[CoE Starter Kit - QUESTION] Developer Compliance Center app for Flows? #2374
Comments
sciencestudent-Sharon
added
coe-starter-kit
sciencestudent-Sharon
changed the title
|
Hello, Hello, for Apps, the compliance details request is based on how many users the app is shared with or how often the app is launched. So basically the usage indicates the ask for compliance - thresholds can be set by the admin here, but it's basically to ensure we don't ask for compliance for an app that's never used that only the maker has access to anyway. For flows and custom connectors, we do not have information on how many people it's shared with and how many people are using it, hence we've held off on implementing automated compliance request flows for it. It's not currently in our backlog to add compliance requests for those, but if you share your standards for what you would consider non-compliant and we think they'd apply to and be valuable for more customers, we'd be happy to add this feature ask to our backlog. Flow compliance asks can be triggered manually by the admin, and in the Developer Compliance Center makers can manually fill out details for their flows pro-actively (vs upon request). Thank you |
|
Ok thank you! We have noticed that makers tend to create more flows than apps or bots, so this feature would be useful for us. I can submit a feature request for this later. To confirm - how can flow compliance be triggered manually? I don't remember seeing the documentation for this specifically. I noticed this can be done with apps by sending out a URL formatted with the appIDString - is this the same for flows, what is the correct URL format for flow compliance asks? ie. 'compliance app URL' + 'flowName=' + 'flowStringID' ? Thanks |
|
We can treat this issue as the feature ask, no need to raise something new! When would you send a compliance asks for flows? For apps, it's based on how many users the app is shared with / how often the app is usd, but we were struggling to think of a criteria for when flow compliance should be requested as we do not have cloud flow run details? To manually request it, open the Power Platform admin view > select a Flow > select the Audit tab > change the Admin Requirement - Risk Assessment State to Requested This will mean that if a maker looks in the Developer Compliance Center, the flow will show as traffic light = red, which means compliance details have been requested
The flaw in this process is
The good news is we can implement both fairly easily so I'll add this to our May release plan. |
manuelap-msft
added
enhancement
|
Dev notes for May:
|
|
Hello, thanks for your quick response: "When would you send a compliance asks for flows?"
"To manually request it, open the Power Platform admin view > select a Flow > select the Audit tab > change the Admin Requirement - Risk Assessment State to Requested"
Thanks! |
|
Hello, of course! I'll leave this issue open until we implemented and rolled out these two features:
We'll have that ready in the next release, which will likely go out first week of May. But if you have any further questions in the meantime, please do let us know! Thanks for the great feedback |
|
@sciencestudent-Sharon This has been fixed in the latest release. Please install the latest version of the toolkit following the instructions for installing updates. Note that if you do not remove the unmanaged layers as described there you will not receive updates from us. |
|
I hope it's not inappropriate to ask this question here, but once we've manually changed "the Admin Requirement - Risk Assessment State to Requested", what happens if the Maker doesn't submit compliance details. I assume the flow just stays in Requested state indefinitely unless we do something about it? Not a complaint, just looking for confirmation |
What is your question?
Hi there,
Regarding:
"This app is used in the auditing process as a tool for users to check whether their app, flow, chatbot or custom connector is compliant, and to submit information to the CoE admins as business justification to stay in compliance."
I noticed when modifying the Developer Compliance Center app there is definitely a screen for obtaining flows compliance (there also seem to be errors out of the box).
But how does the Developer Compliance Center app get sent to Makers for flows compliance?
ex. "Developer Compliance Center URL + appName=AppIDString" for Apps <- but this doesn't seem to work for flow IDs
I understand that in the App auditing process, it's the 'Admin | Compliance Detail Request' flow in the CoE that sends out emails accompanied with the Developer Compliance Center URL to prompt Makers to fill out the form.
But when I review this 'Admin | Compliance Detail Request' flow, it looks like it's only sending out requests for Apps and ChatBots at the moment.
Is there another flow that sends out the request for flows separately that I can look into?
I would also like to be able to send out the 'compliance app URL + flow ID' like we can for Apps to specific users on their specific flows (outside of the CoE automated flow). Is it possible to do this with flowIDStrings?
Thanks in advance
What solution are you experiencing the issue with?
No response
What solution version are you using?
3.31
What app or flow are you having the issue with?
Admin | Compliance Detail Request
The text was updated successfully, but these errors were encountered: