Microsoft Entra ID · M365 & Platform Services

Power Platform Administrator

Can create and manage all aspects of Microsoft Power Apps, Power Automate, and Power BI environments and policies.

Scope: Full administrative access to Power Platform services including environments, policies, and governance

Permissions

  • Create and manage Power Platform environments
  • Configure Power Platform DLP policies
  • Manage Power Apps and connectors
  • Manage Power Automate flows organization-wide
  • Configure Power BI tenant settings
  • Manage capacity and resources
  • View Power Platform analytics

Common use cases

  • Power Platform environment management
  • DLP policy configuration
  • Connector governance
  • Capacity planning for Power Apps
  • Power Automate governance
  • Power BI tenant administration

Best practices

  • Implement DLP policies to control connectors
  • Create managed environments for production
  • Monitor solution deployments
  • Use environment groups for governance
  • Document capacity allocation

Security considerations

  • Can configure data loss prevention policies
  • Controls access to business connectors
  • Power Automate can automate privileged actions
  • Monitor for shadow IT through Power Apps

Common questions

When should I assign the Power Platform Administrator role?

Assign Power Platform Administrator when you need to: Power Platform environment management; DLP policy configuration; Connector governance; Capacity planning for Power Apps; and Power Automate governance. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Power Platform Administrator role do?

The Power Platform Administrator role grants permissions including: Create and manage Power Platform environments; Configure Power Platform DLP policies; Manage Power Apps and connectors; Manage Power Automate flows organization-wide; Configure Power BI tenant settings; and Manage capacity and resources. See the Permissions section above for the full list.

What are the security risks of the Power Platform Administrator role?

Key considerations when assigning Power Platform Administrator: Can configure data loss prevention policies; Controls access to business connectors; Power Automate can automate privileged actions; and Monitor for shadow IT through Power Apps. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →