M365.FM - Modern work, security, and productivity with Microsoft 365

Canvas Apps vs Model-Driven Apps - Simply Explained

15 min · I går
episode Canvas Apps vs Model-Driven Apps - Simply Explained cover

Description

Microsoft Power Apps offers two primary ways to build business applications: Canvas Apps and Model-Driven Apps. At first glance they may appear similar, but they are designed for very different scenarios. Choosing the wrong app type can lead to unnecessary complexity, expensive redesigns, and weeks of additional work. In this episode, we explain the differences in plain English, helping you understand when to choose each approach and why the decision is based on your business requirements—not on how the app looks. Whether you're a Power Platform beginner, citizen developer, or enterprise architect, this episode gives you a practical framework for selecting the right tool for your next project.   UNDERSTANDING THE FUNDAMENTAL DIFFERENCE  The biggest difference between Canvas Apps and Model-Driven Apps isn't the user interface—it's where development begins. Canvas Apps start with the user experience. You begin with a blank screen and design every button, image, form, and navigation element yourself before connecting data. Model-Driven Apps take the opposite approach. They begin with your business data model in Microsoft Dataverse, automatically generating forms, views, dashboards, and navigation based on your data structure. One is design-first, while the other is data-first, and that single difference influences every design decision that follows. CANVAS APPS – COMPLETE DESIGN FREEDOM Canvas Apps provide maximum flexibility for creating custom user experiences. Developers can design every screen exactly as they want while connecting to hundreds of different data sources including SharePoint, Excel, SQL Server, Salesforce, Microsoft Dataverse, and many other systems. This makes Canvas Apps ideal for mobile-first applications, inspection forms, approval processes, dashboards, field service solutions, and task-focused business apps where branding, usability, and custom layouts are critical. The trade-off is that developers are responsible for building navigation, validation, business logic, and user interactions themselves. MODEL-DRIVEN APPS – DATA COMES FIRST Model-Driven Apps are built around Microsoft Dataverse and automatically generate a professional business application from your data model. Instead of designing screens manually, you define tables, relationships, security roles, and business rules. Power Apps then creates forms, views, navigation, dashboards, and responsive layouts automatically. This approach is ideal for enterprise applications such as CRM systems, case management, project tracking, compliance solutions, and business process automation where structured data, governance, and consistency are more important than visual customization. REAL-WORLD USE CASES Canvas Apps excel when users need highly customized interfaces, mobile experiences, offline capabilities, or applications that combine information from multiple external systems. Model-Driven Apps perform best when organizations require centralized business data, complex relationships, role-based security, auditing, and standardized business processes. Instead of asking which app type is better, organizations should focus on which business problem they are solving, because each platform has been optimized for a different category of application. LICENSING CONSIDERATIONS Licensing is another important factor when selecting an app type. Canvas Apps using only standard Microsoft 365 connectors such as SharePoint, Excel, Outlook, and OneDrive are often included within existing Microsoft 365 subscriptions. However, once an app uses Microsoft Dataverse or premium connectors, premium Power Apps licensing is required. Since Model-Driven Apps always rely on Dataverse, they require premium licensing by design. Understanding these licensing differences helps organizations avoid unexpected costs while planning new Power Platform solutions. THE HYBRID APPROACH Many successful organizations don't choose one app type—they combine both. A common architecture uses a Model-Driven App as the enterprise system of record while embedding Canvas Apps for specialized user experiences such as mobile inspections, guided workflows, or simplified data entry screens. Power Automate connects both environments, allowing organizations to combine enterprise governance with exceptional user experiences while keeping all business data centralized inside Microsoft Dataverse. A SIMPLE DECISION FRAMEWORK Choosing the correct app becomes much easier by asking four simple questions. Does your solution require Microsoft Dataverse? Is the primary focus user experience or business data? Do you need enterprise capabilities such as auditing, security roles, and business process flows? Finally, what licensing already exists within your organization? Answering these questions quickly identifies which Power Apps approach best fits your technical requirements, business goals, and budget without relying on guesswork. COMMON MISTAKES TO AVOID Many beginners select Canvas Apps simply because they enjoy designing interfaces, only to discover later that they need enterprise governance, auditing, or complex business processes that Model-Driven Apps provide automatically. Others choose Model-Driven Apps expecting unlimited design flexibility, only to find themselves fighting the platform's standardized interface. Understanding the strengths and limitations of both approaches before starting a project can prevent expensive redesigns and significantly improve long-term maintainability. KEY TAKEAWAYS Canvas Apps and Model-Driven Apps are not competing technologies—they solve different business challenges. Canvas Apps prioritize flexibility, user experience, and custom design across multiple data sources. Model-Driven Apps prioritize structured business data, governance, automation, and enterprise scalability through Microsoft Dataverse. Many of the best Power Platform solutions combine both approaches, allowing organizations to deliver exceptional user experiences while maintaining secure, scalable, and well-governed business applications. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Comments

0

Be the first to comment

Sign up now and become a member of the M365.FM - Modern work, security, and productivity with Microsoft 365 community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

763 episodes

episode Azure Front Door - Simply Explained artwork

Azure Front Door - Simply Explained

Building a website that performs well for users around the world is far more challenging than simply deploying a web application to Azure. A server hosted in North America may respond quickly for users nearby, but visitors in Europe, Asia, or Australia experience significantly higher latency. Add traffic spikes, regional outages, or cyberattacks into the mix, and maintaining a fast, reliable online experience becomes even more difficult. In this episode of m365.fm, we explain Azure Front Door in plain English and show how Microsoft's global edge network delivers faster websites, intelligent traffic routing, built-in security, and high availability from a single cloud-native service. Whether you're hosting APIs, web applications, or global e-commerce platforms, Azure Front Door helps ensure every user connects to the best possible backend automatically. WHY GLOBAL TRAFFIC NEEDS INTELLIGENT ROUTING Traditional web applications often rely on a single hosting location, forcing users around the world to access the same backend regardless of where they're located. We explain why long internet routes increase latency, reduce application performance, and negatively impact customer experience. You'll learn how Azure Front Door acts as a global traffic manager operating at Layer 7, understanding HTTP and HTTPS requests rather than simply forwarding packets. Using Microsoft's worldwide edge network with more than 210 Points of Presence across over 130 metropolitan areas, Azure Front Door routes every request onto Microsoft's private backbone, dramatically reducing latency while improving reliability and user experience across the globe.  HIGH AVAILABILITY, LOAD BALANCING, AND SMART ROUTING Azure Front Door continuously monitors your applications and automatically routes traffic to the healthiest and fastest backend. This episode explains Origin Groups, health probes, latency-based routing, weighted routing, priority routing, failover, caching, and Microsoft's three-layer resiliency architecture that keeps applications online even during regional outages. We also explore how Front Door automatically redirects users when servers become unavailable, distributes traffic across multiple Azure regions, and accelerates both static and dynamic content through intelligent edge caching. By combining global load balancing with Microsoft's private network, Azure Front Door helps organizations deliver fast, resilient applications without managing complex networking infrastructure themselves.  BUILT-IN SECURITY AT THE EDGE Performance is only part of the story—Azure Front Door also provides enterprise-grade security before requests ever reach your applications. Learn how the integrated Web Application Firewall (WAF) protects against SQL injection, Cross-Site Scripting (XSS), bots, DDoS attacks, and many other common web threats. We compare Azure Front Door Standard and Premium, explaining managed WAF rules, Microsoft Threat Intelligence, bot protection, Private Link integration, custom security policies, geographic filtering, and Zero Trust principles. You'll discover how security at Microsoft's global edge significantly reduces risk while keeping your backend infrastructure hidden from direct internet exposure.  WHEN TO USE AZURE FRONT DOOR The episode concludes with practical guidance for selecting the right Azure Front Door tier and understanding where it fits within modern cloud architectures. We compare Azure Front Door with Azure CDN and traditional load balancers, discuss pricing considerations, explain caching strategies, and explore real-world deployment scenarios including global e-commerce platforms, SaaS applications, APIs, and enterprise websites. Whether you're deploying a single web application or building globally distributed cloud services, this episode provides the practical foundation needed to understand Azure Front Door and build secure, highly available, and high-performance applications that deliver exceptional user experiences anywhere in the world. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

