🚀 Power Platform Governance with Terraform

Transform your Power Platform governance from ClickOps to Infrastructure as Code

Warning

This repository is archived and no longer actively maintained.

It was created as demonstration material for the session "Enhancing Power Platform Governance Through Terraform: Embracing Infrastructure as Code" presented at Power Platform Community Conference 2025 by Raphael Pothin.

The code and documentation are preserved here as a read-only reference. No issues, pull requests, or discussions will be monitored. For questions or feedback, please reach out to Raphael Pothin directly.

---

🎯 About

This repository demonstrates how Infrastructure as Code (IaC) with Terraform can transform Power Platform governance, addressing common challenges faced by platform administrators:

Traditional ClickOps	Infrastructure as Code
🖱️ Manual clicks	📝 Declarative configuration
🔍 No audit trail	📊 Complete version history
😰 Error-prone	✅ Validated and tested
🐌 Slow to scale	🚀 Instantly replicable
🔧 Hard to maintain	🔄 Self-documenting

📁 Project Structure

🏗️ ppcc25-terraform-power-platform-governance/
├── 📦 configurations/     # Ready-to-deploy Terraform configurations
│   ├── ptn-*             # Complete implementation patterns
│   ├── res-*             # Individual resource configurations
│   └── utl-*             # Utility configurations (exports, generation)
├── 📚 docs/              # Complete documentation (tutorials, guides, references)
├── 🤖 .github/           # GitHub workflows and automation
├── 🎬 .demo/             # Demo scripts and assets used during the conference session
├── 🛠️ scripts/           # Setup, cleanup, and utility scripts
└── 🔧 .devcontainer/     # Development container configuration

🎯 What Does This Demonstrate?

🛡️ Data Loss Prevention (DLP) Policies

Control which connectors can be used together to prevent data leakage.

Example: Finance department policy restricting data flow between SharePoint and external services.

🌍 Environment Provisioning

Create and configure Power Platform environments consistently.

Example: Dev/Test/Prod environment group with standardized settings.

🔗 Azure Integration

Extend environments with Azure VNet for secure hybrid connectivity.

Example: Private connectivity between Power Platform and Azure SQL using enterprise policies, zero-trust NSGs, and private DNS zones.

---

Configuration Catalog

Configuration	Purpose	Complexity
utl-export-connectors	Export connector list from tenant	⭐ Simple
utl-export-dlp-policies	Export existing DLP policies	⭐ Simple
utl-generate-dlp-tfvars	Generate tfvars from exported policies	⭐ Simple
res-dlp-policy	Create/update DLP policies	⭐⭐ Easy
ptn-environment-group	Provision environment group (Dev/Test/Prod)	⭐⭐⭐⭐ Advanced
ptn-azure-vnet-extension	Add Azure VNet integration	⭐⭐⭐⭐ Advanced

🔬 Key Technical Details

• Terraform: >= 1.5.0 required
• Authentication: OIDC (zero stored credentials)
• State Management: Azure Storage backend
• Provider: microsoft/power-platform ~> 3.8
• Azure Infrastructure: Built on Azure Verified Modules (AVM)
• Naming: Cloud Adoption Framework (CAF) conventions

📖 Documentation

The docs/ folder contains full Diátaxis-structured documentation preserved for reference:

Section	Content
📚 Documentation Home	Starting point and navigation
🎓 Tutorials	Step-by-step walkthroughs (Getting Started, DLP Policies, Environment Groups)
🔧 How-to Guides	Task-specific instructions (setup, DLP management, ClickOps migration, troubleshooting)
📖 Reference	Configuration catalog, module reference, common patterns
💡 Explanations	Architecture decisions, why IaC, known limitations

📄 License

This project is licensed under the MIT License — see the LICENSE file for details.

🙏 Acknowledgments

Author

Raphael Pothin 💻 📖 🎨

Inspiration

• Azure Verified Modules
• Power Platform Terraform Provider

---

Made with ❤️ for the Power Platform Community

Presented at Power Platform Community Conference 2025

⬆ Back to top