Power Platform Business Continuity Starts Before the Maker Leaves

Continuity comes from designed ownership, deployability and recovery, not emergency transfer during offboarding.

3 minute readBy Lucas North

The worst time to discover how a Power Platform solution works is after its maker’s account has been disabled. Yet that is the point at which many organisations first ask who owns the flow, which connection it uses, whether the source exists anywhere else and what happens if it stops.

The usual response is an offboarding report or a generic service account. Both can help with discovery. Neither proves that somebody else can operate the service.

Ownership is more than being listed as an owner

Power Platform exposes technical ownership on apps and flows, but business continuity needs several different responsibilities:

  • a business owner accountable for the outcome and continued need;
  • a technical owner able to diagnose and change the solution;
  • an operational route for incidents and user support;
  • an authority able to approve access and risk decisions.

One person may hold several roles for a small service. The roles still need to be explicit. Adding a co-owner who has never opened the solution is access redundancy, not operational resilience.

For a supported workload, ask the deputy to make a small change, deploy it and recover a deliberately failed connection. Evidence that somebody else can operate the service is far more useful than a populated ownership field.

Runtime identity should follow the service boundary

Scheduled and event-driven flows often run using a maker’s connection. Their employment, licence, password, conditional access state and personal permissions become hidden dependencies of the business process.

Moving every flow to one shared account concentrates the problem. Unrelated services now share credentials, permissions, throttling and a blast radius. When the account is compromised or blocked, the estate fails together. Nobody can infer business accountability from the identity because it owns everything.

Use workload-aligned identities and least privilege. Where the connector and platform support application users or service principals, use them deliberately. Where a user-backed connection remains necessary, document why, restrict its purpose and test credential rotation. The technical identity keeps authentication alive; it does not replace the humans accountable for the service.

Continuity requires a deployable product

A solution that exists only in production cannot be recovered confidently. Supported workloads should have a solution package, source-controlled assets where practical, known environment configuration, an inventory of connection references and a repeatable deployment route.

Document the dependencies that are easy to miss: gateways, mailboxes, SharePoint sites, custom connectors, environment variables, certificates, external APIs and data-retention obligations. Decide which state can be recreated and which must be restored. A screenshot of a flow is not a recovery plan.

Service tier should determine depth. A personal reminder does not need a disaster-recovery exercise. A flow that moves payroll data or creates regulatory records does. Applying the same continuity process to both produces either bureaucracy or dangerous under-control.

Offboarding should detect exceptions, not trigger design

Offboarding automation should report residual assets, personal connections and sole ownership before access disappears. It is a valuable final check. If the organisation relies on that moment to transfer critical services, the control has already failed.

Continuity begins when a workload becomes important, not when its creator resigns. Graduation into a supported service should add accountable owners, an appropriate runtime identity, deployability, monitoring and tested recovery. Those controls also protect against holidays, role changes, reorganisations and ordinary human unavailability.

The standard is not that a platform administrator can eventually seize the app. It is that another capable person can explain, operate, change and recover the business service without depending on the memory or account of its maker.

Written by

Lucas North

I build enterprise software and write about the decisions, constraints and failure modes that rarely fit into a product announcement.

More about me →