M365.FM - Modern work, security, and productivity with Microsoft 365

Compliance as Code: The Architect’s Blueprint for Automated Trust

1 h 13 min · 12. juli 2026
episode Compliance as Code: The Architect’s Blueprint for Automated Trust cover

Beskrivelse

Compliance has traditionally been treated as documentation. Policies live in PDFs, access reviews sit in spreadsheets, and governance depends on people remembering to follow processes. But cloud environments evolve every minute, making manual compliance impossible to maintain at enterprise scale. In this episode of the M365 FM Podcast, host Mirko Peters explores why the future of governance isn't more paperwork—it's Compliance as Code. This episode provides a complete architectural blueprint for building automated trust across Microsoft Azure and Microsoft 365 using Azure Policy, RBAC, Microsoft Entra ID Governance, Privileged Identity Management (PIM), Managed Identities, Azure Key Vault, Microsoft Purview, Infrastructure as Code, and Zero Trust principles. Rather than slowing developers down with manual approval processes, you'll learn how modern cloud platforms embed governance directly into infrastructure, allowing organizations to move faster while improving security and auditability. WHY MANUAL GOVERNANCE ALWAYS FAILS Traditional governance simply cannot keep pace with cloud deployment velocity. Developers deploy infrastructure within minutes while governance processes often require days of manual approvals. This gap creates configuration drift, excessive permissions, shadow IT, and security risks that remain invisible until an audit or security incident exposes them. The episode explains why compliance documents don't create compliance—automated enforcement does. Topics include: * Configuration drift * Shadow IT * Manual approvals * Audit readiness * Governance debt * Cloud compliance * Security posture * Continuous validation * Automation * Infrastructure governance RBAC VS AZURE POLICY: THE FOUNDATION OF MODERN GOVERNANCE One of the most misunderstood concepts in Azure governance is the relationship between RBAC and Azure Policy. RBAC answers one question: "Who is allowed to perform an action?" Azure Policy answers a completely different question: "What resources are allowed to exist?" The episode explains why confusing these two technologies creates fragile governance models that appear secure but fail in production. You'll learn how authorization and compliance work together to create layered security rather than overlapping controls. BUILDING THE GOVERNANCE STACK Modern governance isn't a single tool—it's an integrated architecture. The discussion walks through the complete governance stack, combining identity management, authorization, policy enforcement, monitoring, and continuous compliance into one cohesive platform. Key technologies include: * Microsoft Entra ID Governance * Azure RBAC * Azure Policy * Resource Locks * Azure Monitor * Log Analytics * Management Groups * Landing Zones * Policy Initiatives * Continuous Compliance Each layer solves a different governance challenge while working together to reduce operational risk. MANAGED IDENTITIES, KEY VAULT & ZERO TRUST One of the biggest security risks in modern cloud environments is long-lived credentials. The episode explores why Service Principals with client secrets are becoming obsolete and how Managed Identities eliminate entire categories of credential management problems. You'll discover how Azure Key Vault becomes the trust anchor for enterprise architectures by combining secret management, hardware-backed encryption, RBAC authorization, private endpoints, automated rotation, and policy enforcement. The discussion also explains why Zero Trust is no longer just a security framework—it is the operating model that governs every workload, identity, API, and deployment throughout the cloud platform. POLICY AS CODE & CONTINUOUS COMPLIANCE Compliance should never depend on someone logging into the Azure Portal. Instead, governance itself becomes version-controlled code managed through Git repositories, pull requests, CI/CD pipelines, automated testing, and Infrastructure as Code. The episode covers: * Policy as Code * Infrastructure as Code * Azure Policy * Bicep * Terraform * Git-based governance * Automated remediation * Drift detection * Deployment pipelines * Version-controlled compliance Rather than discovering configuration problems during quarterly audits, organizations continuously validate every deployment before it reaches production. DEVELOPER SELF-SERVICE WITHOUT LOSING CONTROL Many organizations believe developer productivity and governance are competing priorities. This episode challenges that assumption. Instead of slowing development with manual approval gates, platform engineering introduces "golden paths" where the easiest deployment path is also the most secure and compliant. Developers gain self-service infrastructure while Azure Policy, Infrastructure as Code, and automated pipelines enforce organizational standards behind the scenes. The result is faster delivery, lower operational risk, and significantly reduced governance overhead. PURVIEW, ENTRA & THE FUTURE OF COMPLIANCE Modern compliance extends beyond infrastructure. The conversation explores how Microsoft Purview and Azure Policy complement each other by governing both infrastructure configuration and sensitive data. You'll learn why organizations should design infrastructure governance, identity governance, and data governance together rather than treating them as isolated security projects. The episode also examines Microsoft's continued evolution toward continuous compliance, automated evidence generation, workload identity governance, and AI-assisted governance models that continuously validate cloud environments. WHO SHOULD LISTEN? This episode is ideal for: * Cloud Architects * Azure Architects * Security Architects * Platform Engineers * DevOps Engineers * Infrastructure Engineers * Compliance Officers * IT Decision Makers * Microsoft MVPs * Enterprise Architects * Anyone responsible for Azure governance Whether you're implementing Azure Policy, building Landing Zones, adopting Microsoft Entra ID Governance, securing workloads with Managed Identities, modernizing RBAC, or preparing your organization for continuous compliance, this episode provides a practical roadmap for building governance that scales with modern cloud platforms. If you want to replace manual compliance with automated trust and understand how Microsoft's cloud governance ecosystem fits together—from identity and infrastructure to policy, security, and continuous compliance—this episode delivers a comprehensive blueprint for designing secure, scalable, and future-ready enterprise environments. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Kommentarer

0

Vær den første til at kommentere

Tilmeld dig nu og bliv en del af M365.FM - Modern work, security, and productivity with Microsoft 365-fællesskabet!

Kom i gang

1 måned kun 9 kr.

Derefter 99 kr. / måned · Opsig når som helst.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

Alle episoder

711 episoder

episode Copilot Cowork - Simply Explained cover

Copilot Cowork - Simply Explained

Microsoft Copilot changed how we interact with AI by helping us summarize emails, draft documents, and answer questions. But there's still one major problem: you're responsible for connecting everything together. After Copilot generates content, you still have to coordinate meetings, send emails, update documents, assign tasks, and keep projects moving. Copilot Cowork solves that problem. Instead of helping with one task at a time, it accepts an entire business goal and executes the work across multiple Microsoft 365 applications while you focus on higher-value activities. Rather than acting like an assistant waiting for instructions, Cowork behaves like a digital teammate managing the coordination behind the scenes. WHY REGULAR COPILOT ISN'T ENOUGH Traditional Copilot excels at individual tasks. It can summarize conversations, generate presentations, write emails, or create Excel formulas within seconds. However, real work rarely consists of a single task. Most business processes involve multiple applications, several people, and a sequence of actions that require coordination. This orchestration often consumes far more time than generating the content itself. Copilot Cowork was built specifically to eliminate this coordination overhead by planning and executing entire workflows instead of individual prompts. WHAT MAKES COWORK DIFFERENT? Copilot Cowork is an AI agent powered by Microsoft's Work IQ platform that understands your emails, meetings, documents, conversations, and organizational context. Rather than asking for one prompt after another, you simply describe the outcome you want. Cowork determines the required steps, gathers the necessary information, works across Microsoft 365 applications, and executes the task in the background. Sensitive actions such as sending emails or scheduling meetings always require your approval before completion, ensuring you remain in control. HOW COWORK WORKS Think of Cowork as a project manager rather than a chatbot. You define the objective, while Cowork researches information, prepares documents, checks calendars, schedules meetings, drafts communications, and coordinates multiple Microsoft 365 services simultaneously. Unlike traditional Copilot, which requires your constant interaction, Cowork continues working while you're attending meetings, focusing on other projects, or even away from your computer. BUILT-IN SKILLS Copilot Cowork includes a growing collection of built-in skills covering the most common business activities. These include working with Word documents, Excel spreadsheets, PowerPoint presentations, PDFs, Outlook emails, Teams meetings, calendar scheduling, enterprise search, deep organizational research, daily briefings, and interactive Microsoft 365 experiences. The impressive part is that users never need to manually choose a skill. Cowork automatically selects the right capabilities based on the goal you've described and combines multiple skills whenever necessary. A REAL-WORLD EXAMPLE One of the best demonstrations of Cowork is the built-in "Organize My Week" experience. After a single request, Cowork reviews your calendar, analyzes meetings, identifies scheduling conflicts, checks attendee availability, recommends improvements, proposes new meetings, flags incomplete appointments, and prepares your upcoming week with minimal user interaction. Rather than simply displaying information, Cowork actively recommends improvements and carries them out after receiving your approval. GETTING STARTED Organizations need Microsoft 365 Business or Enterprise, a Microsoft 365 Copilot license, and access to Copilot Cowork through Microsoft's Frontier program where applicable. Files should be stored within OneDrive or SharePoint so Cowork can access organizational knowledge effectively. Administrators may also need to enable supporting services depending on their region and Microsoft 365 configuration. WHY COWORK MATTERS Copilot Cowork represents one of Microsoft's biggest shifts since the introduction of Microsoft 365 Copilot. Instead of simply helping employees create content faster, Cowork manages the coordination that typically consumes hours every week. It allows knowledge workers to spend less time organizing work and more time making decisions, solving problems, and delivering value. As Microsoft's AI platform continues evolving toward autonomous agents, Copilot Cowork provides an early glimpse into how future digital coworkers will become an everyday part of modern business productivity. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

