 Hey everyone, this is the post collab talk tweet jam interview and I'm talking today with Matt. How's it going? Doing well. How are you? I'm doing well. And we had a great conversation yesterday on oversight and governance of the power platform. This is like a really hot topic, you know, the G word around power platform and what can be done around that. And I think I'm as I'm getting ready to head out to Europe for a conference. I think there's multiple sessions on governance and power platform related. So important topic. What's kind of your background? Why don't you introduce yourself? Sure. My name is Matt Varney. I'm the Internet Administrator at PCTCS, which is an acronym for like Kentucky Community and Technical College System. So I'm an higher ed and I am SharePoint mostly background, but I've been doing more more of the power platform and as sort of in the system office, the central headquarters, I guess, in case TCS were in charge, a lot of the governance type of thing. So trying to wrap my head around power platform governance ourselves. Well, and I know we've all got opinions about this. We've seen the this governance scenario play out before with other systems, other platforms. And so there's certainly some things that are nuanced that are different about power platform. But when it comes down to it, I think it's it's the same stuff again that we deal with with the SharePoint world and other tools and technologies prior to that. Well, why don't we kick things off? I mean, the first question. Love to get your thoughts on this. How important is it to have a governance strategy in place before employees start building power platform solutions? Well, that'd be ideal. But that's often unrealistic. And the classic answer depends on your organization, right? And the users therein, but people are going to go out and try stuff as soon as they see a button for it. So if you wait to have to release that before you, if you try to build a governance program and all the nuances therein before you expose that button, you might be waiting a while, I'm afraid. Yeah, I mean, that's always the difficult. Do you go and try and build out a plan with all the detail? It's not going to make sense. It's not going to fit. I mean, you can always go and leverage best practices, the learnings of experts and others that are out there. But to some degree, you have to figure out what's unique about what needs to be in place for your organization. But there are some basics. I mean, there's a lot of guidance that's out there on what to go and do. And we'll kind of cover that with the COE discussion as well. Is there a question too? Is there a preferred methodology or framework for power platform governance? Well, again, and it depends. But yeah, I think the common thread that runs through a lot of organizations is sort of a layered approach and understanding first the scope of what any given solution in the platform is going to do and who's involved and how wide-ranging that is, how durable it needs to be. So if you think about the layered approach of individual productivity boosts with your own power automates that you run personally for your stuff, requires maybe a little less governance versus something that's going to be running a process that's for the enterprise and needs to live on. Perhaps if you go away, so then absolutely needs more governance on that. So starts with understanding the scope of the solution and then a layered approach on that. Then for those larger ones, when you do introduce more governance, excuse me, I think there's a common approach to have a service account strategy around those. So you use a dedicated licensed service account to build and enable all the connectors within that solution so that it can live on beyond the individual. And that's really important for an organization like mine with a huge turnover. A lot of our users are transit and I read they're here for a semester and so if they do something and it's great for a semester and then they move on, if that great thing stops working, get started over. So understanding that impact really plays foundation for building your governance program, I think. I know most especially larger organizations that I've worked for have a kind of a change management process that generically across that for any new application, any new systems that's deployed. And so there's that kind of review process. There's also, I know consulting companies that have methodologies, they walk in, they go into a new customer and so they say, here's our experience, kind of insert this process the way that we've doing that learning. But both of those, kind of to your point, are an iterative process to look at and understand, well, what are the differences, the nuances of the culture of this organization? How is it being used? But then there are certain lists of best practices, like you said, service-based accounts, having that process in place. I don't know, that's a framework or a methodology. There are just certain things that how we approach these new systems. Again, a lot of organizations have those kinds of things, those have those learnings in place. But there are certainly, Microsoft, I think even tries to stay out of the specific methodology world and just says, here are best practices, here are things that we see that are common, here are recommendations. How you go and whether you build a methodology, you're a consulting company and want to build this as a practice area to help companies go and do, it's entirely up to you how you go and deploy that. Yeah, or