Although the Power Platform is close to perfection 😉 there are still some small opportunities to improve it.
So I thought I would draft out the top 10 features I would love to see added. Call out here, I know AI is the future, but for me it's a blended future. With AI adding to not replacing LowCode, so this is all around improvements that are not focused on AI, but will definitely help AI.
1. Proper RBAC for Developers
At the moment the access controls are very limited, Power Automate, Power Apps, and Copilot Studio only allow use or full edit (Power Automate has run only permission for instant flows.
This is super limited when you go beyond citizen developers using the Default environment. Having full RBAC (Role Based Access Control), would give improved granularity, imagine being able to:
- View flow/app/agent but not edit it for code reviews/debugging
- View flow runs without editing it
- Run app monitoring without owning it
- Turn flow on and off without editing it
- View agent analytics/logs without being able to edit it
- Edit flow/app/agent but not add or edit connections
And that's just to name a few of the opportunities, I know there are creative workarounds for some, but these are not simple and open up to unexpected vulnerabilities and exposed to breaking platform updates
2.Use only license to Power Apps/Copilot Studio Agents
This still shocks me to this day, why Microsoft has not enabled a license to use just Power Apps. Actually I know why, its to force adoption, as some percentage of those users will find Power Apps/Power Automate and start building.
This is a good approach for circumventing IT departments and driving adoption, but goes against a collaborated adoption strategy. Lots of organizations will have front line employees who they want to use Power Apps, but don't want distracted creating random apps and flows. In these situations the organization can only turn off Power Automate and Power Apps, stopping not only building but using.
You may ask, well how does Copilot Studio not have a user only license, external users can use it and they cant make agents. Well Im thinking of a M365 Copilot future, where everyone has a M365 Copilot licenses, and guess what that license allows you to do, yep make Copilot Studio Agents as well. We need a way to split out that license so it can be read only Copilot Studio Agents.
3. Script action in flow
Low-Code nails 80% of the what is needed to build great apps/workflows/agents, but the last 20% it get a little complicated. More and more creative but elaborate workarounds are needed. And this is where dropping in some pro-code would be super useful.
In Power Automate we often have to use Office Scripts as its the closest we have, but to me its a little ridiculous that I have to use a blank Excel file, never interact with it, just to run some TypeScript code.
Add on that there are additional limitations to Office Scripts implementation of TypeScript and its not a good solution. It would be so useful to drop in a action that runs either TypeScript, JavaScript, C#, or Python. Having it as a action means we could use it in flows,apps, and agents, and it would add that missing flexibility.
4. App insights built in
At its core the Power Platform is just Azure abstracted, so it always frustrating when they go against this mantra and just default to going to Azure. A great example of this is App Insights, its the only way to get good telemetry in Power Apps and Copilot Studio (and the best way for Power Automate), so why is this not abstracted away.
This core requirement for any software solution, good logging, now requires the developer to have a Azure subscription, spin up resource groups, set up additional Rbac, and storage if you want to save query scripts.
It would be great if they followed the Power Platform way, use App Insights but bring the UI into the platform, so all that complexity is handled, leaving the developer unbunded.
5. Vault for Service Accounts
With licenses and connections Service Accounts are the only way to ensure that deployments follow segregation of duty (Developers can't access production). This is simple enough for small scale organizations, but becomes a bottle neck for larger orgs. Having to get the Service Account details, log in as them, and then import the solution is labour intensive. ALM through pipelines doesn't work because connections, they only allow either the developers connections (obviously a big no no), or connections shared with a SPN. Having to share every connection is another bottle neck, so wouldn't it be great to have a central Service Account vault.
Here you can add Service Account details/connections centrally would be the perfect solution. Connections could then be shared and used seamlessly in the pipeline. Additionally other passwords and secrets could be stored in there to, like App Insights, we would abstract away the Azure Keyvault we normally use.
6. Fix SPN Ownership Model
The simple truth is SPN's are broken in the Power Platform, and I have 3 good examples:
The first is connections, not all connections can use SPN's
The second and third are the similar issue, but with same solution.
Pipelines require delegated deployments through SPN's to have the pipeline owner to owner the SPN. This is (and in my opinion absolutely right to) not possible in most organizations, they enforce separation of duties and Polp (Principle of Least Permission), so no one owns them. You would expect a simple solution, follow the connection process and enter a client id and secret.
The third is Power Pages, they require a SPN, but this time they not only need to be owned by the developer, but the developer needs the permission to create them on the fly. Giving developers the power to create SPN's is a massive security vulnerability. Again a simple solution, allow the developer to enter the client id and secret when creating the site.
7. Create Own Flow, App, Agent Metric Dashboards
The Automation center is a great start on metric for developers, but its has a couple of issues that really need fixing.
A central dashboard, that linked with RBAC roles I talked about earlier, that allows developers to see metrics for all solutions across all environments.
Custom widgets, and maybe some calculated fields. Ideally this would be built into the platform but another option would be a templated pre connected Power BI dashboard. Either way, a single pain of glass for all of your apps, agents, and flows would be super useful.
8. Real Developer Environments
There are Trial, Sandbox, Production, and Developer environments within the Power Platform, but the names don't really match what they are (usual Microsoft naming). Sandbox are just smaller sizes of Production environment, no other differences (well maybe some that I don't know about). But the big one is Developer, they aren't developer environments. They are just personal default environments with some free premium functionality.
You can still link to production data sources and share with other developers, so to me there is no difference.
I would love to see real developer environments, they would have built in sharing controls, lifecycles (like a trial but doesn't end, just resets). But the big benefit would be none production connections, no more linking to your Outlook, or production SharePoint sites. Everything is test data, either a non-prod Microsoft tenant, or a central static result where you can configure what the actions do.
9. SharePoint Embedded
We all know that SharePoint is the default data storage for the Power Platform, Microsoft want it to be Dataverse but it isn't. So I would love to see Microsoft embrace SharePoint by integrating SharePoint Embedded. If you didn't know SharePoint Embedded is a headless SharePoint site (just for storage so no UI/SharePoint pages etc). It's designed for external websites and Copilot, so it comes at a seperate cost. But wouldn't it make sense to use it inside the Power Platform.
For the makers we have a much simpler process, we know longer need to provision SharePoint sites just to store data in a list or library (and if you follow alm that could x3). Having one embedded site per environment, managed by the admin, with delegated permissions per list/library would be so much more user friendly.
10. Built in Documentation
When you look at something like GitHub you have readme files, allowing documentation to be stored exactly where it should be, with the code. I would love to see the ability to add documentation to a solution. Ideally it would be auto generated with key information and then you just add any additional information. And the ice on the cake would be if it was in markdown and the template could be edited, so that its not only bespoke to your organisation's needs, but easily extracted to document systems like confluence.
And that's my top 10 features I would love to see, anyone in Microsoft want to know more hit me up at https://www.linkedin.com/in/wyattdave/.
What's your top 10 features?
Top comments (3)
Love the content . My thoughts
1) on the Script action in flow topic, the agent allows you to run python so i assume under the hood this would be coming soon !!
2) I would still love Restart function to start at a specific step
3) SPN is a big one .. And that reminds me of Dataflow . Currently it can be only owned by only 1 account
4) Not sure if you have explore copilot studio but it needs a Xmas wishlist of its own ..
Great list, Wyatt! 👏 Totally agree on RBAC and built-in documentation — both would solve big pain points. I’m curious, if Microsoft could only add one of these features first, which do you think should take priority?
RBAC all day long 😎, though proper credential bank would probably be second