10 September 2018 - PowerApps CAT Team

Deploying the Thrive suite built on PowerApps to all 120K+ employees at Microsoft

Pat Dunn is a Technical Program Manager on the Microsoft IT team responsible for developing and deploying PowerApps based solutions to all 120K+ ...

Pat done a technical program manager at

Microsoft IT we started our journey with a power apps team about two years ago and it's been a just a remarkable journey we've watched the the product just progressed from this idea that had potential to really being a viable enterprise solution and and I'll show you that that today currently we've deployed our solutions we have about 10 apps that we had deployed worldwide to 120,000 FTEs our monthly usage is about 18,000 people so in any given day I can count about 2000 to 2500 unique users so I you know I'm here to tell you that this can really scale to the enterprise you don't need to know about my German okay so let's talk about thrive so thrive is our employee experience that um we we you know two years ago we said we want as part of our digital transformation we want to take our our aging app infrastructure we want to move it to the cloud we want to move it to to de Mol it's got to be world-class no compromises power apps actually was a great fit for us because you can just it's so easy to develop a nice-looking UI it just it looks crisp it looks really sharp when people get in there as a developer as a

maker it's just really easy for them to get started and it's great because you can build it once and consume it in a number of different ways which I'll show you today so you can see from from this diagram right here we have we have a home app and a home app is is our aggregator for content this is where we we push cards you know like company news tasks that you have to perform and so forth and then we have a series of no adapts around the side people can get directly into our node apps if they want to you know we we create short links for each of them we use a kms but you guys could use bit League or something like that and people can go directly into it but we like to use our home app as that kind of you know initial launching point that deep links into these other scenarios right we all of our apps are built on top of a juror app services they're secured with a LOF 2.0 we have single sign-on that that's been enabled so for the users it's a completely seamless experience at Microsoft we enforce multi-factor off plus we also have conditional access policy so your device needs to be

enrolled in in tune in order to use our apps works absolutely seamlessly with that you know you've login it prompts you that your device needs to be secured takes you through the workflow and now they're in the app so it's it's fairly painless for our users to come in just a little bit about story you know we we love dog food so we we embedded with the power apps team a couple years ago too and have driven more than three hundred features and requests into the product we're out there building enterprise apps as we discover bugs and gaps we bring that to the the Prada group they've been just exceptional about fixing those those issues okay this is our high-level architecture so you can see these are the same group of apps that that I showed you before every one of those apps connects through the RP service layer which then in turn goes to the power apps API M the API M acts as a proxy that comes back into our subscription so we have the MSI T as your subscription down here where we surface a series of these little atomic app services what we've done is we've we've created our own environments so we're outside of the default environment

we want as an IT shop we want you know people did too to see our apps and to have the feeling that these are official sponsored IT apps and not the the kind of the viral Wild West so we've created our own environment in that environment it's secured so that only a certain SG has maker privileges you know that's that that's my future crew there we've created these connection objects that sit on top of these app services the connection objects then are just open to the entire organization I don't need to worry about locking them them down because no one else has maker permissions in that app so they can't reuse my connection objects right so that that's my first level of security and these connection objects then in turn go back and talk to to various services so over here we have office graph I do a lot of work and graph right so I can talk to a IDI there I could talk to exchange web services there I can talk to delve analytics there if you're not familiar with office graph you really need to go and look at it it's phenomenal what you can do there we have in our apps we have a ticketing system so if there is an

issue people can open up the ticket attach a screenshot and submit that in the app itself that goes to CRM online all of my AP is here talk to application insights in the backend so there I have telemetry I have monitoring setup so my team is alerted in case if there's an issue so we had a philosophical conversation in the beginning you know much of what I described here especially an office graph is available through out-of-the-box connectors right so your community could develop apps that could use these out-of-the-box connectors but if you do that you don't know when it's broken you don't get telemetry on it so you don't get things like output caching so what we did is we built wrappers over the top of all that stuff the idea being to that we now have the building blocks so that as other makers come in and they want to build things that they can just reuse what we built and then this right here is just kind of representing that we have lob scenarios to line line of business applications things like our our time away system so we have pathways and through those app services that that tell back sometimes into the corporate network sometimes to other Azure systems

in this case what I'm going to show you today for the time away system we're using Express route to talk to a sequel database that's in iOS then on this part right here we have the enterprise card stream so this is a service that that we're we're currently refactoring the idea here is that you can push cards and content and tasks into our home app which will light up these other scenarios and um and when when needed we can use flow for push notifications so we've used the push notification connector than to push things but we push it back into the home app since we want everybody to keep on coming back in the home app we push all the push notifications come in here you land on here we past the card ID is an input parameter and then you can see oh here's my card here's my tasks you click on it and then it'll launch one of these node apps over here okay that's a super super quick gloss through of our architecture let me this is our existing time away solution this was built about 20 years ago when I started at Microsoft down here it's at power bi sequel server 2000 it has not changed one bit since then

this is in corporate requires a corporate connection there's vbscript modal dialog boxes that pop up when you make when you have an error the UI is super clunky you have to navigate through these you know week by week here there's like zero work flow for for this you know like you do this and then then you do all those other things afterwards you know like like send a meeting request to your colleagues clear your calendar so there's this is just completely standalone right so people really despise this app and my usage of this app is actually really poor as a result here's the new solution which I'll just give you a brief demo on this right after this this is accessible anywhere so I built it once and it works on the web mobile I can embed it in different scenarios the the UI has been really streamlined and we have we're using office graph then to do workflow automation after that okay so demo God's knowing this is one of my environments because of course it is okay so this is one of my environments you can see I have a UAT environment I also have a dev environment and