12. juli 202613 min
episode Copilot Skills - Simply Explained cover

Copilot Skills - Simply Explained

Copilot Skills are one of Microsoft's most important AI building blocks, yet they're also one of the most misunderstood. Depending on which Microsoft product you're using, the same concept appears under different names, making it difficult to understand where everything fits together. At its core, a Copilot Skill is simply a reusable set of AI instructions. Instead of repeating the same prompt every day, you teach Copilot how to perform a specific task once, and it can automatically reuse those instructions whenever the situation matches. Think of it as creating a specialist that knows exactly how to complete one job consistently every single time. WHERE COPILOT SKILLS LIVE Microsoft currently offers three different places to create and manage skills. The easiest starting point is Copilot Chat, where the Agent Builder allows you to describe a task in plain English and automatically generates a complete skill. No coding, markdown, or configuration is required. For more advanced scenarios, Copilot Studio provides complete control over skill files, workflows, templates, and even Python scripts. Finally, Copilot Cowork stores skills as markdown files inside your OneDrive, allowing reusable business processes to be managed like documents while also performing automated quality checks after creation. CREATING YOUR FIRST SKILL Building a skill is surprisingly simple. You describe the task you want Copilot to perform, such as transforming messy meeting notes into structured summaries with action items and decisions. Copilot generates the skill, including its name, trigger description, instructions, and expected output format. After a quick review and some testing, the skill is ready to use repeatedly without having to recreate the prompt each time. For most users, this no-code approach is all that's needed to begin automating repetitive work. COPILOT STUDIO FOR ADVANCED SCENARIOS Copilot Studio takes skills much further by allowing developers and power users to package reusable expertise alongside supporting assets. Skills can include markdown instructions, templates, reference documents, and even Python scripts that execute calculations or process uploaded data. Studio also introduces workflows for scenarios that require approvals, deterministic processes, and enterprise automation. This makes Copilot Studio ideal for organizations building production-ready AI solutions rather than simple personal automations. HOW COWORK USES SKILLS Copilot Cowork approaches skills as reusable business procedures. Skills are stored inside OneDrive, making them easy to edit, version, and reuse across common business scenarios. Whether generating customer profiles, preparing reports, or processing meeting transcripts, Cowork repeatedly executes the same structured process using predefined instructions and templates. After every skill is created, Cowork evaluates trigger quality, instruction clarity, and robustness to help improve reliability before the skill is used in production. BUILDING HIGH-QUALITY SKILLS The best Copilot Skills share several common characteristics. They have clear, descriptive names, precise trigger conditions, concise instructions, and well-defined output formats. Good skills also define rules, exceptions, and edge cases while avoiding overlap with similar skills that could confuse the AI. Like any AI solution, skills improve through testing and iteration. Small adjustments to instructions often produce significantly better and more consistent results. SKILLS VS. INSTRUCTIONS VS. WORKFLOWS Understanding the distinction between these three concepts removes much of Microsoft's terminology confusion. Instructions define the agent's overall behavior and are always active. Skills provide reusable expertise for specific tasks and activate only when appropriate. Workflows enforce structured business processes with approvals, conditions, and guaranteed execution order. Together, these three layers allow organizations to create AI assistants that are both flexible and predictable while remaining easy to manage. WHY COPILOT SKILLS MATTER Copilot Skills transform AI from a conversational assistant into a repeatable business tool. Instead of writing the same prompts over and over again, organizations can package expertise once and reuse it across projects, teams, and workflows. Whether summarizing meetings, creating reports, processing customer information, or automating repetitive documentation, skills provide consistent, reliable results while dramatically reducing manual effort. As Microsoft continues expanding Copilot across Microsoft 365, mastering Skills will become one of the most valuable ways to standardize AI-powered work throughout the enterprise. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

12. juli 202613 min
episode Microsoft Scout - Simply Explained cover

Microsoft Scout - Simply Explained

Microsoft has introduced a growing family of AI assistants, and Microsoft Scout represents the next major step in that evolution. While Copilot helps when you ask questions and Cowork executes multi-step tasks, Scout introduces a completely different concept: an autonomous AI agent that proactively monitors your work and takes action on your behalf. Rather than waiting for prompts, Scout continuously observes events, prepares information, and automates recurring tasks in the background. UNDERSTANDING THE COPILOT FAMILY To understand Scout, it's important to understand Microsoft's three layers of AI. Traditional Microsoft Copilot is your on-demand assistant. You ask a question, summarize a document, or generate content, and Copilot responds instantly. Cowork expands on this by handling larger, multi-step tasks that can execute independently after receiving instructions. Scout belongs to Microsoft's new Autopilot category. Unlike Copilot or Cowork, Scout doesn't wait for instructions. It continuously monitors your environment, identifies opportunities to help, and proactively performs work when predefined conditions are met. A DIGITAL WORKER WITH ITS OWN IDENTITY One of Scout's biggest innovations is its own digital identity. Rather than acting directly as the user, Scout receives its own Entra ID identity with dedicated permissions. This allows administrators to precisely control what Scout can access, what actions it may perform, and to fully audit every activity it executes. Scout connects simultaneously to Microsoft 365 services, your local computer, and the web, giving it access to emails, calendars, Teams conversations, SharePoint documents, local files, and browser-based workflows while remaining fully governed by enterprise security policies. HOW SCOUT DIFFERS FROM COPILOT The distinction between Copilot and Scout is fundamental. Copilot requires a prompt before doing anything. Scout operates continuously based on schedules, triggers, and observed events. Copilot uses your identity while Scout operates under its own managed identity. Copilot sessions end when the conversation closes, whereas Scout continues working in the background around the clock. This transforms AI from being a tool you use into a digital coworker that actively works alongside you. REAL-WORLD USE CASES Scout is designed to automate repetitive knowledge work across Microsoft 365. It can prepare meeting briefs by gathering relevant emails, Teams chats, and documents before meetings. It can monitor important inboxes, draft responses, generate daily summaries, track overdue project actions, organize files, and proactively identify repetitive work that could be automated. Perhaps most impressively, Scout can analyze months of work history to identify recurring activities and recommend automations that could save significant amounts of time every year. It can also learn reusable "skills" that automate complex business processes with minimal user interaction. HOW SCOUT WORKS Scout runs as a desktop application while integrating deeply with Microsoft's cloud services. It uses browser automation for interacting with websites, local command execution for managing files and operating system tasks, and Microsoft's Work IQ technology to understand Microsoft 365 content and business context. Every sensitive action requires approval based on configurable security policies, ensuring organizations maintain full control while allowing Scout to automate trusted workflows safely. LICENSING AND AVAILABILITY At the moment, Scout is only available through Microsoft's private Frontier preview program. Organizations require Microsoft 365 Copilot licensing, GitHub Copilot Business or Enterprise licensing, and enrollment in the Frontier preview. Administrators must also configure device management policies before Scout can be deployed. Microsoft expects broader availability in the future, making Scout more of a glimpse into the future of enterprise AI than a generally available product today. WHY SCOUT MATTERS Scout signals Microsoft's transition from AI assistants toward autonomous AI workers. Future enterprise AI will increasingly consist of specialized agents that monitor workflows, execute recurring business processes, collaborate across applications, and operate under independent identities with enterprise governance. Understanding Scout today helps IT leaders prepare for tomorrow's AI-powered workplace, where multiple intelligent agents work alongside employees rather than simply responding to prompts. GETTING READY FOR THE FUTURE Organizations don't need Scout today to prepare for its arrival. The best first step is mastering Microsoft Copilot and Cowork while beginning conversations around AI governance, identity management, permissions, and autonomous workflows. Building reusable AI skills today creates the foundation for the autonomous agents Microsoft is clearly building toward. Scout demonstrates that the future of AI isn't simply asking better questions—it's creating intelligent digital workers that proactively help teams accomplish more while remaining secure, governed, and fully integrated into the Microsoft ecosystem. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

