Trace Id is missing
August 17, 2021

H&M Group strikes an effective balance of Power Platform development and security

H&M Group is a Swedish multinational clothing-retail company with more than 5,000 stores in 78 countries and more than 53 online markets. A growing community of citizen developers has created thousands of Power Platform solutions across the company. To support development and maintain security and governance, H&M Group set up a Center of Excellence (CoE) using the Microsoft Power Platform Center of Excellence Starter Kit.

H and M

ā€œWhen we deployed Microsoft 365, we had an open approach right from the start. We wanted to drive Power Platform adoption quickly and inspire our employees to build their own business solutions,ā€ says Claes Sƶderstrƶm, Cross Delivery Coordinator at H&M Group.Ā 

Itā€™s turned out to be a winning strategy for H&M Group, one of the largest clothing retailers in the world. Employees from across the company quickly started building on Power Platformā€“from clothing designers with no previous coding experience to pro developers looking for a faster alternative to custom coding.Ā 

Both management and employees were happy with the early results and development accelerated. But with rapid success also came concerns. As the company approached 1,500 apps ā€“ and with over 30,000 users licensed on Power Platform - H&M Group realized that they needed a more controlled approach to development.Ā 

ā€œWe knew that we needed to put better controls in place to maintain security and governance, but at the same time, we wanted to foster an environment where people could continue to build great solutions on the platform,ā€ says Helena Forsberg, Microsoft 365 Solution Architect at H&M GROUP.Ā 

Thatā€™s when a plan to build a Power Platform Center of Excellence (CoE) began to take shape.Ā 

A balanced approach to developmentĀ 

The CoE at H&M was led by four employees with various levels of development experience. While everyone on the team was clear on the business goals for their new CoE, this was their first time setting up such a program. Thatā€™s where Microsoftā€™s Power Platform guidance proved useful.Ā 

Using these Microsoft resources and best practices, the team set up their CoE based on three core components: administration and governance tools and processes to help establish digital guardrails for Power Platform developmentā€”plus two additional sets of resources to educate and empower citizen developers and inspire new and future development. In keeping with this balanced approach, the team named their CoE the H&M Group Center of Enablement.Ā 

Management strongly supported the plan and gave the team the green light to move forward.Ā 

ā€œEven with our new Power Platform security and governance controls in place, creativity continues to flourish and the number of apps and citizen developers we have at H&M Group keeps growing.ā€

Helena Forsberg, Microsoft 365 Solution Architect, H&M Group

Ā H&M Center of Enablement Diagram
H&M Group leveraged theĀ Power Platform Center of Excellence Starter Kit to create a customizedĀ CoE they call their Center of Enablement.Ā 

Taking inventory across the platformĀ 

One of the tools from Microsoft that the company found particularly useful was the Center of Excellence (CoE) Starter Kit.Ā 

Included in the kit is a Power BI dashboard template that provides a holistic view of a companyā€™s Power Platform activity and infrastructure. ā€œThe Power BI dashboard included with Microsoftā€™s Center of Excellence Starter Kit gave us all the telemetry we needed to identify potential risks in our Power Platform,ā€ says Forsberg. That initial telemetry provided the company with three key insights. Ā 

First, the team realized that apps were being developed with no Data Loss Prevention (DLP) policies in place. This raised the risk that company data could be accidently published externally, such as on social media sites. There was also some use of premium connectors which, left uncontrolled, could also lead to licensing cost overruns. And yet another issue: high-usage apps that only had one owner. If the owner left the company, there was no one in place to provide support and maintenance.

Fortunately for H&M Group, none of these risks had yet posed any serious problem. Better yet, with its CoE plan, the company was on the right path to effectively address each one of them.

Controlling access to Power Platform resourcesĀ 

The first part of the companyā€™s CoE plan involved setting up a tiered structure of environments to manage access to apps, flows, and connections available to employees. Environments within Power Platform can also be used to separate apps that may have different security requirements or target audiences. Appropriate security policies are implemented based on each employeeā€™s role.

All H&M Group employees start inside a default ā€œProductivityā€ environment. The team limited the environment to the standard connectors that come with a Microsoft 365 E5 license. These connectors satisfied most development needs for the apps being created by H&M Group. Ā 

Moving up the chain are environments for more ā€˜Importantā€™ apps that might require premium connectors to other data sources. Here, data loss prevention (DLP) policies are used to control which connectors can be used by which makers. H&M Group employees can request access to this environment using a form in SharePoint. Similarly, they can request access to a higher ā€˜Criticalā€™ level environment, enabling development of apps requiring custom connectors.Ā 

The team was able to handle all configuration and deployment of environments and related DLP policies in the Power Platform admin centerā€“a straightforward process that be completed through a series of simple, click-thru menus. As Forsberg says, ā€œSetting up our security and governance structure and controls for Power Platform took us just two weeks to complete for all 30,000 users at the company.ā€Ā 

As the CoE team worked on its security and governance controls, members also developed a new process for supporting citizen developers. It works like this:

H&M Environment Structure for Power Platform
Diagram showing the three-tiered environment structure set up by H&M Group. Employees start in the default Productivity environment and can request access to higher-level environments with more advanced connectors and tools.