production environment we sandbox that on purpose I will show you this time away app loader screen right here we're using timers right now to to fire off a series of API calls that's being refactored to use the new concurrent function so if you're if you're not using concurrent you should be moving to concurrent all your API calls will fire in parallel and your code is much much cleaner you can see we have a dashboard we have a history view I can submit new vacation requests now we have a slide of control on the bottom I paint a calendar for you I fetch holiday information from there's a SharePoint list that we have that has all of our holidays I can see that the vacation days that I've already submitted are already highlighted if I go over here in the future see I'm going to take the second and the third off another API call just fired right there we have a pop up this is on a timer I'm gonna change that to the notify function soon now I have workflow options so I can tell my team and here this is using Dell frequent contacts now so those are people that I work with the most it suggests them to me so I work with my colleague Eric but if

there's someone that's not on the list I can type in their name it will make an an ad search or let me graph search rather to ad and it CH that that colleague plus their photo can add them here and so this is using those connectors to send out a calendar invite that's right and then I'm also using there's a mailbox settings I think and in graph that lets you talk to your out of office message so we give you some boilerplate text here you can choose to accept that or modify it submit it and I've just now put that out my auto reply - so on the first and second when I people will get that that message automatically okay so that's just a super super brief demo of what we what we built there you just need to push this okay so just really quickly about our process we maintain all of our backlogs in VSDs you can see a screenshot of our backlog over there on the right hand side we use a full development process you know there's no compromises here for the for the all up process we're an agile shop but anytime that we come up with a new scenario then we go through a UX process

going first from static prototypes to dynamic prototypes we use tools like balsamic and proto PI to do that we've also used Marvell sketch blend we have an engineering team that's located in Hyderabad they developed the c-sharp application services I have a Chennai team which has become specialized in building the power-ups themselves and so the these guys are just a shop that that just continually turns out world-class solutions they do a great job for our testing and this is like super brief again we we use Fiddler traces so if you're not using Fiddler to to troubleshoot your app you definitely should you can set up a filter on star API m-net you see only your API calls and you can go in there and see exactly what what your system is or what your APIs ending and what its getting back we use VSDs web tests we take that Fiddler's trace we poured it out to our we explored it as bsts web tests changed the the bare token make it make it a parameter and then I can do low tests against my app so in in the past I was able to I had a conference app with about 1,700 attendees I was able to to simulate about 1400 at a time so I know

that the platform can can scale and I have confidence in the meantime there is throttling though so you'll start to see 429 errors if you do that and then we go through a full you know we we have institutional paranoia so we go through the full privacy security gdpr review process with every release that we have talked really briefly about the environments I have Debu IT and production environments all my permissions only go to security groups I never give permissions to individuals because it just becomes a huge mess like I said the connectors are shared with the entire org the of the apps themselves are shared to security groups I have one group which is my consumers and then another group which is going to be my my makers in my UAT in production environments I use a service account so I have an account called M si T power apps that way if when I submit an an app or when I release an app somebody can see that it's from the IT organization and they go that this is the stamp of quality I I take those apps then and using using our powershell commandlets I set them as featured so you should be

well aware of the the commandlets I set them is featured and then the home app I said is the hero way so as people open up the mobile experience they'll see the home app on the very top and in it invites them in and kind of takes them past the Wild West piece of it right any time that I promote my apps I always build in my dev environment and when I think it's good then I'll create a package I'll export that to my UAT environment when that has been certified and we feel confident that we can move forward with it we'll take that same package and then we'll promote that same package to to the prod environment there's big changes coming in in the ALM space you know so this is really point in time if you were to look at this presentation you know three months from now you'd go oh how quaint but but for right now that's I quick tips and tricks that this looks like actual code look at that that's my own visible and it has like real code in it use comments use the concurrent function right here use a format pretty soon there's gonna be a pretty print feature use pretty print it will make your code so much easier to to follow when you're doing releases we

like to create net new connectors it takes a few minutes for that connector to register sometimes with the API M depends on the time of date you know with with traffic its first first-in first-out so what I'll do is I'll release a new app I'll have a new connector and if I find any issues when I roll the app back it uses the old connector again and I can instantly roll it back and you know a matter of a minute yeah went through the service accounts discovery so short URLs for everything makes it easier for your people to find your apps there's a QR code generator on bing if you go to Bing comm you can see it there you can embed it in in SharePoint sites you can also this is in preview right now but you can embed it in Bing for business you could show crew yeah yeah real quick that's a really cool feature that's that's the Bing team is releasing I didn't partnership your just showed launching would be yeah okay so here let me go okay so this is Bing calm I am logged in as me and if I search for certain keywords like say time off it has the

embed of the app right there that's the actual app embedded right there in the search results and we have our kudos app doing that there's a holidays holidays app that does that for time away I have two separate time away apps one of them is for domestic the other ones for international it looks at my security group and it paints the the correct one over here it's a super super cool feature so I you know highly recommend that you guys do that that is pretty cool for business I can switch it back yeah and then the very last I mentioned the featured in hero apps and the very last thing is powershell commandlets I think James has not only written the powershell commandlets but also wrote a blog post thing about those know thy command lists and and use them they will definitely help with the enterprise discovery thank you thanks bad thanks a lot you know