2026 Update Companion Guide: Building a Change Management Solution with the Power Platform

The original session demonstrated Mark Stokes constructing a highly customized change management solution using Microsoft's low-code toolset as it existed in 2023. At that time, the Power Platform required makers to act as manual architects. You saw Mark meticulously configure data schemas column by column, manually drag and drop classic user interface controls onto a canvas, and write extensive logic branching to handle approval routings. The architecture relied heavily on localized, item-level permissions and unmanaged application lifecycles.

Currently, in April 2026, the entire paradigm of application development within the Microsoft ecosystem has undergone a fundamental transformation. The introduction of the 2026 Release Wave 1 has shifted the platform from a "low-code" environment to an "agentic" development ecosystem. Building the identical change management solution today relies heavily on generative AI assistants integrated directly into the maker experience, mandatory modern design frameworks, and automated enterprise governance pipelines.

This comprehensive report serves as your direct update guide. It contrasts the legacy methodologies you saw Mark utilize with the precise, step-by-step mechanisms required to architect the exact same solution in April 2026. The analysis details the integration of Microsoft 365 Copilot, the deployment of Canvas Apps Model Context Protocol (MCP) servers, the utilization of Copilot Studio Agent Flows, and the enforcement of strict Restricted Access Control (RAC) policies.

1. What's Changed Since This Session

2. How to Build This Today

Designing a Robust Data Schema Using SharePoint Lists

You saw Mark build the underlying data schema by navigating into the classic SharePoint Site Contents, initializing a blank list, and meticulously configuring individual columns. He had to manually define data types, set up choice fields for change statuses, configure person fields for approvers, and dig into advanced list settings to verify that multi-file attachments were enabled. This process required significant clicking and a deep understanding of internal SharePoint data configurations.

Today, you would completely bypass this manual configuration process. In April 2026, data schemas are generated conversationally using the SharePoint List Agent, which is part of the broader "AI in SharePoint" initiative powered by Microsoft 365 Copilot. This feature reached global General Availability in late February 2026 and is enabled by default for Copilot-licensed tenants, representing a fundamental shift in how structured data is provisioned.

To build the change management schema today, you must navigate to the modernized SharePoint app bar and select the dedicated Build experience. This new interface serves as a centralized, intuitive surface where makers interact with sites, lists, and libraries simultaneously. Within this hub, you will locate a floating action button that provides context-aware suggestions based on your organization's existing content.

Instead of configuring settings, you describe your exact intent using natural language. You would type a prompt such as: "Create a Change Management Request list with columns for request status, risk level, multi-file attachments, and assigned approver."

Upon receiving this prompt, the SharePoint Solution Planner engages as an active collaborative partner. It utilizes reasoning-driven sequences to propose a structured plan, instantly returning a visual schema draft populated with starter content. You can seamlessly iterate with the AI just as you would with a human teammate, utilizing conversational commands to refine specific items, evolve the schema, or establish conditional formatting rules for the list views.

Crucially, if your IT administrators have defined organizational "custom skills," these act as active guardrails during the generative execution. This guarantees that your AI-generated list structure and metadata automatically align with stringent corporate standards without requiring manual oversight. You must also be aware of the underlying architecture powering this feature. The initial rollout of AI in SharePoint relies heavily on Anthropic's Claude models. Depending on your geographic location and tenant regulations, your administrator might need to proactively navigate to the Microsoft 365 admin center, access the Org settings, select Copilot Agents, and explicitly opt-in to allow Anthropic as a sub-processor for Microsoft Online Services.

Quick Win: Do you already have a legacy Excel tracker utilized by the Change Advisory Board? The fastest start method is to bypass prompt engineering entirely and simply paste your existing Excel data directly into the SharePoint List Agent interface. Copilot automatically analyzes the headers, converts the structured content, and generates a fully functional, accurately typed SharePoint list.

