Right now, somewhere in your organisation, there could be a business-critical process running inside a Power Platform environment you do not know exists. The app may have been built by someone who has since left. No documentation, no named owner, no backup plan. Working fine, for now.
It might not be happening yet. But it’s one of the most common things we find when organisations first take stock of their Power Platform estate. The platform has done exactly what it was designed to do: empower people to solve problems quickly. The question isn’t whether the technology works. It’s whether there’s enough structure around it to keep working as it scales.
A Centre of Excellence is how you build that structure, but only if it’s set up the right way. Getting the first 90 days right is what separates a CoE that becomes an enabler from one that either stalls adoption or quietly gets ignored.
Start by avoiding the two most common mistakes
Most CoE programmes fail in one of two ways, and they sit at opposite ends of the same spectrum.
The first is over-governing early. Lengthy policy documents get written before anyone has mapped the estate. Multi-stage approval workflows get built for scenarios that don’t yet exist. Citizen developers encounter friction at every turn and quietly route around the whole thing. The CoE exists on paper, but the platform has moved on without it.
The second mistake is under-committing. The CoE gets announced, a steering group forms, and very little changes. The risks that triggered the conversation keep building, and without real authority or resource behind it, the CoE becomes a governance label rather than a functioning team.
Gartner estimates that by 2026, developers outside traditional IT will account for at least 80% of the user base for low-code tools. That kind of scale makes both failure modes increasingly costly. The answer isn’t somewhere between the two extremes. It’s a phased approach that builds confidence and earns credibility before adding complexity. That’s what the next three months should look like.
Days 1–30: Know what you actually have
The first 30 days shouldn’t produce a governance policy. They should produce an honest picture of the current state, because good decisions about what to govern depend entirely on knowing what’s out there.
Start with your environments and solutions
Use the Power Platform Admin Centre alongside the CoE Starter Kit to map what exists. How many environments are active? Which ones carry workloads the business would miss? How many solutions are unmanaged, sitting in personal environments, or tied to accounts that are no longer active?
This step consistently reveals more than organisations expect. We worked with one team who discovered a critical finance approval flow still running on the personal account of a contractor who had left the previous quarter. Nobody had noticed because it had never broken. The risk sitting underneath it, though, was significant. One password change away from a broken process with no recovery path. Discovery work like this is exactly what month one is for. It turns invisible risk into something you can actually address.
Equally important: find out who is building and why
The people using Power Platform day to day know where the platform is adding real value and where it’s creating frustration. That conversation shapes the CoE’s early priorities more accurately than any framework document, and it builds goodwill with the people whose cooperation you’ll need later.
By day 30, the goal is a clear inventory, a realistic view of where the risk sits, and a short list of priorities that month two can act on directly. That list is the foundation everything else gets built on.
Days 31–90: Build the structure, then make it visible
With a clear picture of the estate, the next two months focus on putting foundations in place and then demonstrating that they work. These two phases belong together because foundations without visibility don’t build confidence, and visibility without foundations doesn’t sustain it.
Define your environment strategy first
A three-tier model works well for most organisations: a personal tier for individual experimentation, a shared development and test tier for team solutions, and a production tier for business-critical workloads. Each tier needs clear criteria for what belongs there and how solutions move between them.
Three environments with well-understood rules will serve you better than ten environments with blurry ones. The point isn’t architectural perfection. It’s giving people a model they can follow without having to ask every time.
Connector governance deserves specific attention
Blanket restrictions are one of the fastest ways to undermine adoption, and they rarely improve security in practice. A simple three-category approach covers most needs: connectors available by default, connectors that require a short review before use, and connectors that are blocked. The blocked list should be short and well-reasoned. If getting a connector approved takes weeks and multiple sign-offs, people will find a way around it, and you’ll lose sight of what’s being connected to what.
Ownership is where governance gets real
Every high-risk solution identified in month one should have a named owner and a named backup by the end of month two. Not just the original developer, but someone accountable for what happens to that solution over time. This is also the right moment to define the CoE team itself: who holds the admin function, who manages incoming requests, and who owns the relationship with business stakeholders. A small team with genuine authority will get further than a large steering group that meets quarterly.
By months two and three, the CoE needs to be visible
Microsoft’s Power Platform CoE Starter Kit provides dashboards and compliance reporting that would take months to build from scratch. Configured well, it gives leadership a live view of the estate: active solutions, usage trends, and where the high-risk assets are. Showing that dashboard in a leadership meeting, answering the questions that have been circulating informally for months, does more for the CoE’s credibility than any presentation about governance strategy.
Publishing the first standards in this phase matters too. Naming conventions, a simple intake process for new business-critical workloads, guidance on when to use Dataverse rather than SharePoint as a data layer. These should be concise enough to absorb quickly and clear enough to follow without interpretation. Governance that requires a guide to understand doesn’t get used.
Running the first internal enablement session, even something as informal as a lunch-and-learn covering environments and connectors, sends a signal that the CoE exists to help people build well, not to make it harder. That message matters more than any policy document. It sets the tone for how the CoE is seen from day one.
Governance that sticks without slowing things down
By month three, the CoE should have real visibility of the estate. Named owners for the highest-risk assets. An environment strategy that people are following. A set of standards that are live and accessible. None of that requires months of process or heavyweight approval layers.
The bigger risk at this stage is the instinct to over-correct once risks become visible. When problems surface, the response is often to add more governance: more approval stages, more centralised control, more policy covering scenarios that haven’t happened yet. It all feels responsible. And it tends to produce the same result: adoption slows, the most active citizen developers disengage, and the business starts solving problems in ways the CoE can’t see.
We’ve seen this play out directly. One organisation spent the first four months of their CoE programme building a comprehensive governance framework before any structural basics were in place. By the time it was ready, two of the three internal champions had moved on to other priorities. When they reset with a lighter-touch approach, focused on environments, ownership, and visibility, they made more progress in six weeks than they had in the previous four months. The governance framework wasn’t wrong. The sequencing was.
The right approach is to govern what’s genuinely risky, enable what’s clearly safe, and measure what’s being built before trying to optimise it. Licensing optimisation, reusable component libraries, AI governance policies: these are all legitimate next steps, and the CoE will be ready to take them on as it matures. Trying to build them all in the first 90 days is the surest way to arrive at month three with a framework and very little to show for it.
A CoE that people trust gets used. One that feels like a gate gets bypassed. Getting the first 90 days right is how you build the kind of trust that makes the rest of it work.
How Flyte can help
Helping organisations get more from Power Platform is what we do at Flyte, and building a Centre of Excellence is often a key part of that conversation.
We help organisations define the right starting point based on where they actually are, not where a generic framework assumes they should be. That usually means shaping the discovery phase, designing an environment strategy that fits the organisation’s licensing and risk profile, and deploying the CoE Starter Kit in a way that delivers real visibility quickly.
If Power Platform adoption is accelerating and the governance questions are getting harder to defer, a focused conversation can help clarify the next step. We work with business and IT leaders to move from uncertainty to a clear, practical plan, without building governance for a future state that hasn’t arrived yet.
The goal is always the same: a CoE that gives your digital workforce room to build, with the guardrails that protect the business as they do.