Connectors · Microsoft

Power Apps

Rencore monitors Power Apps across 38 governance policies, 25 reports, and 8 inventories covering environments, apps, connections, custom connectors, DLP, solutions, and Power Pages, detecting sprawl, premium-license risk, DLP gaps, and unmanaged solutions automatically.

Digital Workplace Code

Last reviewed 17 May 2026 For M365 Product Owner, IT Admin

Book a demo Start free trial

Rencore Power Apps governance is a set of 38 policies, 25 reports, 23 segments, and 8 inventories that audit Power Apps environments, apps, connections, custom connectors, DLP policies, solutions, and Power Pages sites. It detects apps requiring a premium license, canvas apps without owners, apps shared with everyone, DLP policies that block no connectors, unmanaged solutions, and Power Pages sites without custom domains, giving IT a tenant-wide view of the citizen-developer landscape.

99 governance capabilities: 8 inventories · 38 policies · 25 reports · 23 segments

Why govern Power Apps with Rencore

Control app sprawl and ownership

Detect canvas apps without owners, apps inactive for 90 days, apps not published in the last year, apps without descriptions, apps shared with more than 100 users, and apps shared with everyone. Prioritize cleanup by usage and exposure.
Surface premium-license risk

Flag apps requiring a premium license, apps relying on grandfathered premium APIs, connections using a premium API tier, and custom connectors classified as premium. Right-size your Power Platform spend before audit.
Govern DLP, connectors, and consent

Find DLP policies that block no connectors, default-to-General DLP, custom connectors without privacy policy or maintainer contact, on-premise connections, and apps and connections that bypass user consent. Close the gaps before sensitive data leaks.
Manage solutions and Power Pages

Inventory unmanaged solutions, solutions owned by the default publisher, solutions without a publisher prefix or identifiable owner, plus inactive or trial Power Pages sites and production sites without a custom domain.

What Rencore discovers

Rencore automatically inventories these Power Apps object types.

Environment

All Power App environments in your tenant
Power App (Canvas App)

All Power Apps (Canvas Apps) in your tenant
Connection

All Power App connections used by your Power Apps
Version

All versions of your Power Apps
Power Platform DLP Policy

Data Loss Prevention policies that restrict how connectors can be combined inside Power Platform environments.
Power Apps Custom Connector

Custom (tenant-built) connectors registered in a Power Platform environment.
Power Platform Solution

Application Lifecycle Management (ALM) solutions packaging Power Apps, Flows, Dataverse tables, and other components inside a Power Platform environment.
Power Pages Site

Power Pages (modern) sites running inside a Power Platform environment.

How Power Apps governance works in Rencore

Rencore connects to Power Apps via the Power Platform API and inventories eight object types: environments, canvas apps, connections, app versions, DLP policies, custom connectors, solutions, and Power Pages sites. The 38 policies run on every scan cycle, evaluating each object against sprawl, licensing, DLP, connector, solution, and Power Pages rules with severity levels.

Who uses Power Apps governance

M365 product owners use the 23 reusable segments and 25 reports to size the citizen-developer footprint and right-size premium licensing. IT administrators rely on DLP and custom-connector policies to keep sensitive data inside approved boundaries. CISOs use consent-bypass and on-premise connection policies as part of broader Power Platform risk reviews. The output complements Power Automate and Power BI governance for a unified Power Platform view.

Getting started

Connect your Microsoft 365 tenant. All 38 Power Apps policies activate on first scan alongside your existing M365 governance, with no per-environment configuration required. Reports cover apps by environment, premium-API usage, DLP scope, and Power Pages status, so platform owners can see exposure at a glance.

Policies

38 governance rules that detect violations and risks.

Severity Category

Power Apps (Canvas Apps) without Owners

Shows PowerApps with no Owners

High Operation
Power Apps that bypass user consent

Apps with BypassConsent skip the connector consent prompt and silently use shared credentials.

High Security
Power App connections that bypass consent

Connections with ByPassConsent skip prompting end users for consent before sharing credentials.

High Security
DLP policy covers all environments but blocks no connectors

An all-environments DLP policy without blocked connectors offers no real protection.

High Security
Solutions owned by the default publisher

Content shipped under the environment default publisher cannot be versioned or distributed cleanly. Assign a real publisher with a customisation prefix.

High Operation
Suspended Power Pages sites

Sites in the Suspended state are blocked by Microsoft; investigate and unblock or remove.

High Operation
Power Apps using an on-premise data gateway

Apps reaching on-premise data sources increase the attack surface and depend on gateway availability.

