Mandatory Metadata Compliance Checker
Scheduled flow audits all apps and flows in Dataverse inventory for missing required metadata: empty descriptions, no owner display name, missing business justification. Posts a Teams adaptive card listing non-compliant resources with a direct link for the owner to update their metadata.
Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.
Overview
This scheduled Power Automate Cloud Flow audits all canvas apps and cloud flows in your Power Platform environment's Dataverse inventory tables for missing required metadata. It checks for empty descriptions and missing owner information, then posts a compliance summary to a Teams channel when non-compliant resources are found. Designed for COE (Center of Excellence) governance teams to enforce metadata hygiene across the tenant.
Use Case
Organizations scaling Power Platform adoption often struggle with "maker sprawl" — hundreds of apps and flows with no descriptions, no documented owners, and no business justification. This makes it impossible to govern, audit, or transfer resources when makers leave. This flow automates the weekly metadata audit, replacing manual spreadsheet reviews with an automated compliance pipeline that flags gaps and notifies admins.
The flow is ideal for teams that:
- IT Admins
- COE Leads
- Power Platform Governance Teams
Flow Architecture
Recurrence Weekly Monday
RecurrenceFires every Monday at 8:00 AM EST (12:00 UTC).
Initialize Variables (10 parallel)
Initialize variableBinds 6 environment variables to runtime variables (Teams Group ID, Teams Channel ID, App Table, Flow Table, Admin Email, Target Environment) plus 4 working variables (non-compliant HTML accumulators and counters for apps and flows).
List App Inventory Records
List rows (Dataverse)ListRecords on the configurable app inventory table (e.g., admin_app).
List Flow Inventory Records
List rows (Dataverse)ListRecords on the configurable flow inventory table (e.g., admin_flow).
List Flows Via Management
ListFlowsInEnvironment_V2Power Automate Management ListFlowsInEnvironment_V2 to get flow details with descriptions directly from the Flow service.
For Each App Record
Apply to eachFor each app inventory record: checks if description or owner is empty using coalesce(..., '') null-safety pattern. On missing metadata: appends an HTML table row and increments the non-compliant app counter.
For Each Flow From Management
Apply to eachFor each flow returned by the management connector: checks if properties/description or properties/creator/userObjectId is empty. On missing metadata: appends an HTML table row and increments the non-compliant flow counter.
Compute Total Non Compliant
Composeadd(varNonCompliantAppCount, varNonCompliantFlowCount) to get total non-compliant resources.
Environment Variables
| Schema name | Type | Default | Description |
|---|---|---|---|
| flowlibs_TeamsGroupId | String | <configure> | Microsoft 365 Group ID for the Teams team where alerts are posted. Set to your tenant's group GUID. |
| flowlibs_TeamsChannelId | String | <configure> | Channel ID within the Teams team for compliance alerts. |
| flowlibs_COEAppInventoryTable | String | admin_app | Dataverse logical name of the app inventory table (COE Kit default: admin_app). |
| flowlibs_COEFlowInventoryTable | String | admin_flow | Dataverse logical name of the flow inventory table (COE Kit default: admin_flow). |
| flowlibs_AdminNotificationEmail | String | alerts@yourcompany.com | Email address for compliance report distribution. |
| flowlibs_TargetEnvironmentName | String | <configure> | Environment identifier for Power Automate Management queries (e.g., Default-<your-tenant-id>). |
Connectors & Connections
| Connector | API name | Actions used |
|---|---|---|
| Microsoft Dataverse | shared_commondataserviceforapps | ListRecords (App and flow inventory tables) |
| Microsoft Teams | shared_teams | PostMessageToConversation (Compliance alerts) |
| Power Automate Management | shared_flowmanagement | ListFlowsInEnvironment_V2 (Flow details with descriptions) |
Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.
Customization Guide
Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.
- Import the solution
- Import the solution into your target Power Platform environment.
- Set environment variable values
- Configure flowlibs_TeamsGroupId (your Teams team's Group ID — find via Teams admin or Graph API), flowlibs_TeamsChannelId (the channel ID for compliance alerts), flowlibs_COEAppInventoryTable (your Dataverse app inventory table — default admin_app for COE Kit), flowlibs_COEFlowInventoryTable (your Dataverse flow inventory table — default admin_flow), flowlibs_AdminNotificationEmail (admin or DL to receive reports), and flowlibs_TargetEnvironmentName (environment name for the Flow Management connector).
- Authorize connections
- Open the flow in the designer, click each connection reference, and sign in to authorize Dataverse, Teams, and Power Automate Management.
- Adjust the schedule
- Default is weekly Monday at 8:00 AM EST. Edit the Recurrence trigger to change frequency, day, or time as needed.
- Extend metadata checks
- Edit the If conditions inside each Foreach to add checks for additional fields (e.g., business justification, department tag, last-modified date).
- Turn on the flow
- After configuring and authorizing, turn the flow on. It will run on the next scheduled occurrence.
Key Expressions
The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.
EXPR.01Null-safe field check
Returns empty string if the Dataverse field is null, preventing downstream null reference errors.
EXPR.02Conditional HTML compliance icon
Renders a visual compliance indicator in the HTML report — red X for missing metadata, green check for present.
EXPR.03Total non-compliant aggregation
Combines the app and flow counters into a single total used to gate the notification branch.
EXPR.04Conditional section rendering
Only includes a data table section in the HTML report when there are non-compliant resources of that type.
Comments
Sign in to join the conversation.
Sign inNo comments yet. Be the first to share your experience with this flow.