For official administrative guidance and setup instructions regarding the new agentic building capabilities, consult the Microsoft documentation here: https://support.microsoft.com/en-gb/office/get-started-with-agents-in-sharepoint-69e2faf9-2c1e-4baa-8305-23e625021bcf.

Creating a Canvas Power App with Forms

You saw Mark build the application interface using a highly manual, drag-and-drop methodology. He placed classic canvas controls onto the screen, aligned forms pixel-by-pixel, and wrote extensive, imperative Power Fx formulas in the top formula bar to patch the submitted change request data back to the SharePoint backend.

Today, you would orchestrate the application build using external AI coding agents interfacing with the new Canvas Apps MCP (Model Context Protocol) Server, while strictly adhering to the mandatory Fluent 2 modern controls.

The workflow begins with a natural language input to an AI coding agent like GitHub Copilot or Claude. This agent communicates with the Canvas Apps MCP Server, which then synchronizes the generated .pa.yaml files directly into the live Power Apps Studio environment. This advanced capability, available in public preview as of April 2026, allows you to integrate sophisticated code generation directly into your development workflow.

To initiate this process, you must verify your local development environment meets the stringent prerequisites. You must have Node.js (version 18.0 or later), the latest Azure CLI, and critically, the Power Platform CLI (PAC CLI) version 2.6.3 or later installed on your machine. You begin by opening a terminal and starting an authenticated PAC CLI session connected directly to your target Power Apps environment.

Within your preferred IDE (such as Visual Studio Code), you instruct the agent using plain-language requirements. You would command: "Create a canvas app for tracking change requests connected to my SharePoint list, including a responsive submission form and an approval dashboard." The AI code generation tool utilizes installed canvas app skills to discover your available connectors, asks clarifying questions if your prompt lacks detail, and subsequently generates the .pa.yaml files. These files define your app screens, modern controls, and the necessary Power Fx formulas, seamlessly syncing with the live co-authoring session in Power Apps Studio.

Once the AI scaffolds the application, you must configure its visual identity. As of April 2026, classic theming is no longer honored, and the platform mandates the modern, refreshed look based on the Microsoft Fluent 2 design system. This shift guarantees that applications adapt automatically across devices and meet strict internal accessibility standards by default.

Navigate to the command bar in Power Apps Studio, select Settings, then Updates. On the New tab, verify that Modern controls and themes is explicitly turned on. To align the change management application with your corporate branding, you must construct a custom XML web resource.

You will create an XML file defining <CustomTheme> tags. Within this file, you define the BasePaletteColor using a HEX code, which acts as the seed color to automatically generate a 16-slot accessibility-compliant color palette. You can leverage attributes such as LockPrimary to force the seed color into the primary slot, and adjust Vibrancy or HueTorsion to fine-tune the generated tint and brightness.

Once your XML is structured, navigate to your solution interface, select New > More > Web resource, and upload the file as Data (XML). Finally, to apply this aesthetic across your environment, select Add existing > More > Setting, add the Custom theme definition, and edit the environment value to match the unique logical name of your uploaded XML resource.

Quick Win: When reviewing the AI-generated interface, do you need to quickly modify a heading or label text? You no longer need to hunt through the complex properties panel or formula bar. You can simply double-click any modern Text control directly on the canvas to utilize the new inline text editing feature, making instantaneous updates.

For comprehensive technical specifications regarding the implementation of modern controls and custom theming definitions, refer to the official documentation here: https://learn.microsoft.com/en-us/power-apps/maker/canvas-apps/controls/modern-controls/overview-modern-controls.

Building Approval Workflows in Power Automate

You saw Mark build a complex routing engine for approvals using standard Power Automate cloud flows. He constructed elaborate logic trees using nested Condition branches, relied heavily on the legacy Start and wait for an approval action, and manually orchestrated requests to managers using sequential lookups via the Office 365 Users connector.

Today, you would architect this mechanism using Agent Flows within Microsoft Copilot Studio, leveraging the highly advanced Multistage Approval action.

Agent flows represent a fundamental architectural departure from traditional cloud flows. While they share the same underlying workflow designer, agent flows execute deterministically following a rule-based path, ensuring the exact same input consistently produces the exact same output. Crucially, the licensing model has shifted. Agent flows run under Copilot Studio capacity licensing rather than standard Power Automate per-user licensing. This allows developers to utilize Premium connectors within the agent flow without incurring additional per-user workflow charges, as the execution consumes Copilot credits instead.

To engineer the modern approval process, you log into the Microsoft Copilot Studio unified interface and navigate to the Flows panel. You initiate a new agent flow, which must exclusively begin with the Run a flow from Copilot trigger and conclude with the Respond to Copilot action.

Between these bookends, you search for and embed the Run a multistage approval action. This specific capability is designed to cater to complex organizational processes by seamlessly combining human oversight with AI-powered decision-making, significantly accelerating approval cycles while strictly enforcing compliance.

You first configure an AI approval stage. Within the Evaluate Request parameter, you define explicit natural language instructions dictating how the AI model should evaluate the incoming data. You instruct the model: "Analyze the attached change request documentation. If the projected financial impact exceeds £10,000, or if the estimated system downtime extends beyond two hours, immediately flag the request as high-risk".20

The AI processes these instructions against the SharePoint list attachments and submitted form data. If the AI determines the request parameters fall within routine operational thresholds, it automatically issues an approval. This eliminates the need for manual manager intervention for low-risk changes, streamlining operations drastically.

If the AI evaluation flags the request as high-risk, your flow automatically proceeds to a subsequent manual approval stage. Here, you configure the system to route the request directly to designated human stakeholders, such as members of the Change Advisory Board (CAB), who receive comprehensive approval cards containing the AI's risk summary.

Quick Win: You do not need to manually assemble these components on the visual designer canvas. You can build the entire agent flow using natural language. In Copilot Studio, simply describe your requirement: "Create a multistage approval flow for change requests that uses AI to evaluate risk based on cost, and routes to the CAB group if flagged as risky." The system instantly interprets your intent and scaffolds the complete workflow structure.

For a deep dive into configuring and deploying these sophisticated AI-driven routing mechanisms, consult the preview documentation here: https://learn.microsoft.com/en-us/microsoft-copilot-studio/flows-advanced-approvals.

Configuring Item-Level Permissions in SharePoint

You saw Mark build his security architecture by intentionally breaking permission inheritance on the underlying SharePoint list. He established complex automation logic to apply unique, item-level permissions for every single submitted change request, theoretically ensuring that users could only view their own submissions while administrators could view everything.

Today, you would strictly avoid utilizing item-level permissions for enterprise solutions. This legacy approach is now universally recognized by IT administrators as a severe governance liability. Operating at such a granular level degrades library loading performance significantly, induces timeouts, and critically blinds modern auditing tools. When organizations deploy Microsoft 365 Copilot, administrators rely on Data Access Governance (DAG) reports to pinpoint oversharing risks before Copilot indexes sensitive documents. However, DAG reports aggregate all item-level permissions into a single generalized metric per site. This aggregation means IT teams are left manually digging through thousands of individual files to locate actual exposure risks, rendering the reports largely ineffective for complex lists. Furthermore, DAG reports only analyze the last 28 days of activity and cap out at 10,000 sites, making them inadequate for large-scale security validation.

To enforce robust data security today, you must implement Restricted Access Control (RAC) policies, an advanced capability bundled within SharePoint Advanced Management (SAM). RAC applies absolute access boundaries at the site container level, completely overriding any underlying sharing links or inherited complexities.

Before you can apply a modern RAC policy to an upgraded solution, you must sanitize the legacy environment. You execute the ResetPerms.ps1 PowerShell script, leveraging app-only certificate authentication to bypass interactive login requirements. This focused script connects to your target document library, iterates comprehensively through every file and folder, and calls the ResetRoleInheritance() function on each item possessing unique permissions. This action aggressively removes all unique role assignments, forcing the entire library to cleanly inherit permissions from the parent site and restoring optimal performance.

Once the environment is sanitized, you log into the Microsoft 365 admin center utilizing an account with SharePoint Administrator privileges. Navigate to the specific site housing your Change Management portal. Within the site settings, you locate the configuration for restricted access control and apply a new RAC policy. You explicitly specify the exact Microsoft Entra security groups (such as "Global Change Advisory Board" or "Senior Operations Managers") permitted to access the site.

Once enforced, the policy acts as an impenetrable barrier. Users who are not active members of the specified Entra security groups are completely blocked from accessing the site or its content. This block occurs at the moment of access attempt, neutralizing any prior direct permissions, rogue sharing links, or nested group assignments. This deterministic boundary guarantees that Copilot indexing respects your secure perimeter, eliminating the risk of the AI inadvertently summarizing sensitive change records for unauthorized personnel.

Quick Win: To replicate Mark's original user experience—where employees only see their own submitted requests—without compromising backend security via item-level permissions, you combine RAC with frontend UI logic. The RAC policy securely locks the entire SharePoint backend to the authorized Entra group. Within the Canvas App itself, you utilize dynamic Form and Action Visibility rules to automatically filter the data galleries and hide specific controls based on the User().Email function, maintaining a clean and secure architecture.

For authoritative guidance on deploying site-level restrictions and managing SharePoint Advanced Management features, refer to: https://learn.microsoft.com/en-us/sharepoint/restricted-access-control.

Integrating Microsoft Teams for Real-Time Updates

You saw Mark build his real-time communication framework by heavily utilizing "Collaboration Controls" directly inside his Power App. He embedded specific modular components into the canvas to allow users to spawn Teams chats, view associated files, and monitor task approvals without ever breaking context or leaving the application interface.

Today, you would not attempt to use these components. Microsoft officially advised the removal of Collaboration Controls from all Power Apps solutions, and the feature set was fully retired following deprecation schedules culminating around the rollout of the new Microsoft Teams architecture. In April 2026, building contextual collaboration relies entirely on native Teams Chat Integration managed via the admin center, paired with dynamic Adaptive Cards orchestrated by Power Automate.

To enable the modern collaborative experience, you must first configure the platform-level settings. Sign in to the Power Platform admin center and navigate to the Environments tab. Select your specific target environment, choose Settings, expand the Integration menu, and select Teams integration settings.

On this page, you must turn on the toggle for Turn on Microsoft Teams chats inside Dynamics 365 (this unified setting governs custom Model-driven and Canvas apps across Dataverse environments). Crucially, you must also enable the Sync Teams chat data with Dynamics 365 records option. This configuration allows service representatives and stakeholders to start new chats or connect existing conversations directly to specific change request records. Because the sync feature is enabled, all relevant conversation data is automatically logged as structured activity rows within the Dataverse backend, maintaining a permanent, auditable record of the collaboration.

To drive automated, actionable notifications demanding user input, you utilize Adaptive Cards. Within your Copilot Studio Agent Flow, you insert the action Post an adaptive card to a Teams channel and wait for a response.

You configure the JSON payload of this card to present the critical details of the change request—such as the risk level, the requester's name, and the proposed implementation window—directly within the designated CAB Teams channel. The flow immediately pauses execution upon posting the card. Once a CAB member reviews the data, selects an approval option, and clicks the submit button embedded in the card, the flow independently captures the Action.Submit payload. It then resumes execution, saving the response directly to the backend database. This mechanism replaces the need for users to navigate away from their primary communication hub to process approvals.

Quick Win: Do you want to empower users to spawn an emergency, ad-hoc CAB meeting instantly from within the application interface? You can accomplish this natively without complex integrations. Add a standard modern button control to your Canvas App and set its OnSelect property to execute the formula: Launch("https://teams.microsoft.com/l/meeting/new"). This elegantly triggers the user's local Teams client and instantly opens a new meeting scheduling window, providing a seamless transition from the app to a collaborative session.

For detailed technical instructions on formatting and routing dynamic JSON cards within flows, reference the official documentation here: https://learn.microsoft.com/en-us/power-automate/create-adaptive-cards.

Selecting Between SharePoint Lists and Dataverse with ALM Governance

You saw Mark build his final solution architecture by manually debating the cost implications of utilizing Dataverse versus the simplicity of deploying a standard SharePoint List. Once his choice was made, he managed his Application Lifecycle Management (ALM) using the legacy methodology of manually exporting unmanaged solutions from a sandbox environment and importing them directly into a production environment.

Today, you would approach this decision strictly through the lens of automated enterprise governance, dictated by the capabilities of Power Platform Pipelines and Managed Environments.

The fundamental decision regarding data complexity remains relevant. SharePoint Lists are highly capable of managing basic, flat schemas and document attachments, especially when provisioned quickly by the new AI List Agent. However, if your change management solution demands strict relational integrity across multiple tables, complex role-based access control (RBAC), or relies heavily on the aforementioned native Teams chat sync capabilities, Dataverse is the mandated backend architecture.

If you select Dataverse, you must integrate into the 2026 ALM landscape, which completely eliminates manual export procedures. The ALM process is now democratized and natively embedded within the maker experience via Power Platform Pipelines.

Your IT administrators initialize this capability by installing the Deployment Pipeline Configuration app. They utilize this interface to rapidly link your Development environments to your Target environments (such as QA and Production).

As an application maker, your workflow is drastically simplified. You simply open your unmanaged solution within your designated development environment and click the native Deploy button integrated directly into the product UI.

The pipeline system immediately executes an automated pre-validation sequence against the target production environment. This intelligent check detects missing dependencies, broken references, or architectural conflicts before the deployment sequence even begins, providing immediate guidance. You are prompted to provide necessary environment variables and connection references upfront. The system validates these inputs to ensure your application automatically connects to the correct production data sources upon arrival, eliminating the need for manual post-processing configurations. The pipeline then autonomously orchestrates the end-to-end operation, handling the export, storing immutable backups in the pipeline host, and executing the secure import.

A critical compliance update took effect in February 2026: Microsoft now automatically converts all pipeline target environments into Managed Environments. This non-negotiable shift strictly enforces premium use rights across your production architecture, meaning every user interacting with the deployed solution must possess the appropriate premium licensing.

To govern this high-value infrastructure, your operations team utilizes the newly released Code App Alerts within the Power Platform Monitor. As an administrator, you navigate to the Alerts section in the admin center and create custom threshold rules scoped specifically to your environment. You select your specific Model-driven or Canvas app, choose a performance metric such as "app open success rate" or "data request latency," and set an operator condition. If the change management app's availability drops below 90%, the system automatically triggers an email to the IT operations team. This enterprise-grade observability allows administrators to transition from reactive troubleshooting to proactive platform management.

Quick Win: Professional developers on your team can bypass the graphical UI entirely to accelerate CI/CD processes. By utilizing the Power Platform CLI and invoking the pac pipeline command group, a developer can deploy the complete change management solution using a single command line argument. The CLI natively interfaces with the pipeline host, handling the end-to-end operation in strict compliance with all organizational policies established by the admin center.

For comprehensive instructions on establishing deployment hosts and configuring automated pipelines, review the documentation here: https://learn.microsoft.com/en-us/power-platform/alm/pipelines.

3. Licensing Quick Reference

Deploying this modernized, agent-driven change management solution requires specific premium licensing tiers. Because target deployment environments are automatically converted to Managed Environments via Power Platform Pipelines, standalone licenses possessing premium use rights are strictly enforced.

Below is a factual breakdown of the required licenses necessary to operate the recommended April 2026 architecture. Prices reflect standard commercial availability as of April 2026, prior to the scheduled global pricing increases affecting broader Microsoft 365 bundles in July 2026.35