12. juli 202616 min
episode Compliance as Code: The Architect’s Blueprint for Automated Trust cover

Compliance as Code: The Architect’s Blueprint for Automated Trust

Compliance has traditionally been treated as documentation. Policies live in PDFs, access reviews sit in spreadsheets, and governance depends on people remembering to follow processes. But cloud environments evolve every minute, making manual compliance impossible to maintain at enterprise scale. In this episode of the M365 FM Podcast, host Mirko Peters explores why the future of governance isn't more paperwork—it's Compliance as Code. This episode provides a complete architectural blueprint for building automated trust across Microsoft Azure and Microsoft 365 using Azure Policy, RBAC, Microsoft Entra ID Governance, Privileged Identity Management (PIM), Managed Identities, Azure Key Vault, Microsoft Purview, Infrastructure as Code, and Zero Trust principles. Rather than slowing developers down with manual approval processes, you'll learn how modern cloud platforms embed governance directly into infrastructure, allowing organizations to move faster while improving security and auditability. WHY MANUAL GOVERNANCE ALWAYS FAILS Traditional governance simply cannot keep pace with cloud deployment velocity. Developers deploy infrastructure within minutes while governance processes often require days of manual approvals. This gap creates configuration drift, excessive permissions, shadow IT, and security risks that remain invisible until an audit or security incident exposes them. The episode explains why compliance documents don't create compliance—automated enforcement does. Topics include: * Configuration drift * Shadow IT * Manual approvals * Audit readiness * Governance debt * Cloud compliance * Security posture * Continuous validation * Automation * Infrastructure governance RBAC VS AZURE POLICY: THE FOUNDATION OF MODERN GOVERNANCE One of the most misunderstood concepts in Azure governance is the relationship between RBAC and Azure Policy. RBAC answers one question: "Who is allowed to perform an action?" Azure Policy answers a completely different question: "What resources are allowed to exist?" The episode explains why confusing these two technologies creates fragile governance models that appear secure but fail in production. You'll learn how authorization and compliance work together to create layered security rather than overlapping controls. BUILDING THE GOVERNANCE STACK Modern governance isn't a single tool—it's an integrated architecture. The discussion walks through the complete governance stack, combining identity management, authorization, policy enforcement, monitoring, and continuous compliance into one cohesive platform. Key technologies include: * Microsoft Entra ID Governance * Azure RBAC * Azure Policy * Resource Locks * Azure Monitor * Log Analytics * Management Groups * Landing Zones * Policy Initiatives * Continuous Compliance Each layer solves a different governance challenge while working together to reduce operational risk. MANAGED IDENTITIES, KEY VAULT & ZERO TRUST One of the biggest security risks in modern cloud environments is long-lived credentials. The episode explores why Service Principals with client secrets are becoming obsolete and how Managed Identities eliminate entire categories of credential management problems. You'll discover how Azure Key Vault becomes the trust anchor for enterprise architectures by combining secret management, hardware-backed encryption, RBAC authorization, private endpoints, automated rotation, and policy enforcement. The discussion also explains why Zero Trust is no longer just a security framework—it is the operating model that governs every workload, identity, API, and deployment throughout the cloud platform. POLICY AS CODE & CONTINUOUS COMPLIANCE Compliance should never depend on someone logging into the Azure Portal. Instead, governance itself becomes version-controlled code managed through Git repositories, pull requests, CI/CD pipelines, automated testing, and Infrastructure as Code. The episode covers: * Policy as Code * Infrastructure as Code * Azure Policy * Bicep * Terraform * Git-based governance * Automated remediation * Drift detection * Deployment pipelines * Version-controlled compliance Rather than discovering configuration problems during quarterly audits, organizations continuously validate every deployment before it reaches production. DEVELOPER SELF-SERVICE WITHOUT LOSING CONTROL Many organizations believe developer productivity and governance are competing priorities. This episode challenges that assumption. Instead of slowing development with manual approval gates, platform engineering introduces "golden paths" where the easiest deployment path is also the most secure and compliant. Developers gain self-service infrastructure while Azure Policy, Infrastructure as Code, and automated pipelines enforce organizational standards behind the scenes. The result is faster delivery, lower operational risk, and significantly reduced governance overhead. PURVIEW, ENTRA & THE FUTURE OF COMPLIANCE Modern compliance extends beyond infrastructure. The conversation explores how Microsoft Purview and Azure Policy complement each other by governing both infrastructure configuration and sensitive data. You'll learn why organizations should design infrastructure governance, identity governance, and data governance together rather than treating them as isolated security projects. The episode also examines Microsoft's continued evolution toward continuous compliance, automated evidence generation, workload identity governance, and AI-assisted governance models that continuously validate cloud environments. WHO SHOULD LISTEN? This episode is ideal for: * Cloud Architects * Azure Architects * Security Architects * Platform Engineers * DevOps Engineers * Infrastructure Engineers * Compliance Officers * IT Decision Makers * Microsoft MVPs * Enterprise Architects * Anyone responsible for Azure governance Whether you're implementing Azure Policy, building Landing Zones, adopting Microsoft Entra ID Governance, securing workloads with Managed Identities, modernizing RBAC, or preparing your organization for continuous compliance, this episode provides a practical roadmap for building governance that scales with modern cloud platforms. If you want to replace manual compliance with automated trust and understand how Microsoft's cloud governance ecosystem fits together—from identity and infrastructure to policy, security, and continuous compliance—this episode delivers a comprehensive blueprint for designing secure, scalable, and future-ready enterprise environments. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

12. juli 20261 h 13 min
episode Power Apps Code Apps - Simply Explained cover

Power Apps Code Apps - Simply Explained

Power Apps has traditionally been known for its low-code, drag-and-drop experience, allowing business users and citizen developers to build applications quickly using Power Fx. But Microsoft is introducing a new development model: Power Apps Code Apps. Rather than replacing Canvas Apps, Code Apps extend the platform by giving professional developers the ability to build fully custom applications using modern web technologies such as JavaScript, TypeScript, and React. Instead of designing interfaces visually, developers work inside Visual Studio Code while still deploying and managing their applications through Power Platform. The result is a familiar developer experience combined with enterprise-grade hosting, authentication, governance, and lifecycle management. CANVAS APPS VS. CODE APPS Canvas Apps remain the fastest way to build business applications with visual tools and Power Fx formulas. They're ideal for rapid development and business users who don't have a software engineering background. Code Apps, however, are designed for scenarios where complete control over the user interface is required. Developers can build custom React components, use their preferred JavaScript libraries, create sophisticated animations, implement advanced layouts, and leverage the entire Node.js ecosystem. The important takeaway is that both approaches ultimately run on the same Power Platform infrastructure. Authentication, deployment, security, and application management remain exactly the same. A MODERN DEVELOPER EXPERIENCE Developing a Code App feels much closer to building a traditional web application than creating a Canvas App. Developers use Visual Studio Code, Node.js, and the Power Platform CLI to scaffold projects, connect to environments, run applications locally with hot reload, and deploy directly into Power Apps. Once deployed, the application appears alongside Canvas Apps and can be managed using the same solutions, pipelines, and governance processes already familiar to Power Platform administrators. The overall workflow is surprisingly straightforward: * Initialize a Code App project * Develop locally with live reloading * Build the production package * Deploy directly into Power Apps FULL ACCESS TO MODERN WEB TECHNOLOGIES One of the biggest advantages of Code Apps is unrestricted access to modern web development. Developers can use React, TypeScript, HTML, CSS, npm packages, animation libraries, advanced charting frameworks, drag-and-drop components, and virtually any JavaScript ecosystem tool. This removes many of the UI limitations that Canvas Apps naturally impose while still benefiting from Power Platform's enterprise services. THE POWER APPS SDK The Power Apps SDK acts as the bridge between your custom React application and Power Platform services. Rather than manually writing authentication logic or REST API calls, the SDK generates strongly typed models and service classes for connected data sources. Developers can simply call generated functions to create, retrieve, update, or delete records while the SDK manages authentication, connector communication, serialization, and error handling behind the scenes. This dramatically simplifies development while maintaining the flexibility expected from modern web applications. CONNECTORS, DATA SOURCES, AND AUTOMATION Code Apps use the same connectors that already power Canvas Apps. Dataverse, SharePoint, SQL Server, Microsoft 365 services, and even Power Automate cloud flows can all be integrated into Code Apps. Developers add these data sources using the Power Platform CLI, which automatically generates strongly typed service files for interacting with each connector. Because the applications continue to run inside Power Platform, Data Loss Prevention policies, authentication, and connector restrictions are enforced exactly as they are for traditional Power Apps. GOVERNANCE AND LICENSING One common misconception is that Code Apps bypass Power Platform governance because they're built in Visual Studio Code. In reality, the opposite is true. Code Apps participate fully in solutions, deployment pipelines, audit logging, environment policies, Conditional Access, and Data Loss Prevention rules. Administrators still control where Code Apps can be deployed through environment settings. From a licensing perspective, Code Apps use the standard Power Apps Premium license. There is no additional licensing model specifically for Code Apps. HOW EVERYTHING FITS TOGETHER A Code App consists of three primary layers working together. The React application provides the user interface. The Power Apps SDK connects that interface to Power Platform services. Finally, Power Platform supplies authentication, hosting, connectors, Dataverse, governance, and security. This architecture allows developers to focus entirely on building rich user experiences while the platform handles the enterprise infrastructure automatically. GETTING STARTED If you're interested in exploring Code Apps, the first steps are straightforward. Enable the feature within your development environment, create a starter project using the Power Platform CLI, connect a data source, and begin experimenting with React-based development. AI coding assistants such as GitHub Copilot can further accelerate development by generating React components and helping developers build applications more quickly. For organizations already invested in Power Platform, Code Apps represent an evolution—not a replacement—of the existing ecosystem. They provide professional developers with complete front-end flexibility while preserving all of the governance, security, deployment, and management capabilities that make Power Platform attractive for enterprise development. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

12. juli 202614 min