even internally with your own organization. So, yeah. So do you have any best practices for monitoring, auditing, securing and managing power platform solutions? No, sort of on your previous point too, as one of the key elements of all this is a strong user community. And the practitioners, the makers out there of these solutions, getting all those people to talk with each other in a community is critical. And sort of out of that, you can find best practices, you know what exists, so you don't rebuild the thing in a different business unit or different college or whatever. And so that I think is our overall direction. We don't have a lot of technical oversight or we don't have a COE running right now. We don't have those kinds of oversight and automated monitoring of things we're relying really on trying to build a community and leverage that. Are people self-reporting and sharing about their solutions or is it, do you have more of the lone wolf or is it just a combination of those things? It's a combination. It's a mixed bag. But as more and more people are self-reporting and others are taking advantage of that and saying, oh, I didn't know you could do XYZ or I've been trying to do XYZ. Have you done it over there? Those conversations are starting to flow. Our user community just started this summer and so it's only a few months old. And so we're slowly building and that approach too is kind of, you would think it'd be more common in higher ed and more collaborative, but it's not. There's still a lot of cultural issues around the shift to more open communications around things like that. But we're getting there. Yeah. Are you doing, I'm interested in this kind of sideways on this question, like whether, as I know some organizations that are, they might be monitoring their systems and see, hey, we're seeing even more usage of this. We're seeing more calls over to this data and these locations or requests for permissions for access on certain things. And so they're kind of identifying solutions that are being built that way. It's because it's not open upfront, hey, we're building a solution, but more of we see the system is being taxed more in these ways. Are you, again, is that part of your process is kind of identifying those things and? Not a intrinsic part, although we do have, you know, we can do audits after the fact, but we don't do a lot of in upfront and real-time monitoring per se. But we do, we are able to sort of respond and sort of see trend of requests from users about, hey, I need to do XYZ and they ask the GAs or somebody about doing that and they can funnel down to the community level and we can feel that question that way and sort of spread the message that way. So it's a mixed bag. I think it's great having your perspective. I know it's always great when you go to a conference or something and you're talking about best practices and they roll out the company that has done everything to the letter of what Microsoft recommends and uses that wonderful case study. And the reality is that everybody is less than that is doing other things. So have you, I'm just, I'm interested is whether you've seen any impacts by not having those that detailed kind of tracking and auditing process in place as a proactive step versus later. Yeah, and there's been a few incidents where somebody has built something, again, Power Automate or as most common, something pretty fantastic and then they leave and it's that sort of abandon and or stop functioning and no one knows anything about it. So knowing that at the time of inception would have been better. So we've had a few cases like that. But yeah. Yeah, a lot of stuff just stops working. You're not sure why. Yeah. That's again, being both coming from the SharePoint world that we saw this again and again, where your executive team, somebody's like, oh, that's fantastic. What you're doing. It's like, well, I, yeah, I, I did this kind of shadow IT effort. I didn't tell anybody about it. I went and installed it on a server under my desk, was running these things. Now everybody's relying on it. I'm out sick or I leave the organization and people are like, we can't even get access to this. What is this thing? Yeah. So there's a lot of reasons why you want to be, you know, make it more open and transparent about the solutions. And that's why you want to have that some governance model in place to be able to, you know, not lose time and effort and have to recreate those things if it is useful. Well, question four, specifically around security, how important are tenant and environmental data loss prevention policies and power platform governance? Is that something you guys look at? Yeah. I mean, DLP is overall in general has been a good investment. And I kind of, again, going back to the way we're approaching this, I look at those kinds of controls at the, at the tenant level as an interesting development and how shadow systems, you know, traditional shadow systems is people built or built or buy things and you wouldn't know anything about them. And the full security holes and full of who knows what, right? If people are doing those kinds of approaches to innovation, we'll call it, with building their own thing within the power platforms, and that gets us one step closer to an integration with the rest of the world by default, and then also being able to layer on things like DLP on the data that it's connecting to and that sources connecting to. That's just a couple steps closer to helping us know about these shadow systems and sort of these new quasi shadow systems. And then maybe eventually talk to the owner of that and get them into a more governed approach, grow that solution into a real thing more easily than sort of whatever they downloaded from the interwebs. Right. Well, again, it goes back to that kind of layered approach to governance is to your point, if people are on solutions, we don't even know what those things are. We don't know where the data sits. We have no visibility into what's in it, where the data is. It's going to be cloud-based. It's going outside. We don't know what's happening. We don't have visibility into that versus a build what you want, but within this framework. And at least we have some basic security measures we can take and we can have some visibility over what you're doing, but still go solve your own problems. Don't wait for IT to solve it for you to go do it. Well, that kind of plays into the next two questions around the community side. So why should organizations leverage the Power Platform Center of Excellence starter kit? Again, we don't have that, but I think it does have a... We have looked at it and it does offer some promise. It's not a silver bullet or a 100% solution, but it does seem to allow some of that additional layer, a level of visibility, and with some additional maybe controls and scripts and buttons and widgets that can help you connect all that stuff together a little better without having to rely on the goodness of the community. But I think even if we get around to and we're still are looking at doing that COE, if and when we get around to doing the COE, we will still rely on the community as much as we can. And that's not a silver bullet, COE is not a silver bullet, but maybe combined we can make some progress. Well, that's the whole point. It's having that centralized location where you can then share, hey, here's what's going on. Here's what we're doing. Here's what we've learned. Here are things that are working well elsewhere so people can go in if you do nothing more, but go in if it's treated like a catalog. Here's what other people have done elsewhere. Hey, could I be able to leverage these solutions over in my organization? Right. And that's I think one of my biggest, most interesting parts of that is that catalog or that inventory what's out there that's visible right now. That's sort of a manually maintained SharePoint list. And so making that better and more automated would be great. Well, that's the plays into the question six is how important is it to support the power platform community? So whatever you call them, citizen developers, makers, champions, but supporting those people within your organization. Is that something that you guys prioritize? Yeah, that's what we're doing now. That's just our initial foray into governance in general. But we're identifying the people that have already gone out there and clicked the buttons and built stuff. And then we're connecting them or inviting them into a community on teams. And we will have regular updates through teams of new things. We have our list of known develop things out there that people can peruse. There's been some communication among leads at different colleges. The way our organization set up, we've got our 16 colleges or 16 nearly identical business units. And so there's a lot of overlap of everything, not just Microsoft stuff. So being able to level that and to make more visibility into all that is what we're after. And the community is making strides on that. Is there anything, do you guys do anything to recognize and reward individuals for solutions that are really effective, that are helping improve things? A couple of things. I mean, the built-in praise and team and things like that. But also, we have regularly gone out and given from the system office, what we call technology summits, at different colleges on all things technology. And one thing we've done recently is we've identified someone at the colleges, at that college we're visiting, who's done something in Power Platform. And we asked them to be a part of this presentation so that they're presenting on the solution that they built locally. Then we come in and support them and elevate them so that they're known there. But all those events at those colleges can be attended by anybody else in the other college. So there's some crossover there as well. And that goes beyond just the maker community that goes to the user community. I was like, oh, they built this? I thought it was IT. Yeah. So it was like all just going off everywhere. Yeah. A couple of companies I've worked for, we did, which was always successful, was doing the lunch and learn it. We do it every Friday and somebody comes in. And one of the mistakes people made about it, they was thinking, oh, it has to be completed. No. Sometimes it was, they came in with a partially built solution, says, here's what I'm doing. Here's what I've done. This has helped on this. I'm still struggling with this area. And it would pull in people from other parts of the company would be like, hey, I did something similar. Hey, here's how we approach that. And so sometimes it's, you look at it, we're all same company. We're trying to solve the problems if you can help people in other areas with your knowledge and you may take away new learning as well. But that process, it recognizes the people and it's a reward in itself, that recognition sometimes for trying to make things better. And then if they do make things better, succeed at that, having some other reward program in place. I know that we had, like at Microsoft, they have like their gold star, there's a cash award for things and certain things, other companies where there's recommendations, they give out gift cards and other things. Or sometimes it's just that you get called out in the all hands meetings, you know, things like that. All of those things, it's, if you want to incentivize people to look for ways to improve the business without just saying, hey, this should be part of everybody's jobs. We should always all be looking for ways to improve. Like, culturally, you should do something beyond that, that expectation. There's, there's opportunity for us specifically going a little bit tangent on this. We are embarking on a organization-wide lean program, like an intentional, we've already sort of, we've dabbled in it for years, and some of our colleges actually teach it. But we're actually internalizing it very intentionally now. And so we're out there looking at all of our processes, trying to find, you know, improvements and efficiencies and eliminate waste. So people, that's going to be part of our culture. And that's becoming more and more of what we do every day. So if we can, on the back end of that, understand that this platform can help automate and display data when you need it. Things that are going to be key to whatever process comes out of it. I think that's going to actually help grow. So it's an exciting time for us, I think. Yeah. It's a, for organizations that start to kind of feel their way, it's, it's healthy to be talking about what should be our process. You know, the governance question, but also the community building, how do we support people to do more? And it's always healthy to have that conversation. This is part of the broader topic around, you know, employee experience. And it's great to see it. I mean, we're not going to get into Tuck Viva or anything around that. But I just, I think it's great that, and maybe pandemic helped, not maybe it definitely helped drive more customers or more companies to think, hey, what is, we need to change the way that we work. And, you know, we're getting, we're seeing burnout. We're seeing that people don't feel appreciated that they're not being recognized when they go above and beyond. Like what can we do different to make this a better work environment? And so it's, I think this all folds within that. It's part of that same broader conversation. Yeah. Well, the final question here, what other governance advice would you give to an organization that is starting its power platform journey? So any other like painful lessons learned or anything else that you would share? I can reiterate everything I've already said, but I think one of the things that when we started looking at this and the platform, one of the things that sort of rung a bell with me was like, or I could see the writing on the wall was how we needed to get a handle on understanding the scope of any given solution as well as making people understand that as well. So for, again, for our organization where with a lot of turnover, a lot of transient people that we had this same issue with OneDrive and Content and OneDrive and email, obviously, when their account goes away, all that stuff goes away, all their accumulated work and knowledge and documents and work life. Now you add a potentially business critical process that could go poof. So the writing was on the wall, like this is kind of similar to the OneDrive to limit our accounts temporariness that is prevalent in our organization like ours. So understanding that from our perspective, but also helping users understand that and then telling them there's a way to make sure that that doesn't happen, follow these these guidance that we're putting out, use a service count, etc. That was our, it was my personal biggest focus in developing, thinking about how we can approach governance. And then also talk to them about, again, not governance, not using the G word, but talk about how in ways that make it more relatable and more just generally more friendly. So I love the, I always love the example or the analogy of bowling, like when you're learning how to bowl, you put up the bumpers so that you don't roll a gutter, you're guaranteed at least hit a pin, hopefully. So that's what that's what the governance is in the background is those guardrails to help you hit the pins. And it's it makes it easier to do the right thing and harder to do the wrong thing. So that's that's if you get people to think about that, then they can buy into best practice of the guideline, the frameworks or governance or whatever you're going to call it. Yep. Isn't it funny how we're, you know, certain certain words that we can't say that have certain connotations. It's all this the same thing. It's the I always talked about that, you know, governance, it's the palm olive moment, like where you're soaking in it right now, call it whatever you want. Just like your hand is still in I'm just so dating myself with my, these commercial references for folks that don't know. Palm olive is an old dishwasher soap, but it's still around, you know, and it's green. I remember, I remember managing. Yeah, apparently softens your, your hands, you know, but well, Matt, really appreciate your time and, and thanks again for participating in the tweet jams. As always, I know that you're a regular participant in those. And so looking forward to having you participate in future events. Great. Thank you. Thank you for putting, putting them together and are always fun and always trying to make them, but thank you.