16. juli 202617 min
episode Azure Virtual WAN - Simply Explained artwork

Azure Virtual WAN - Simply Explained

Building a global Azure network manually becomes increasingly difficult as your organization grows. What starts as a simple hub-and-spoke deployment quickly turns into a maze of virtual network peerings, route tables, VPN gateways, firewall rules, and regional connectivity challenges. Every new Azure region introduces additional complexity, making network management harder, slower, and more expensive. In this episode of m365.fm, we explain Azure Virtual WAN in plain English and show how Microsoft's managed networking platform simplifies global connectivity by replacing complex manual networking with an intelligent cloud-native backbone. Whether you're connecting branch offices, remote users, data centers, or Azure workloads across multiple regions, Azure Virtual WAN provides a scalable networking foundation built for modern enterprises.  WHY TRADITIONAL HUB-AND-SPOKE REACHES ITS LIMITS Hub-and-spoke architecture remains an excellent networking model for smaller Azure environments, but as organizations expand globally, maintaining hundreds of peerings, user-defined routes, firewall policies, and VPN gateways becomes increasingly difficult. We explain why traditional networking creates operational overhead, how routing complexity grows exponentially with every new region, and why many large enterprises eventually struggle to manage their Azure connectivity. Through practical examples, you'll understand why Azure Virtual WAN was designed to eliminate manual networking tasks while preserving centralized security, routing, and governance across geographically distributed Azure environments. VIRTUAL HUBS, MICROSOFT'S GLOBAL BACKBONE, AND CONNECTIVITY At the heart of Azure Virtual WAN are Virtual Hubs—Microsoft-managed regional networking hubs that automatically connect your virtual networks, branch offices, ExpressRoute circuits, VPN gateways, and remote users through Microsoft's global private backbone. This episode explains the Virtual WAN resource, Virtual Hubs, spoke virtual networks, Site-to-Site VPN, Point-to-Site VPN, ExpressRoute, Microsoft Entra ID authentication, and automatic inter-hub routing using simple analogies that make enterprise networking easy to understand. Instead of manually configuring dozens of peerings and routing tables, Azure Virtual WAN allows organizations to connect each workload once while Microsoft manages the global routing infrastructure automatically. BUILT-IN ROUTING, SECURITY, AND AZURE FIREWALL INTEGRATION Azure Virtual WAN doesn't just simplify connectivity—it also simplifies security. Learn how Routing Intent automatically directs traffic through Azure Firewall or supported third-party next-generation firewalls without requiring complex User Defined Routes (UDRs). We explain secured Virtual Hubs, Azure Firewall integration, IPsec encryption, ExpressRoute, Azure Firewall Manager, Zero Trust networking principles, and centralized policy management across multiple Azure regions. You'll discover how Virtual WAN creates a globally consistent security model where routing, inspection, and policy enforcement are managed centrally rather than separately for every virtual network. WHEN TO USE AZURE VIRTUAL WAN The episode concludes by comparing Azure Virtual WAN with traditional Hub-and-Spoke networking and helping you choose the right architecture for your environment. We discuss deployment scenarios including global retailers, multinational enterprises, remote workforces, hybrid cloud environments, MPLS replacement projects, and cloud-first organizations expanding into multiple Azure regions. We also cover migration strategies, Virtual WAN Standard versus Basic, operational cost savings, Microsoft Learn resources, and practical deployment recommendations. Whether you're designing a new enterprise Azure network or modernizing an existing cloud infrastructure, this episode provides the practical knowledge needed to understand when Azure Virtual WAN becomes the right architectural choice—and how it helps organizations scale global networking without scaling operational complexity. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

16. juli 202614 min
episode Azure Firewall - Simply Explained artwork

Azure Firewall - Simply Explained

Securing a traditional office network was relatively straightforward—you installed a physical firewall at the edge of your network and inspected everything entering or leaving your building. But cloud computing completely changes that model. Applications are distributed across regions, users connect from anywhere in the world, and workloads communicate constantly with each other. In this episode of m365.fm, we explain Azure Firewall in plain English and show why Microsoft built a cloud-native firewall service specifically for modern Azure environments. You'll learn what Azure Firewall actually does, how it differs from traditional hardware firewalls, and how it provides centralized security, traffic inspection, and threat protection across your entire Azure infrastructure. Whether you're new to Azure networking or preparing for Microsoft certifications, this episode gives you a practical understanding of one of Azure's most important security services. WHY CLOUD FIREWALLS ARE DIFFERENT Traditional firewalls were designed for a world where organizations had a single office, one internet connection, and one network perimeter. Azure environments work differently. Applications are spread across multiple virtual networks, cloud regions, hybrid environments, and internet-facing services. We explain the difference between north-south traffic flowing between Azure and the internet and east-west traffic moving between workloads inside your Azure environment. You'll discover why inspecting both traffic directions is essential for preventing attackers from moving laterally through your infrastructure and why Azure Firewall eliminates the need to maintain physical appliances or virtual firewall servers. AZURE FIREWALL ARCHITECTURE, RULES, AND DEPLOYMENT Azure Firewall is a fully managed Firewall-as-a-Service (FWaaS) platform that automatically scales, provides built-in high availability, and integrates directly into Azure networking. This episode explains the three Azure Firewall SKUs—Basic, Standard, and Premium—and helps you understand when each is appropriate. We also explore hub-and-spoke architecture, Virtual WAN integration, NAT rules, network rules, application rules, Rule Collection Groups, IP Groups, routing, and centralized policy management. Through practical examples, you'll learn how Azure Firewall becomes the central inspection point for your Azure environment while simplifying enterprise-scale network security administration. ADVANCED SECURITY FEATURES AND THREAT PROTECTION Azure Firewall offers much more than simple packet filtering. We explain Microsoft's Threat Intelligence integration, Intrusion Detection and Prevention System (IDPS), TLS inspection, URL filtering, web category filtering, custom DNS, and continuously updated threat signatures that help protect organizations against modern cyberattacks. You'll learn how Azure Firewall detects malicious IP addresses, blocks known attack patterns such as SQL injection and malware callbacks, and inspects encrypted HTTPS traffic without requiring administrators to manually update security signatures. These capabilities create multiple layers of defense that work together to protect Azure workloads against evolving threats. BUILDING A MODERN CLOUD SECURITY PLATFORM The episode concludes with practical guidance for implementing Azure Firewall efficiently while balancing security, performance, and operational costs. Learn why hub-and-spoke networking has become Microsoft's recommended architecture, how Azure Firewall Manager simplifies centralized policy management across multiple regions, and how Log Analytics Basic tables, Azure Automation, and private endpoints help reduce ongoing operational costs. We also discuss best practices for selecting the appropriate firewall SKU, enabling Threat Intelligence in alert mode before moving to enforcement, and designing routing so that all traffic is inspected consistently. Whether you're protecting a small Azure deployment or building an enterprise-scale cloud platform, this episode provides the practical foundation needed to deploy Azure Firewall with confidence. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

16. juli 202613 min
episode Azure Bastion - Simply Explained artwork

Azure Bastion - Simply Explained

Secure remote access is one of the biggest challenges in cloud infrastructure. For years, administrators connected to Azure virtual machines by assigning public IP addresses and opening RDP or SSH ports to the internet—or by maintaining jump boxes that required constant patching, monitoring, and hardening. While these approaches worked, they also created significant security risks and operational overhead. In this episode of m365.fm, we explain Azure Bastion in plain English and show how it provides secure, browser-based RDP and SSH access without exposing your virtual machines to the public internet. You'll learn why Azure Bastion has become a key building block of Microsoft's Zero Trust strategy and how it dramatically simplifies secure remote administration across Azure environments. WHY TRADITIONAL REMOTE ACCESS IS NO LONGER ENOUGH Public IP addresses and open management ports remain some of the most common attack vectors in cloud environments. We explain why traditional jump boxes create operational complexity, require continuous maintenance, and still expose organizations to unnecessary risk despite firewalls and network security groups. You'll discover how ransomware groups continuously scan for exposed RDP services, why maintaining hardened jump servers becomes increasingly difficult at scale, and how Azure Bastion eliminates these challenges by removing public endpoints entirely while providing secure, encrypted administrative access through the Azure platform. HOW AZURE BASTION WORKS Azure Bastion is a fully managed Platform-as-a-Service (PaaS) offering that provides secure RDP and SSH connectivity over HTTPS without requiring public IP addresses on your virtual machines. This episode explores the AzureBastionSubnet architecture, browser-based connections, TLS encryption, private virtual network communication, support for peered virtual networks, ExpressRoute, VPN connectivity, and network security best practices. We explain how Bastion creates a secure management tunnel while keeping your virtual machines completely isolated from direct internet access. By removing exposed management ports, organizations significantly reduce their attack surface without sacrificing administrator productivity. MICROSOFT ENTRA ID, ZERO TRUST, AND MODERN SECURITY One of the biggest advancements in Azure Bastion is its integration with Microsoft Entra ID. Learn how native Entra ID authentication replaces traditional local administrator accounts with centralized identity management, enabling Multi-Factor Authentication (MFA), Conditional Access, Privileged Identity Management (PIM), and Role-Based Access Control (RBAC) for Windows virtual machines. We explain the required Azure VM Login extensions, supported operating systems, Virtual Machine User Login and Virtual Machine Administrator Login roles, and why identity-based security aligns perfectly with Microsoft's Zero Trust architecture. You'll see how Azure Bastion shifts remote access away from network trust toward identity-based authorization backed by your organization's existing Microsoft security policies. CHOOSING THE RIGHT BASTION DEPLOYMENT The episode concludes with practical guidance for selecting the appropriate Azure Bastion deployment model. We compare the Developer, Basic, Standard, and Premium SKUs, discussing browser access, native client support, session recording, private-only deployments, file transfer capabilities, and pricing considerations. We also compare Azure Bastion with traditional jump boxes, highlighting the operational savings gained by eliminating virtual machine maintenance, patching, antivirus management, and infrastructure administration. Whether you're securing a handful of virtual machines or designing enterprise-scale Azure landing zones, this episode provides a practical roadmap for implementing Azure Bastion and modernizing remote administration using Microsoft's cloud-native security approach. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

