Power Platform environments
Environments in the Power Platform — types, capacity, regions, and how they relate to Dynamics 365 and Dataverse.
An environment in the Power Platform is an isolated container for apps, flows, Dataverse data, and security. Environments are the unit of administration, capacity, region, and licensing. Every Dynamics 365 CRM-side app is an environment with Dataverse plus the relevant Dynamics 365 components installed. Understanding the environment model is foundational.
Environment types.
- Default. Every tenant has a single default environment, automatically created and owned by Microsoft Entra ID. It's intended for personal productivity makers and casual flows, not for production business apps. Treat it as untrusted; lock it down with DLP policies.
- Production. A first-class environment for running real apps. Includes Dataverse. The standard target for any deployed Dynamics 365 or Power Apps app.
- Sandbox. A non-production environment for testing, training, and demos. Can be reset, copied from another environment, and converted to production.
- Developer. Personal environments for individual makers, with Dataverse, scoped to the maker's own work. Free up to a usage cap.
- Trial. Time-limited environments that expire automatically.
- Microsoft Dataverse for Teams. A lightweight, Teams-scoped environment with a constrained Dataverse for in-team apps. Different storage model from full Dataverse.
Capacity. Each tenant has Dataverse storage capacity allocated by licences and add-ons. Environments compete for that capacity; the Power Platform admin centre shows usage per environment. Production environments consume more capacity than sandboxes; defaults are surprisingly small.
Regions. Environments are pinned to a region (Europe, North America, Asia Pacific, etc.) at creation. Region determines where Dataverse data physically lives. Moving an environment between regions requires a Microsoft-supported migration; default to creating in the right region.
Security groups. Each environment can be assigned a Microsoft Entra security group that controls who's allowed in. Without one, anyone in the tenant with a sufficient licence can access the environment — usually not what you want for production. Set the security group on day one.
Environment admin and DLP. Tenant admins enforce data loss prevention (DLP) policies that classify connectors (e.g. SharePoint and Dataverse as Business; Twitter and HTTP as Non-Business) and forbid flows from combining Business with Non-Business. DLP applies per environment or globally.
Lifecycle. Environments can be copied (data and customisations), reset (data wiped), backed up (Dataverse storage), and restored from backup. Production environments get 28 days of point-in-time restore by default.
Cost. Beyond Dataverse storage, environments themselves are usually free up to a count. Pay-as-you-go billing is available for tenants that want capacity-billed environments without licence allocation.
Related guides
- Managed environments in Power PlatformWhat Managed Environments add to a Power Platform environment — admin features, sharing limits, weekly digest, solution checker enforcement, and pipelines — and what they cost.
- AI prompts in Power PlatformHow AI Builder and Copilot Studio promote prompts as a first-class artefact — prompt design, parameters, grounding, and the operational patterns that make AI prompts reliable in business apps.
- ALM with GitHub Actions for Power PlatformHow to run Power Platform CI/CD with GitHub Actions — Microsoft's official workflows, source structure, and the differences from Azure DevOps.
- Custom connectors in the Power PlatformHow to build custom connectors for Power Apps, Power Automate, and Copilot Studio — OpenAPI definitions, authentication, certification, and the operational realities.
- Data loss prevention (DLP) policies in Power PlatformHow DLP policies in Power Platform restrict connector combinations across business and non-business data — policy design, environment scope, and the strategies that keep makers productive.