A read-only scan of every Power Platform environment in your tenant. Solutions, flows, apps, connectors, and DLP policies — in one report, in five minutes. Find the orphan flows your departed makers left behind, the premium connectors going unlicensed, and the actual Business / Non-Business / Blocked counts under your DLP policy.
One-time payment · 90-day access · locked to one Microsoft 365 tenant
A taste of the output
Every environment, every solution, every flow's connector dependencies. Numbers below are illustrative.
Mock data based on a real five-environment tenant. Your numbers will differ.
What it scans
Every Power Platform environment in the tenant — default, production, sandbox, trial — with creation dates, owner counts, Dataverse capacity, and whether it has a CDS database. Catches the “47 trial environments nobody owns” problem before it eats your storage.
Every solution in every Dataverse-linked environment, with publisher, version, install date, and managed-vs-unmanaged status. Surfaces unmanaged solutions blocking orderly ALM, and orphaned solutions whose publisher or owner is gone.
Every flow in every environment, with its real connector dependencies resolved — including solution-scoped flows and Dynamics OOB flows that BAP hides by default. Shadow IT, Copilot Studio bots, and AI Builder flows all surface here.
Every Power App with display name, owner, last-modified date, and connector reference list. Group by maker to find your “5% built 80% of the apps” risk concentration. Flag system apps (Plugin Monitor, Portal Management) so they don’t skew your per-maker counts.
Every tenant-level DLP policy with the actual count of connectors in Business, Non-Business, and Blocked groups — matching what you see in the Power Platform Admin Center, by-the-number. Catches connectors that drifted into the wrong group, the most common Power Platform exfiltration vector.
Every connector referenced anywhere in the tenant, paired against its DLP classification and premium status. See in one view which premium connectors are in use, by which apps and flows, and whether the makers using them carry per-user premium licenses.
How the inventory works
The Power Platform admin surface lives at api.bap.microsoft.com and the API Hub is at api.powerapps.com — both reachable from a single Azure AD service account. The inventory acquires tokens for both audiences, walks /admin/environments, then for each Dataverse-linked environment queries /api/data/v9.2/solutions directly. No extra OAuth app, no CLI, no PowerShell.
For solution-scoped flows that BAP hides behind the management envelope, the scan falls back to Dataverse's workflows entity by workflowidunique, parses the flow's clientdata JSON, and extracts the connector reference list. That's how Dynamics OOB flows, AI Builder flows, and Copilot Studio bots end up in the report — the surfaces most inventory tools quietly skip.
DLP policies come from the legacy /admin/apiPolicies endpoint, which still returns the authoritative per-policy apiGroups classifications. Numbers in the report match what you see in the Power Platform Admin Center side-by-side.
Prerequisite: the service principal needs the Power Platform Administrator role assigned in Microsoft Entra ID, and the System Administrator security role on each Dataverse-linked environment. Setup is one-time; the assessment surface includes a step-by-step guide.
CA$399 one-time, 90-day access, locked to one tenant. Free Snapshot first — no credit card required.