16. juli 202611 min
episode Azure Landing Zones - Simply Explained artwork

Azure Landing Zones - Simply Explained

Building workloads in Azure is easy. Building an Azure environment that remains secure, scalable, compliant, and manageable for years is much harder. Without a solid foundation, organizations quickly end up with inconsistent subscriptions, overlapping networks, missing policies, unclear ownership, and rapidly increasing cloud costs. In this episode of m365.fm, we explain Azure Landing Zones in plain English and show why they have become Microsoft's recommended foundation for enterprise cloud adoption. You'll learn what a Landing Zone really is, why it isn't a product you simply deploy, and how it creates a governed platform that allows application teams to innovate without sacrificing security or operational control. Whether you're an Azure administrator, cloud architect, or IT leader, understanding Landing Zones is essential for building Azure environments that scale successfully. WHAT AN AZURE LANDING ZONE REALLY IS Despite the name, Azure Landing Zones are not a single Azure service. They are a pre-configured cloud environment where networking, identity, governance, monitoring, and security are already established before the first workload is deployed. We explain why subscriptions—not resource groups—form the primary isolation boundary, how Management Groups organize Azure environments at scale, and why Azure Policy enforces organizational standards automatically instead of relying on documentation or manual reviews. You'll discover how guardrails such as allowed regions, mandatory tagging, diagnostic settings, and security baselines are inherited across your Azure hierarchy, creating governance that is built directly into the platform.  THE EIGHT DESIGN AREAS EXPLAINED Microsoft's Cloud Adoption Framework defines eight core design areas that together form a complete Landing Zone architecture. This episode breaks down identity and Microsoft Entra ID, billing and subscription design, Management Groups, networking, security, governance, management, and platform automation using practical examples that make each concept easy to understand. We also explore Hub-and-Spoke networking, Azure Virtual WAN, Azure Firewall, Microsoft Defender for Cloud, centralized Log Analytics, Azure Policy initiatives, Infrastructure as Code, subscription vending, and automated governance. By understanding how these components work together, you'll see how Azure Landing Zones create repeatable, enterprise-ready cloud platforms instead of isolated Azure subscriptions.  PLATFORM LANDING ZONES VS. APPLICATION LANDING ZONES One of the most common sources of confusion is the difference between Platform Landing Zones and Application Landing Zones. We explain why platform subscriptions host shared services such as identity, networking, connectivity, monitoring, and security, while application subscriptions remain isolated environments owned by individual workload teams. You'll learn why separating these responsibilities improves scalability, simplifies governance, and allows centralized platform teams to support hundreds of Azure subscriptions without becoming operational bottlenecks. We also discuss common architectural mistakes, including placing shared services inside application subscriptions, and explain how proper separation creates a more maintainable Azure environment over the long term.  BUILDING A SCALABLE AZURE FOUNDATION The episode concludes with practical guidance for implementing Azure Landing Zones without unnecessary complexity. Learn why starting with a Minimum Viable Landing Zone often delivers better long-term results than attempting to build a perfect enterprise architecture on day one. We explore Azure Landing Zone Accelerators, Policy Audit mode, IP address planning, subscription automation, Infrastructure as Code with Bicep and Terraform, and Microsoft's Cloud Adoption Framework recommendations for continuous platform evolution. Whether you're creating your first Azure environment or modernizing an existing cloud estate, this episode provides the practical knowledge needed to build a secure, scalable, and well-governed Azure platform that supports business growth for years to come. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

16. juli 202616 min