[CoE Starter Kit - QUESTION] Apps get quarantined if maker fills out compliance information but admin not yet approved

[sudadakkota]

What is your question?

Please teach me about quarantining apps with the Governance component.
Based on the following public information, we are investigating the specification of the governance component.

https://learn.microsoft.com/en-us/power-platform/guidance/coe/governance-components#app-quarantine-process
https://learn.microsoft.com/en-us/power-platform/guidance/coe/setup-quarantine-components

According to the public information, "Admin | Quarantine non-compliant apps" included in the governance component is executed weekly and updates "Quarantine App" of apps that meet some conditions.

It looks like the conditions include "Admin Risk Assessment status is not complete.", but I don't understand what this means.
Does this mean that the user submitted the app compliance information from the "Developer Compliance Center", but the administrator did not operate the "Power Platform Admin View" app and left it as it was?

What solution are you experiencing the issue with?

Governance

What solution version are you using?

September 2022

What app or flow are you having the issue with?

Admin | Quarantine non-compliant apps

[Jenefer-Monroe]

Hello. First, note that you can quarantine apps manually by toggling the flag in the Power Platform Admin View app. That will cause the following flow to run and either quarantine or release the app: Admin | Set app quarantine status

[Jenefer-Monroe]

For the compliance technique, if the app was requested for compliance X days ago (7 by default, configurable by env var) and if the Risk Assessment state is not Complete. You are correct this means if the person filled it out and the admin just didnt approve / reject yet. I think we should change that.

[Jenefer-Monroe]

For Oct I am changing this filter to be as follows:

This will mean if the user ignores the request, their app will be quarantined after X Days of ignoring.
But if they fill it out and are just waiting on admin approval, they are ok

[Jenefer-Monroe]

Thank you so much for raising and helping make the starter kit great!

[sudadakkota]

Thank you for your answering!

So, are the following scenarios correct when isolating apps using this feature?

①Notify users to submit compliance information from the Developer Compliance Center under the conditions in the image above (Admin | Quarantine non-compliant apps).
②User submits compliance information from the Developer Compliance Center.
③The submitted information is checked by the administrator in the Power Platform Admin View.
④Mark 'Quarantine App' as 'Yes' if admin considers it a violation.
⑤"Admin | Set app quarantine status" flow quarantines app.

Is the above scenario correct?

[Jenefer-Monroe]

There is no reject in the compliance world so there seems to be something not quite right above.

You can manually quarantine, or (starting in Oct) if the app is in "requested" state for too long (configurable per above) then it will be auto-quaratined.

[CoEStarterKitBot]

@sudadakkota This has been fixed in the latest release. Please install the latest version of the toolkit following the instructions for installing updates. Note that if you do not remove the unmanaged layers as described there you will not receive updates from us.