portal, many features are available such as the following. Run diagnostics, manage security roles, refresh user, change position, change manager, reassign records, change business unit, and manage teams. A team is an easy way to share business objects and let you collaborate with other people across business units. Although a team belongs to one business unit, it can include users from other business units, and you can associate a user with more than one team. The following team types exist. Owner team. An owner team owns records and has security roles assigned to the team. Access team. An access team doesn't own records and doesn't have security roles assigned to the team. And Azure AD group team. Similar to owner teams, an Azure AD group team can own records and can have security roles assigned to the team. A business unit is a logical grouping of related business activities, so typically an organization's department or division. Users can securely access data in their own business unit, but they can't access data in other business units unless they are assigned a security role from that business unit. Business units, security roles, and users are linked together in a way that conforms to the role-based security model. Row sharing lets users give other users or teams access to specific information. For security reasons, develop the practice of sharing only the necessary records with the smallest set of users possible. Only grant the minimum access required for users to do their jobs.

Contents