top of page
  • Writer's pictureGirijesh Dixit

Understanding the Power Platform Architecture

As we all know the Power Platform is one of the Microsoft cloud offerings and is part of the overall Microsoft cloud infrastructure.

The Microsoft cloud products and solutions of all three clouds are operated out of Microsoft data centers, which are grouped into regions and geographies. Each region contains two or more data centers for failover safety and high availability.

In this section, we will focus on

  • Microsoft cloud infrastructure

  • Structure of a customer cloud ecosystem

  • The Power Platform technology, and environments, as well as their main components

Microsoft cloud infrastructure

The Microsoft cloud products and solutions of all three clouds are operated out of Microsoft data centers, which are grouped into regions and geographies. Each region contains two or more data centers for failover safety and high availability. Microsoft has more than 50+ cloud regions worldwide.

Power Platform, there's currently available in selectable regions

The preview region contains preview features of Power Platform components not available in other regions. Selecting this region is useful for testing the latest product features and giving feedback to Microsoft.

The customer cloud structure

When a customer first purchases a Microsoft cloud service, they always get a certain basic structure that is necessary for operating the service, or any other added cloud service from Microsoft. This structure is built around a tenant. This tenant is officially an Azure Active Directory domain that's used to support the central services for each cloud solution, regardless of whether it is Microsoft Azure, Microsoft 365, or Microsoft Power Platform.

Within one tenant environment, there can exist several subscriptions of cloud services from all three Microsoft clouds. based on the subscription type, there can be various cloud services belonging to those subscriptions.

Tenant Services - the central tenant services that are essential for running any Power Platform application are as follows:

User Management - Any user of any Microsoft cloud service, including Power Platform, must first be registered in the Azure Active Directory of the customer's tenant. User management in the tenant can be done in a variety of ways

  • Manual user management using the Microsoft 365 management portal

  • Synchronizing user identities automatically from the customer's on-premises active directory

  • Using scripting automation with PowerShell

  • Using a third-party identity management solution, integrated with Azure Active Directory

  • Using the Graph API

License Management - After a user has been registered in Azure Active Directory, access to any cloud service is granted by assigning the respective product license. After the license has been assigned, a background process starts provisioning access to the service for the user. For license management, the same management options that are available for user management are provided.

Group Management - Groups are used for the following purposes for Power Platform solutions:

  • Managing user provisioning into distinct Power Platform environments

  • Managing authorization within DataVerse applications

  • Managing the integrated Office 365 groups

App Registrations - App registrations are a security feature necessary for implementing OAuth authentication scenarios for external applications or integrations connected with the Power Platform API.

Office 365 Activity Logging - Office 365 Activity Logging is an auditing capability for Office 365. This also includes DataVerse auditing.

Power Platform technology

Power Platform is a cloud service and therefore there are not many publicly available technical details about the background technology. There are database servers, reporting servers, web servers, app servers, integration servers, and much more, but the Power Platform customer doesn't have access to these infrastructure components. Scale groups are only located in the Power Platform-enabled cloud regions.

Power Platform environments - Environments are containers that administrators can use to manage apps, flows, connections, and other assets along with permissions to allow organization users to use the resources. An environment has the following components:

  • Name - Name of the environment.

  • Location - Which Azure region that the environment, its data, apps, and flows are stored in.

  • Admins - Who can manage the environment.

  • Security Group - Controls which users can access the environment.

  • Apps - Apps that are created in the environment.

  • Flows - Flows that are created in the environment.

  • Bots - Chatbots that are created in the environment.

  • Connectors - Custom connectors that are added to the environment.

  • Gateways - On-premises gateways that are connected to the environment.

  • Dataverse (optional) - An instance of a Dataverse database.

Environments Types

  • Default: This is automatically created in every Power Platform licensed tenant. It can be used for evaluating, proof of concepts, and so on, but should not be used for complex solution development or production.

  • Trial: This is a temporary environment, best suited for testing specific product features, third-party solutions, demonstration purposes, and so on.

  • Developer: This is a specific environment, provisioned with the Power Apps community plan license. This environment can have only the owner as a single user.

  • Sandbox: This can be used for pre-production purposes such as development, testing, training, support, and so on. However, it is not intended for production purposes.

  • Production: This is typically used for running a deployed solution in production.

  • Support: This is a specific environment that cannot be created by the customer, only by Microsoft support personnel, to resolve service case issues. It is usually created as a copy of the existing troublesome environment and deleted after the issue is resolved.

A Power Platform environment consists of the following main components:

DataVerse is used to store the metadata, business data, and application artifacts of model-driven apps. The CDS storage is subdivided into the following three storage types: File: Used for storing files associated with business data such as attachments for email activities, files attached to any record within an annotation or file, and image data types. Log: Used for storing logging information such as auditing or traces from plugins. Database: Used for storing all other relational data.

Power Platform connectors are wrappers around certain APIs provided by various Microsoft and non-Microsoft services. These connectors allow us to connect to services from canvas apps, Power Automate flows, and Azure Logic Apps. There are three types of connectors:

  • Standard connectors are not bound to any licensed technology and can be used with any subscription; for example, with a Microsoft 365 subscription.

  • Premium connectors require a Power Apps subscription to be used.

  • Custom connectors are connectors developed by a customer for connecting to a certain technology, for which there is no public connector available or the public connector capabilities are not sufficient for the implementation.

DLP policies are connector-targeted policies used within an organization to protect organizational data from unintended exposure. For example, this could happen when a Power Automate flow reads some internal financial data from a database and submits it to social networks. DLP policies can be created on two scope levels:

Tenant level: This is valid across all Power Platform environments in the tenant.

Environment level: This is valid only in the respective selected environments, or in all tenant environments except the selected one. These policies cannot override tenant-level policies.

On-premises data gateway is a specific software solution for hybrid scenarios, enabling the use of a user's on-premises data sources within the following Microsoft cloud services:

Power Apps Power Automate Power BI Azure services (Azure Logic Apps, Azure Analysis Services) There are two different types of on-premises data gateway: On-premises data gateway: This can be shared among multiple users. On-premises data gateway (personal mode): This can be used only for one user and only for Power BI.

Power BI’s Structure - The different components in the Power BI hierarchy are used for the following purposes:

Capacity is a Power BI concept that's used for a set of infrastructure resources (compute power) to run the Power BI service. There are two types of capacities – shared, where the resources are shared among multiple customers, and dedicated, where the resources are exclusively used by one customer. The dedicated capacity requires a Power BI Premium license.

Workspaces are containers for other Power BI components (datasets, dataflows, workbooks, reports, and dashboards).

Datasets are data collections used directly as data sources for Power BI reports.

Dataflows are data sources prepared for pushing into datasets.

Workbooks are specific datasets based on Excel.

Reports are the main visualization objects created in Power BI using one single dataset.

Dashboards are collections of tiles, widgets, and visualizations coming from multiple reports and other sources.

Happy Learning.


bottom of page