Medium Security
Power Apps using custom connectors

Apps using custom connectors bypass first-party connector governance and must be reviewed.

Medium Security
Power Apps not published in the last year

Apps that have not been republished in over a year may be abandoned and ready for decommission.

Medium Sprawl
Power Apps relying on grandfathered premium APIs

Apps still using grandfathered premium connectors will eventually require premium licenses.

Medium Costs
Default environment used for production

Microsoft recommends moving production workloads out of the Default environment to dedicated Production environments.

Medium Operation
Custom Power App connections

Custom connectors expose external APIs and need to be reviewed for security and authentication.

Medium Security
On-premise Power App connections

On-premise connections route Power App traffic through customer-managed gateways and require monitoring.

Medium Security
DLP policies defaulting connectors to General

Policies that default new connectors to the non-business (General) group inadvertently approve every new connector for general use.

Medium Security
DLP policies without custom connector restrictions

Policies that do not explicitly classify any custom connector leave tenant-built connectors unrestricted.

Medium Security
Custom connectors without a backend service URL

Connectors registered without a backend URL are misconfigured and will fail at runtime.

Medium Operation
Unmanaged solutions

Unmanaged solutions are editable in place and undermine ALM. Shipping content should be packaged as managed solutions.

Medium Operation
Solutions without a publisher prefix

Solutions whose publisher has no customisation prefix produce uncategorised entities and fields. Configure a publisher prefix before packaging content.

Medium Operation
Solutions without an identifiable owner

Solutions with no recorded creator are unowned and cannot be assigned for governance follow-up.

Medium Operation
Power Pages sites on a trial

Trial sites expire and cannot be relied on long-term. Convert to production before content is built on top.

Medium Costs
Power Apps requiring a premium license

Shows Power Apps with premium connectors, custom connectors, common data service etc.

Information Costs
Power Apps (Canvas Apps) shared with everyone

Shows Power Apps that all users of current tenant can viewed and used.

Information Security
Power Apps without a description

Apps without a description are harder for end users to discover and for admins to govern.

Information Operation
Power Apps inactive for 90+ days

Apps that have not been modified for 90 days are likely no longer maintained.

Information Sprawl
Power Apps shared with more than 100 users

Apps shared with very large groups of users should be evaluated for tenant-wide sharing or governance.

Information Security
Power Platform environments not modified for 180 days

Environments without recent activity should be reviewed and possibly decommissioned to reduce capacity usage.

Information Sprawl
Connections using a premium API tier

Premium tier connectors require premium licenses for every consuming user.

Information Costs
DLP policies with no blocked connectors

Policies that do not block any connector cannot prevent sensitive connector combinations.

Information Security
Custom connectors without a privacy policy

Custom connectors should declare a privacy policy URL so end users understand how their data is handled.

Information Security
Custom connectors without maintainer contact

Custom connectors without a documented maintainer contact are harder to govern when they break or are misused.

Information Operation
Custom connectors without a license declaration

Custom connectors without a license cannot be reviewed for legal use.

Information Operation
Custom connectors classified as Premium

Premium-tier custom connectors require premium licensing for every consumer.

Information Costs
Custom connectors not updated in 365 days

Custom connectors that have not changed in over a year may rely on outdated upstream APIs.

Information Sprawl
Solutions not updated in 365 days

Solutions untouched for over a year are likely stale. Review whether they are still in use.

Information Sprawl
Solutions with no components

Empty solutions add governance overhead without packaging anything. Remove or merge them.

Information Sprawl
Inactive Power Pages sites

Power Pages sites with status Inactive are not serving traffic and may be candidates for cleanup.

Information Sprawl
Power Pages sites not updated in 90 days

Sites untouched for 90+ days may be abandoned. Review whether they are still required.

Information Sprawl
Production Power Pages sites without a custom domain

Production sites served only from the default powerappsportals.com subdomain look unbranded and lack DNS-level control.

Information Adoption

Need a rule that isn't listed? Rencore's Policy Builder lets you create custom policies tailored to your organization. Learn more about the Policy Builder

Reports

25 analytics views and dashboards.

Power Apps by type

Distribution of Power Apps across System, SharePoint Form and Canvas types.

Donut Chart · Operation
Power Apps by environment

Top 10 Power Platform environments ranked by number of apps.

Bar Chart · Operation
Apps shared with entire tenant

Power Apps shared with everyone in the tenant, grouped by owner.

Bar Chart · Security
Top Power Apps by shared users

Top 10 Power Apps ranked by number of users they are shared with.

Bar Chart · Adoption
Connections by API tier

Distribution of Power App connections across standard and premium API tiers.

Donut Chart · Costs
Environments by type

Distribution of Power Platform environments by environment type.

Donut Chart · Operation
Environments by location

Top 10 geographic locations by number of Power Platform environments.

Bar Chart · Operation
Power Apps using premium APIs

Power Apps split by whether they use premium API connectors.

Donut Chart · Costs
Top Power App makers

Top 10 owners ranked by number of Power Apps they own.

Bar Chart · Adoption
Power Apps by status

Distribution of Power Apps across their lifecycle status.

Donut Chart · Operation
Power Apps by plan classification

Distribution of Power Apps across plan classifications (Standard, Premium, etc.).

Donut Chart · Costs
Top Power App connector types

Top 10 connector types used by Power Apps in the tenant.

Bar Chart · Operation
Power Apps created per month

Number of new Power Apps created per month over the past year.

Bar Chart · Adoption
Power Apps using on-premise gateway

Power Apps split by whether they connect through an on-premise data gateway.

Donut Chart · Security
DLP policies by environment scope

Distribution of Power Platform DLP policies across environment scopes.

Donut Chart · Security
DLP policies by default classification

DLP policies grouped by how they classify connectors by default.

Donut Chart · Security
Custom connectors by tier

Custom connectors split by Standard vs Premium licensing tier.

Donut Chart · Costs
Custom connectors by environment

Top 10 environments by number of custom connectors registered.

Bar Chart · Operation
Solutions by environment

Top 10 environments by number of solutions deployed.

Bar Chart · Operation
Managed vs unmanaged solutions

Distribution of solutions across managed and unmanaged packaging.

Pie Chart · Operation
Solutions by publisher

Top 10 publishers by number of solutions owned.

Bar Chart · Operation
Solutions by install source

Distribution of solutions by where they came from (tenant-built, AppSource, Microsoft).

Pie Chart · Costs
Power Pages sites by environment

Top 10 environments by number of Power Pages sites deployed.

Bar Chart · Operation
Power Pages sites by type

Distribution of Power Pages sites across production and trial.

Pie Chart · Costs
Power Pages sites by status

Distribution of Power Pages sites across Active, Inactive, and Suspended states.

Pie Chart · Operation

Segments

23 data groupings for targeted filtering.

Canvas Apps

All Power Apps built as Canvas apps.
System Apps

Power Apps that are part of Dataverse model-driven solutions or system apps.
SharePoint Form Apps

Power Apps that customize SharePoint list forms.
Apps using premium APIs

Power Apps that use premium connectors and therefore require premium licensing.
Apps using custom connectors

Power Apps that depend on custom (non-Microsoft) connectors.
Apps using on-premise gateway

Power Apps that connect to on-premise data sources through a gateway.
Apps shared with everyone

Power Apps that are shared with all users in the tenant.
Apps shared with groups

Power Apps that are shared with one or more groups.
Default environments

Power Platform environments flagged as the tenant default.
Production environments

Power Platform environments provisioned with a Production SKU.
Premium connections

Connections used by Power Apps that require a premium license.
Custom connections

Connections that come from custom (tenant-built) connectors.
On-premise connections

Connections that reach into on-premise data sources via a gateway.
All DLP policies

All Data Loss Prevention policies governing Power Platform connector usage.
Tenant-wide DLP policies

DLP policies that apply to every environment in the tenant.
All custom connectors

Custom (tenant-built) connectors registered across all Power Platform environments.
Premium custom connectors

Custom connectors classified as Premium tier.
Unmanaged solutions

Custom solutions that are not packaged as managed.
Solutions on the default publisher

Solutions owned by the environment's default publisher rather than a named publisher.
AppSource solutions

Solutions installed from AppSource (third-party).
Trial Power Pages sites

Power Pages sites running on a trial.
Inactive Power Pages sites

Power Pages sites with status Inactive.
Power Pages sites without a custom domain

Production sites served only from the default powerappsportals.com subdomain.

Frequently asked questions

What governance areas does Rencore cover?

Rencore covers six governance pillars: visibility and inventory across all Microsoft 365 services, ready-to-go policies with over 100 pre-built governance checks, compliance and audit evidence collection for regulatory requirements, extensibility and customization through custom policies and automations, cross-department collaboration with shared dashboards and role-based access, and AI and Copilot readiness to prepare tenants for secure AI adoption.

What is Rencore governance?

Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.

How do Rencore policies work?

Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.

Trusted by

Why govern Power Apps with Rencore

Control app sprawl and ownership

Surface premium-license risk

Govern DLP, connectors, and consent

Manage solutions and Power Pages