ChatGPT Image Jul 9, 2026, 04_26_10 PM

How to Build Power Platform Governance for Dynamics 365 ERP Migration

TL;DR

With Dynamics 365 ERP suite migrating from the isolated Lifecycle Services (LCS) environment to the unified Power Platform, your ERP data is entering a vastly broader ecosystem. If your Power Platform isn’t properly governed, migrating your ERP is like moving your company’s vault from a secure bunker to a busy public plaza. Establishing a robust Power Platform foundation is critical preparation you need to undertake months in advance.

Introduction

As Dynamics 365 Finance and Operations (FinOps) moves from Lifecycle Services (LCS) into the Power Platform, organisations must rethink how they govern ERP data.

What was once an isolated, tightly controlled system is now part of a broader ecosystem with shared environments, connectors, and capacity. Without proper governance, this shift introduces serious risks to security, compliance, and operational stability.
 
In this guide, you’ll learn how to build a Power Platform foundation that protects your ERP and supports long-term scalability.

Why the shift from LCS to Power Platform matters

The deprecation of Lifecycle Services (LCS) removes the boundary that historically isolated Dynamics 365 Finance and Operations from the broader Power Platform.

As ERP moves into a unified ecosystem:
  • Data is no longer contained within a standalone environment
  • It becomes adjacent to apps, connectors, and automation across the tenant
  • Governance shifts from isolated control to a shared platform responsibility

 

This is not just a technical migration – it’s a fundamental change in how your ERP is exposed, secured, and managed.

What risks arise when Power Platform is not governed?

Our previous article outlined the governance shift as Dynamics ERP, or Finance and Operations, moves away from Lifecycle Services (LCS) and into Power Platform.

In this article, we focus on how organisations that have not yet invested in Power Platform can start preparing today.
 
Historically, many organisations that were solely focused on Dynamics ERP treated their Power Platform environment as a bolt-on to be governed organically. With the deprecation of LCS removing the boundary between ERP and Power Platform, that approach is no longer viable.
 
Without proper governance, migrating Dynamics 365 into Power Platform can expose sensitive ERP data to risks such as data leakage, uncontrolled environments, over-permissioned access, and shared capacity constraints.
 
This is where many organisations unintentionally move from a controlled ERP “vault” into a much more open and complex environment.

Key risks of an ungoverned Power Platform

  • The Wild West of the “Default” Environment:
    By default, every user in your tenant can create apps and flows in the Default environment.
    If you drop FinOps into an unmanaged space, critical business data co-mingles with thousands of unchecked, user-created apps.
  • The Data Leakage Threat: Without the rigid walls of LCS, FinOps data is suddenly adjacent to hundreds of external connectors. Without proper controls, a well-meaning employee could create a Power Automate flow that copies sensitive financial operations records to a personal sharing service.
  • Ungoverned usage and Capacity Drain: ERP environments now partially rely on Power Platform Tenant-Level Capacity instead of standing alone within the LCS environment. This means that ungoverned citizen development can literally consume the storage your ERP needs to function. 

Who needs to prepare for this change?

This monumental shift forces historically separate teams to the same table. This guide is specifically written for: 
  • IT Operational Directors: You historically managed M365 and the broader Power Platform, but now you are inheriting the underlying infrastructure and security of the enterprise’s most critical business operations system.
  • Heads of Corporate Services and Business Systems: You historically owned Dynamics ERP suite in the isolated, “black box” of LCS. You are losing your standalone enclave and must now adapt your governance to fit within the broader IT operational framework.

How to build a Secure Power Platform Foundation for Dynamics 365

To secure your ERP, you must move beyond organic Power Platform management and adopt an enterprise-grade governance strategy.

This is not about adding controls after the fact – it’s about putting the right foundations in place before your ERP becomes fully embedded in the platform.
 
These four foundational pillars form the minimum governance baseline required before migrating Dynamics 365 into Power Platform.

1. Establish an environment strategy (The “Town Plan”)

Your environment strategy defines how your Power Platform is structured and controlled.
  • Quarantine the Default environment: Restrict the Default environment to personal productivity only. Never deploy Dynamics ERP Production or other sensitive enterprise apps here. 
  • Create dedicated ERP environments: Provision isolated environments specifically for FinOps workloads, ensuring clear separation from user-created solutions.
  • Implement Managed Environments: Enable Microsoft’s “Managed Environments” feature to unlock advanced governance capabilities, usage insights and policy enforcement.

Outcome: A structured environment model that separates critical ERP systems from uncontrolled user activity.

2. Implement Data Loss Prevention (DLP) Policies (The “Guardrails”)

DLP policies are your first line of defence against uncontrolled data movement.

  • Classify Connectors
    Group connectors into:
    • Business (e.g. Dataverse, FinOps)
    • Non-business
    • Blocked (e.g. unauthorised external storage)
  • Apply Environment-Specific Policies
    Apply stricter DLP policies to ERP environments, ensuring FinOps data only interacts with approved services.

Outcome: Controlled data flows that reduce the risk of accidental or deliberate data leakage.

3. Overhaul Identity and Access Management (The “Keys”)

In the unified model, identity becomes your primary security boundary.

  • Adopt Entra Privileged Identity Management (PIM)
    Transition away from standing admin access and plan for the deprecation of LCS based Project administration. Require IT staff to use Entra Privileged Identity Management (PIM) to elevate to the Power Platform Administrator role temporarily.
  • Use Granular Security Roles
    Avoid broad System Administrator permissions. Define roles within FinOps and Dataverse environments based on least privilege.

 

Outcome: Reduced risk of over-permissioned access and stronger control over sensitive ERP data.

4. Standardise Application Lifecycle Management (ALM)

Governance must extend into how solutions are built and deployed.

  • Move to Automated Deployments
    Transition to deploying Unified Packages (FinOps + Dataverse) using Azure DevOps or GitHub pipelines.
  • Use Service Principals
    Ensure deployments are executed by machine identities rather than individuals to reduce human error and improve security.

Outcome: Consistent, secure, and repeatable deployment processes.

The Reality: Weeks to Build, Months to Embed

A common trap organisations fall into is treating Power Platform governance as a quick IT project – a handful of settings to configure in the admin centre.

That assumption is where the risk begins.

The Technical Reality

The foundational elements – environments, DLP policies, identity controls, and ALM pipelines – can be implemented relatively quickly.

With the right expertise and approach, this setup can be achieved in a matter of weeks, especially when you know what you’re doing. For example, when leveraging a ready-made Done Right framework like Arinco’s Power Platform Foundation Accelerator.
 
However, operationalising this foundation takes months. 

The Operational Reality

Making those foundations actually work within your organisation takes significantly longer.

This is because you are not just deploying technology – you are fundamentally changing how teams operate.
  • IT Operations must take ownership of ERP platform governance
  • Corporate Services teams must adapt to a shared operating model
  • Legacy LCS administrators need to be trained on Entra PIM and modern controls
  • Developers must transition to automated, pipeline-driven deployments
On top of this, many organisations also need to rework:
  • Deeply embedded integrations
  • Customisations tied to legacy deployment models
  • Conflicting operational processes that evolved around LCS

Why this matters

Governance is not something you “switch on” — it must be embedded into how your organisation works day to day.

Without that shift:
  • Controls exist, but aren’t used effectively
  • Risk remains despite technical changes
  • ERP systems operate in a partially governed state

 

This is why governance takes months to embed — not because the technology is complex, but because the operating model must change.

The urgency

The LCS creation freeze is already in effect.

Delaying the start of this operational transition increases risk, as ERP systems are progressively pulled into a broader, less isolated platform.
 
The longer governance is delayed, the longer critical business systems operate without the structure they were originally designed to rely on.

Accelerating governance with Arinco

At Arinco, our Power Platform Foundational Approach is designed to bridge the gap between IT Operations and business systems by delivering a “Power Platform Done Right” architecture that is both practical and scalable.

Rather than treating governance as an afterthought, we help organisations establish a structured foundation that aligns security, operations, and development from the outset.

1. Architecture & Environment Strategy

  • Lifecycle & Capacity
    Design lean, fit-for-purpose environment architectures while mapping Dataverse capacity management and provisioning requirements.
  • Routing & Residency
    Implement environment routing, tagging conventions, and enforce data residency and regulatory alignment across your platform.

2. Enterprise Governance & Security

  • Zero-Trust Identity
    Establish an identity model centred on Role-Based Access Control (RBAC), service principals, and Privileged Identity Management (PIM).
  • Compliance & Observability
    Implement auditing, logging, and monitoring capabilities, alongside automated data retention and governance policies.

3. Modern ALM & Solution Architecture

  • DevOps Enablement
    Move from manual deployments to automated pipelines using Power Platform native tools or integration with Azure DevOps and GitHub.
  • Solution Strategy
    Define solution layering, patching, and extensibility patterns to ensure your platform remains maintainable and scalable.

4. Advanced Operations & AI

  • Evolving the Centre of Excellence (CoE)
    While the traditional Power Platform CoE Starter Kit is evolving, the concept remains critical. We help organisations adapt to platform-native governance capabilities and unlock emerging tools like Copilot Studio and Agent 365.
  • AI & Copilot Governance
    Prepare your environment for the next wave of AI by implementing guardrails that ensure Copilot operates securely within organisational boundaries.

Key takeaways

  • The clock has already started
    The LCS freeze took effect in February 2026. The shift to the unified PPAC is a present reality, not a future roadmap item.
  • ERP risk is now platform risk
    Moving FinOps into an ungoverned Power Platform exposes sensitive financial data to the “Wild West” of uncontrolled environments and over-permissioned access.
  • Silos are dissolving
    IT Operations and Corporate Services must align on a shared operating model across M365 and Dynamics.
  • Foundations determine success
    A structured Power Platform foundation is essential to securing ERP systems while enabling scalable innovation.

Ready to get started?

Need help preparing your Power Platform for Dynamics 365 migration?

Talk to Arinco about building a governance foundation that secures your ERP and enables safe, scalable innovation.

More insights

Get started on the right path to cloud success today. Our Crew are standing by to answer your questions and get you up and running.