Cloud FlowCloud FlowsAdvanced

Environment Variable Drift Detector

Scheduled flow queries environment variable current values across Dev, UAT, and Prod environments via the Power Platform Admin API (HTTP). Compares values and logs any drift to a Dataverse diff table. Posts a Teams summary when variables are out of sync, helping catch config mismatches before they cause production issues.

Microsoft DataverseMicrosoft TeamsHTTP

Unique name

flowLibsEnvVarDriftDetector

Publisher

FlowLibs (flowlibs)

Version

1.0.0.0

Components

9 env vars + 1 cloud flow

Request access

Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.

What it does

Overview

The Environment Variable Drift Detector is a scheduled governance flow that compares environment variable values across multiple Power Platform environments against a designated baseline. It identifies variables that have drifted (values differ) or are missing in target environments, logs findings to a Dataverse tracking table, and posts a styled HTML alert to Microsoft Teams.

Why you'd use it

Use Case

In multi-environment ALM setups (Dev → UAT → Prod), environment variables often drift out of sync due to manual edits, incomplete solution imports, or missed config steps. This flow automates weekly detection of drift and missing variables across target environments. The drift report helps platform admins catch config mismatches before they cause production issues.

The flow is ideal for teams that:

Value drift: A variable exists in both environments but has different effective values (currentValue or defaultValue)
Missing variables: A variable exists in the baseline but is entirely absent from a target environment

Step-by-step

Flow Architecture

Recurrence Weekly Monday

Recurrence

Runs every Monday at 8:00 AM UTC.

Initialize Variables (11 parallel)

Initialize variable

Binds 9 environment variables to working variables plus 2 working variables (varDriftAlertHtml, varDriftCount).

Get Baseline Env Vars

HTTP

Calls the BAP Admin API to retrieve all environment variable definitions and values from the baseline environment.

Parse Baseline Env Vars

Parse JSON

Extracts the value array with schemaName, currentValue, and defaultValue.

Split Monitored Environments

Compose

Splits the comma-separated environment variable into an array of environment IDs.

For Each Target Environment

Apply to each

For each monitored environment: checks if it is the baseline, and if not, retrieves and parses its env vars, then iterates each baseline variable to filter the matching target variable by schemaName, compose effective values, log drift to Dataverse via CreateRecord, append HTML drift/missing rows, and increment counters.

Check If Any Drift Found

If condition

If varDriftCount is greater than 0, build and post the drift report.

If drift > 02 actions run in series

Compose Drift Report — Generates a CSS-styled HTML email with gradient header, stat badge, 4-column data table, and resolution guide.
Post Drift Alert To Teams — Posts the HTML report to the configured Teams channel.

Solution config

Environment Variables

Schema name	Type	Default	Description
flowlibs_GraphTenantId	String	<configure>	Azure AD Tenant ID for AAD OAuth. Set per tenant.
flowlibs_GraphClientId	String	<configure>	App Registration Client ID. Set per tenant.
flowlibs_GraphClientSecret	String	<configure>	App Registration Client Secret. Set per tenant.
flowlibs_MonitoredEnvironments	String	Default-<your-tenant-id>	Comma-separated list of environment IDs to scan.
flowlibs_BaselineEnvironment	String	Default-<your-tenant-id>	Environment ID treated as the source of truth (typically Prod).
flowlibs_TeamsGroupId	String	<configure>	Teams Group (Team) ID for drift alerts. Set per tenant.
flowlibs_TeamsChannelId	String	<configure>	Teams Channel ID for drift alerts. Set per tenant.
flowlibs_AdminNotificationEmail	String	<configure>	Admin email for notifications. Set per tenant.
flowlibs_EnvVarDriftTableName	String	flowlibs_envvardrifts	Dataverse table logical name for drift records.

Auth dependencies

Connectors & Connections

Connector	API name	Actions used
Microsoft Dataverse	shared_commondataserviceforapps	CreateRecord (Logs drift rows to the drift tracking table)
Microsoft Teams	shared_teams	PostMessageToChannelV3 (Posts the HTML drift alert to the configured channel)
HTTP	shared_http	HTTP (BAP Admin API calls with ActiveDirectoryOAuth — used for baseline and target env var retrieval)

Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.

Tweaks & variations

Customization Guide

Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.

Add more environments: Update flowlibs_MonitoredEnvironments with a comma-separated list of all environment IDs to scan (e.g., env-id-dev,env-id-uat,env-id-prod).
Change baseline: Set flowlibs_BaselineEnvironment to whichever environment represents your source of truth (typically Prod).
Adjust schedule: Edit the Recurrence trigger to run daily, bi-weekly, etc.
Filter specific variables: Add a Filter Array action after Parse Baseline Env Vars to only compare variables with a specific prefix.
Add email notification: Insert an Outlook SendEmailV2 action alongside the Teams post in the drift-found branch.

Helpers & literals

Key Expressions

The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.

EXPR.01Effective value resolution

Prioritizes current value over default; falls back to '(not set)'.

workflow definition language

coalesce(currentValue, defaultValue, '(not set)')

EXPR.02Environment array split

Converts the comma-separated env var string into an iterable array.

workflow definition language

split(variables('varMonitoredEnvironments'), ',')

EXPR.03Schema name matching

Used in Query/Filter Array to match variables by unique schema name across environments.

workflow definition language

equals(item()?['properties']?['schemaName'], items('For_Each_Baseline_Var')?['properties']?['schemaName'])

EXPR.04Baseline skip check

Avoids comparing the baseline environment against itself.

workflow definition language

not(equals(trim(items('For_Each_Target_Environment')), variables('varBaselineEnvironment')))

EXPR.05BAP Admin API endpoint

Retrieves all environment variables with values from any environment.

text

https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/{envId}/environmentvariables?api-version=2021-02-01

Overview

Use Case

Flow Architecture

Recurrence Weekly Monday

Initialize Variables (11 parallel)

Get Baseline Env Vars

Parse Baseline Env Vars

Split Monitored Environments

For Each Target Environment

Check If Any Drift Found

Environment Variables

Connectors & Connections

Customization Guide

Key Expressions

EXPR.01Effective value resolution

EXPR.02Environment array split

EXPR.03Schema name matching

EXPR.04Baseline skip check

EXPR.05BAP Admin API endpoint

Comments