Power Platform: License and Permissions required for CoE Starter Kit Setup

This blog will discuss the license and permission required for the CoE starter kit setup.

Many organizations want to implement the Power Platform “Center of Excellence (CoE)” starter kit. It’s recommended to have a separate service account (User Account) to install and do the setup.

To implement CoE, we need the service account to have a proper license, Application Registration, M365 Group, and Application.

Start the CoE implementation once you have proper license and other following information 

1. License

• • Microsoft 365 license.
  • Microsoft Power Platform Service Administrator
  • Power Apps Per User license
  • Power Automate Per User license.
  • Power BI Premium per user
  • Service account identity must be email-enabled.

2. Application Registration

Azure Application Registration is a process in Microsoft Azure that allows you to register an application or service principal in the Azure Active Directory (Azure AD). This registration enables the application or service to authenticate and interact with Azure resources and access APIs and services protected by Azure AD.

We need the following two application registrations. To create the application registration,

• Go to Portal.Azure.com
• Click “Azure Active Directory”
• Click “App Registrations” on the left navigation
• Click “New Registration”

App Registration 1:

• • Name: CoE Command Center
  • API Permissions:
    1. Microsoft Graph (Delegated Permissions)
       1. ServiceMessage.Read.All
       2. User.Read

App Registration 2:

• • Name: O365 Management API
  • API Permissions:
    1. Microsoft Graph (Delegated Permissions)
       • User. Read
    2. Office 365 Management APIs (Delegated Permissions) 
       • ActivityFeed.Read
       • ActivityFeed.ReadDlp
       • ServiceHealth.Read

3. Microsoft 365 Group

We need the following two M365 Groups. To create these groups, 

• Go to Office Admin (https://Admin.microsoft.com)
• Expand Teams and Groups
• Click Active Teams and Groups

1. 1. M365 Security :

• • • Group Name: Power Platform User Group
    • Group Type: Microsoft 365
    • With an email like PowerPlatformUserGroup@Organization.com

2. M365 Security

• • • Group Name: Power Platform Maker Group
    • Group Type: Microsoft 365
    • With an email like PowerPlatformMakerGroup@Organization.com

4. Power BI Desktop

We need a Power BI desktop to publish the report from the template, which we can download from the Microsoft site.

 

Note: The above name and emails are just examples. You wish to change anything.