Inspiring citizen developers to do even moreĀ 

Once H&M employees create an app or flow, they automatically receive a welcome email. The mail (see image for download) is based on a template from the CoE Starter Kit with a related flow. H&M customized the mail with links to its online training resources, including the companyā€™s Power Platform community in Yammer. Again, the CoE team was able to leverage Microsoft guidance to develop this community, turning specifically to Power Platform nurture best practices.Ā 

This community has proven particularly effective for H&M. ā€œWe have had great success supporting and inspiring our makers with our Yammer community,ā€ says Sƶderstrƶm. Citizen developers will find a wealth of technical guidance from peers within the site and, if a topic needs more coverage, the CoE team jumps in with guidance.

The Yammer site serves as a valuable resource for the Global Helpdesk at H&M Group. As Sƶderstrƶm says, ā€œWhile we prepared our Global Help Desk to provide technical support for our citizen developers, theyā€™ll often send users to our Yammer community for additional guidance.ā€Ā 

The site is also buzzing with discussions about the latest apps developed internally at the company. These apps are showcased on H&M Groupā€™s Power Platform use case library and promoted through a digital and meetings with the companyā€™s digital champions. ā€œItā€™s been particularly inspiring when makers can see apps developed by their colleagues that solve problems similar to their own,ā€ says Sƶderstrƶm.Ā 

H&M Group at the Microsoft Business Applications Summit (MBAS) in 2021.Ā 

Making real business impactĀ 

The Power Platform solutions created by employees at H&M Groupā€“and showcased on the companyā€™s internal portal ā€“ address a wide range of what used to be time-consuming data entry scenarios.Ā 

Apps built to collect form responses is one of the most common use cases. Another is transferring data automatically, rather than sending via email. ā€œTogether, the Power Platform solutions created by our employees have made a huge impact on business processes across every brand and region in the H&M Group,ā€ says Sƶderstrƶm. Hereā€™s a look at two recent examples:Ā 

PO Key Activities & Goals App: This app enables employees to set and track the progress of global and regional activities against goal set annually. The solution not only collects and consolidates reports but automatically displays activities in Power BI. Marie Nordstroem, a citizen developer at H&M Group who created the app, says, ā€œThe initial design was intuitive enough to roll out to a wide audience right away. Weā€™d like to refine the UI even further and Power Platform enables us to make continuous improvements quickly and easily.ā€ Ā 

FLEXI app solution: When flexible working hours were introduced in many offices at H&M Group, employees found it increasingly difficult to track down colleagues. The problem was elegantly solved with the FLEXI appā€“a solution that won top honors for citizen developers Elsi Gnagniko and Sofia Gustafsson at a company hackathon where it was created.Ā 

A mobile app created in Power Apps makes it easy for employees to quickly update their location and view similar updates from colleagues. The updates can also be added to an Outlook calendar, sent to a manager ā€“ or combined with a larger master list in SharePoint to view by managers. Six different flows automate the process. The app deletes updates at the end of the dayā€“a privacy control that earned it a GDPR validation by H&M Groupā€™s IT security group.Ā 

H&M FLEXI App technical schema and process flow.Ā 

The solution was initially release to the developersā€™ own team. Word spread quickly about the app through the community and now the app is used by over 1,000 employees across the companyā€™s global network. Itā€™s also proven especially useful for managing limited office capacity requirements during the COVID-19 pandemic.

Planning for the futureĀ 

Since the introduction of its CoE, H&M Group has been keeping track of activity using its Power BI dashboard. The metrics have been encouraging. ā€œEven with our new Power Platform security and governance controls in place, creativity continues to flourish and the number of apps and citizen developers we have at H&M Group keeps growing,ā€ says Forsberg.Ā 

H&M GROUP uses the Power BI dashboard provided in the CoE Starter kit to monitor Power Platform activity. Ā 

As the number of Power Platform solutions continue to accelerate at H&M Group, the company has multiple ideas to evolve and expand its CoE and scale for the future.Ā 

For example, the team continues to add DLP controls to more than 350 connectors available as part of Power Platform. This will provide even more options to qualified makers and their appsā€“while also protecting data and maintaining control. Thereā€™s a plan to archive unused appsā€“again, for reduced risk but also for the option of reusing components in other projects down the road. Ā 

The dashboard also provides valuable insights that promise to drive development and adoption even further. For example, by looking at usage patterns by region, the team can target lower-scoring regions with more training and support to better promote the platform and encourage makers. Ā 

And what advice would H&M Group give other companies looking to implement a successful Power Platform CoE? ā€œMy first word of advice is donā€™t wait. Itā€™s much easier to start out with a set of policies and controls rather than have to ask users to modify an existing process later on,ā€ says Forsberg.Ā 

Forsberg also points out the importance of a balanced approach. ā€œIn many cases, the drive to start a CoE comes from the IT department, with a focus on security. But it's super important to ensure you donā€™t overly restrict makers and give them the tools they need to create great apps. Power Platform has enabled us to effectively achieve that balance of control and productivity.ā€

Find out more about H&M Group on Twitter, Facebook, Instagram, and LinkedIn.

ā€œThe Power BI dashboard included with Microsoftā€™s Center of Excellence Starter Kit gave us all the telemetry we needed to identify potential risks in our Power Platform and quickly build our own CoE plan.ā€

Helena Forsberg, Microsoft 365 Solution Architect, H&M Group

Discover more details

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft