Everything you need to know about Flow administration

Rene Modery


In this eBook, we will look at how you can effectively manage Flows in your Office 365 Tenant. Specifically, we will look at

  • The Office 365 Admin portal and how you can manage Flow licenses there
  • The Flow Admin Center, including Environments, Data policies, and of course managing individual Flows
  • The new Power Platform Admin Center, where you can see Analytics of the Flows in your tenant
  • Using PowerShell to manage your Flows – retrieve Flows, enable/disable them, update ownership, and more
  • And lastly, how you can create a Flow to retrieve updates about new and update Flows in your environment

At the end of each section, links to relevant sites with further information will be provided.

Please note that we assume that you have Global Administrator access rights to your tenant, which are required for the majority of steps listed in this ebook.

Reviewing and Assigning User Licences

Before we have a look at Flow administration in general, let’s first briefly look at where and how you can assign and review licenses for your users. When you log on to the Microsoft 365 Admin Center (https://admin.microsoft.com/Adminportal), you can do the following:

First, you can review the currently available licenses under “Billing Licenses”. Here’s an example of how it looks like:

As you can see, there may be different Flow licenses available, depending on the plans that you have subscribed to. You can see the number of valid (total) licenses, expired licenses and assigned licenses. But how can you see which licenses have been applied for a specific user?

Navigate to “Users Active Users” and search for the user. Under Product licenses, you can see the individual licenses that have been assigned for this user. Upon clicking on Edit, you can add or remove licenses.

This is useful when you simply want to check details for a single user, or a few. But when you want to get detailed license reports for a larger number of users, or even all, it is recommended to use PowerShell for this. A link to a script to get you started is provided in the Links section below.


Using the Microsoft Flow Admin Center

Next, let’s have a look at the Flow Admin Center. The first thing you see when you open it is a list of all Environments:

Environments provide isolated containers for your resources – that is, resources (such as a Flow) from one environment do not have access to any resources (e.g. Common Data Service data) in another environment. This is especially useful when you have use cases that target a specific region only (e.g. data and Flows need to be located in Europe) or limit access to a small number of people only (e.g. create a dedicated environment for HR only). This also means that you need to plan carefully where to place your resources, as a Flow in one environment can’t make use of a Custom Connector that has been deployed to another environment, for example.

On the Environments tab, you can create new environments, and review and edit the configuration and details of existing environments. When you select an environment, you first get to see some general details about it:

You can also manage the Security for the selected environment. Role-based security is used here, with various roles available. Please refer to the documentation under “Configure environment security” for more details on the available roles and how to assign them.

Lastly, you can click on the “Resources” tab to see a list of available PowerApps and Flows in the selected Environment.

You’ve got the option to turn Flows off and on, delete them, or see additional details:

However, if you are wondering how to export a list of Flows here with details such as who was it created by, when was it created, and others, this is not available and needs to be performed via PowerShell (covered in a later section).


Using the Power Platform Admin Portal (Preview)

Besides the current Flow Admin Center, you can also make use of the new Power Platform Admin which “provides a unified portal for administrators to manage environments and settings for Dynamics 365 for Customer Engagement, PowerApps, and Microsoft Flow.” It is expected that this portal will at some point in the future be the main portal to use, but currently only provides limited functionality.

Most importantly, however, this limited functionality includes analytics of Flows. Data for these analytics gets refreshed every 6 hours, and covers the following areas (per environment):

  • Runs show daily, weekly, and monthly run data of all Flows in an environment
  • Usage Report shows statistics on the types of Flows, trends, and runs.
  • Created Report provides information about recently created Flows
  • Error Report lists high-level information on any errors that occurred during Flow runs
  • Shared Report shows you information about Flows that have been shared
  • Connectors Report, lastly, provides insights on the connectors used

The following screenshot shows the Runs report. You can see daily run statistics for your Flows in the selected environment, including any cancelled or failed runs.

As mentioned, Usage can be used to review how often Flows are executed, as “Flows in use” shows Flows with their corresponding runs.

Lastly, the Errors tab can be used to identify any Flows that failed recently (or even regularly). This can be useful when you want to inform the Flow owner about these issues, and potentially support them in fixing them.

Coming back to the Flow Admin Center, under Data Policies you can define Data loss prevention policies. When you create a new policy, you first define whether it applies to all environments, selected environments, or all environments except specified ones:

Next, under Data groups, you have two groups called “Business data only” and “No business data allowed”. Please note that these names do not have any implications at the moment and could also be called “Group 1” and “Group 2”. You can select the Connectors that you want to put into each group, and connectors from the first group and the second group can’t be mixed.

For example, in the data policy shown in the following screenshot, you would not be allowed to create a Flow that uses the SharePoint connector (from the Business data only group) and the Salesforce connector (from No business data allowed):

The last section in the Flow Admin Center is called “Tenant” and provides you with two options User licenses and Quotas.

Under User licenses you can generate and download a CSV file that includes details on the license assignment in your tenant:

Quotas finally show you the total number of Flow runs in your tenant, and how it compares to the total flow runs.

You can also get a Quota breakdown:

Please note that the total number of Flows is per month and pooled. While a single user may only have 2,000 Flow runs, he can use more runs if required if runs are still available in the pool. For example, in the screenshot above, we can see a total of 6 licenses with 2,000 runs each, providing a total pool of 12,000 runs. A user could now have 4,000 Flow runs if other users use fewer Flow runs.


Administrating Flow with PowerShell

We’ve seen several ways how to manage Flows. However, once you want to work with a larger set of Flows, the UI is not the best way to proceed. Most of the time, using PowerShell will prove to be most effective for these kinds of tasks.

Microsoft has made available a set of PowerShell cmdlets, with details for them on the “PowerShell support for PowerApps (preview)” page. While the page title refers to PowerApps, the cmdlets in the modules provided are meant for PowerApps, Flow, and Environments.

Please refer to the page for further details on the installation and the individual modules. Also, please note that it is recommended to install the Office 365 PowerShell cmdlets as well, as using them will make it easier to work with user identities, e.g. when you want to retrieve all Flows for a specific user.

Assuming that you have installed the modules, here are some scenarios and sample code. For the examples below, we are writing the output directly on the screen. However, it is of course also possible to write the results to a CSV file via the default Export-Csv cmdlet.

Establishing a connection

To authenticate with Office 365, please run the following 2 cmdlets and log in with a Global Admin account:

Add-PowerAppsAccount Connect-MsolService

Retrieving all Flows

The following will retrieve all Flows across all environments, and output selected details on the screen

Get-AdminFlow | Format-Table -Property FlowName, DisplayName, CreatedTime, Enabled, EnvironmentName

It is important to note that the property FlowName actually refers to the ID of the flow.

What if we want to restrict the Flows retrieved to a specific environment? The following shows all Flows from the environment called “Modery (default)”:

$environment = Get-FlowEnvironment | where {$_.DisplayName -eq “Modery (default)”}

Get-AdminFlow | Where-Object {$_.EnvironmentName -eq $environment.EnvironmentName }

| Format-Table -Property FlowName, DisplayName, CreatedTime, Enabled, EnvironmentName

Display the number of Flows in each environment

What if we want to get more details on the number of Flows in each environment?

Get-AdminFlow | Select -ExpandProperty EnvironmentName | Group | %{ New-Object – TypeName PSObject -Property @{ DisplayName = (Get-FlowEnvironment -EnvironmentName

$_.Name | Select -ExpandProperty displayName); Count = $_.Count } }

Retrieve all disabled Flows in a specific environment

$environment = Get-FlowEnvironment | where {$_.DisplayName -eq “Modery (default)”}

Get-AdminFlow | Where-Object {$_.EnvironmentName -eq $environment.EnvironmentName – and $_.Enabled -eq $false } | Format-Table -Property FlowName, DisplayName, CreatedTime, Enabled

Retrieve all Flows for a specific user across all environments

Assuming that our user has the UserPrincipalName [email protected]:

$owner = (Get-MsolUser -UserPrincipalName [email protected]).ObjectId

Get-AdminFlow | ForEach-Object { $a = Get-AdminFlowOwnerRole -Owner $owner – EnvironmentName $_.EnvironmentName -FlowName $_.FlowName ; if (!($a -eq $null)) { Write- Host “$($_.DisplayName) t$($_.FlowName) t$($_.EnvironmentName) “} }

Disable a specific Flow

We assume here that we already found the ID for the Flow to get disabled, and simply store it in a variable:

$flowId = “0d1ade3e-caf2-456c-8538-8deb1e12ed31”

$environment = Get-FlowEnvironment | where {$_.DisplayName -eq “Modery (default)”} Disable-AdminFlow -EnvironmentName $environment.EnvironmentName -FlowName $flowId

Enable a specific Flow

We assume here that we already found the ID for the Flow to get disabled, and simply store it in a variable:

$flowId = “0d1ade3e-caf2-456c-8538-8deb1e12ed31”

$environment = Get-FlowEnvironment | where {$_.DisplayName -eq “Modery (default)”} Enable-AdminFlow -EnvironmentName $environment.EnvironmentName -FlowName $flowId

Retrieving permissions details for a specific Flow

$flowId = “0d1ade3e-caf2-456c-8538-8deb1e12ed31”

$environment = Get-FlowEnvironment | where {$_.DisplayName -eq “Modery (default)”}

Get-AdminFlowOwnerRole -EnvironmentName $environment.EnvironmentName -FlowName


For more information on the details listed here, please check out the blog article Managing Microsoft PowerApps and Flow Like a Pro – Part 3 listed in the Links below.


Using a Flow to stay up to date on Flows

Now that we’ve seen how to manage Flow via the admin portals and with PowerShell, the last thing we want to look at is how you can use Microsoft Flow to manage your Flows. Specifically, we will look at an existing template from Microsoft that allows you to get a daily email with an inventory of all newly created resources (PowerApps, Flows, Connectors).

This template can be found in the Flow Portal under Templates. When you search for ‘admin’, you can find the “Get list of new PowerApps, Flows and Connectors” template:

Select it, and grant the following permissions:

This flow will run a specified schedule and will retrieve all newly created resources from a specific reporting period.

The complete Flow looks like this:

Important are the following actions:

Under Recurrence, you can specify how often the Flow should run. Once a day should be more than enough, but you could also reduce it to once a week.

Under ‘Initialize reportingPeriod’, you specify the number of days (use a negative number) to look at. The default is the past 7 days.

Lastly, under ‘Send an email’, you could add additional recipients besides yourself, or update the content of the email.

Here’s an extract from the email that gets sent:


0000-00-00 00:00:00

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}