All Insights

Governing Power Platform and Copilot at scale: what IT leaders need to know

All Insights

Governing Power Platform and Copilot at scale: what IT leaders need to know

  • Centre of Excellence, Video

As Power Platform and Copilot adoption accelerates, many organisations are reaching a tipping point. 

What worked in the past, small teams, manual approvals, tightly controlled development, simply doesn’t hold up at scale. 

In a recent Marra webinar, Sara Nixon, Aoife Dempsey, and Joanne Todd explored what modern governance really looks like and how IT leaders can enable innovation without losing control. 

We’ve shared the key takeaways below or you can watch the full recording here.

 

Centre of Excellence can’t be a gatekeeper  

Traditional Centres of Excellence (CoE) were designed for a very different pace of change. They assumed a relatively small number of skilled builders, working within tightly controlled environments, where governance could be applied through manual reviews and approval processes. 

That model worked before the rise of citizen developers and mainstream introduction of AI.  

Today, organisations are seeing a rapid increase in the number of people building solutions, alongside growing expectations to deliver faster and unlock value from AI. In that context, a gatekeeping CoE doesn’t just slow things down, it actively creates friction, encouraging workarounds and increasing the risk of shadow IT. 

The shift isn’t about removing governance. It’s about rethinking how its implemented. 

 

From control to enablement: redefining the role of the CoE 

What came through strongly in the discussion is that the most effective CoEs today are designed to enable, not restrict. 

Instead of relying on central teams to review and approve every solution, modern CoEs focus on creating the conditions for safe innovation at scale. That means putting the right building blocks in place e.g. templates, reusable components, clear standards, so that makers can move quickly without constantly needing oversight. 

In practice, this changes the experience for everyone involved. Makers are no longer blocked by process, and IT teams gain confidence that what’s being built is aligned to organisational standards. 

It’s a shift from asking teams to follow rules, to designing systems where the right approach happens naturally. 

 

Why proactive governance is replacing reactive control 

One of the most important mindset shifts discussed in the webinar is the move from reactive governance to proactive governance. 

In traditional models, governance often happens after a solution has been created—through reviews, audits, or remediation. But at scale, that approach becomes unsustainable. It’s too slow, too resource-intensive, and often too late to prevent risk. 

Forward-looking organisations are taking a different approach. They’re embedding governance directly into the development process, using automation, policies, and environment design to ensure guardrails are in place from the start. 

This doesn’t just reduce risk, it removes friction. Teams can move faster because they’re not waiting for approvals, and governance becomes something that supports delivery rather than slowing it down. 

 

Building the right foundations for AI and Copilot 

AI introduces a new layer of complexity and urgency. 

As Sara highlighted during the webinar, AI doesn’t just create new risks; it accelerates existing ones. If governance is weak, AI will amplify that. Poor processes become faster. Gaps in visibility become more significant. Shadow IT becomes harder to manage. 

That’s why getting the foundations right is critical. 

Organisations need a clear environment strategy that separates development, testing, and production in a meaningful way. Access controls must be intentional, ensuring people have the right level of permission by default—not more, not less. Application lifecycle management needs to be automated and repeatable, reducing reliance on individuals and improving consistency. 

Just as importantly, there needs to be real visibility. Leaders need to understand what’s being built, who owns it, and how data is being used. And underpinning all of this, standards must be designed to scale. Making it easy for teams to build well, rather than forcing them to figure things out from scratch. 

Without these foundations, AI won’t deliver value safely. With them, it becomes a powerful accelerator. 

 

Bringing AI into governance 

A common concern for many organisations is how to govern AI without slowing down innovation. What became clear in the discussion is that AI doesn’t need to sit outside existing governance models. 

As Aoife from Microsoft explained, tools like Copilot Studio are built within the Power Platform ecosystem. That means they inherit the same environments, policies, and security structures that organisations already have in place. 

This is a significant advantage. It allows IT leaders to extend their existing governance frameworks to cover AI, rather than starting from scratch. 

The key is to ensure that AI operates within clearly defined guardrails, with human accountability remaining central. AI can support decision-making, but it shouldn’t replace it. And like any capability, it should be introduced in a way that aligns with organisational maturity, growing over time rather than being switched on all at once. 

 

A real-world perspective: St John Ambulance 

Hearing from Joanne Todd, CIO at St John Ambulance provided a practical example of what this looks like in reality. 

Operating with a large and diverse user base, including volunteers, St John Ambulance needed an approach that balanced empowerment with strong ethical and security considerations. 

Working with Marra and other dedicated IT partners, they focused on building a CoE that provided structure without limiting innovation. This included developing clear frameworks, creating reusable assets, and investing in communication so that both technical and non-technical audiences understood how and why governance mattered. 

They also introduced a Copilot community to encourage safe experimentation and peer learning, supported by clear guardrails and shared understanding. 

The results speak for themselves. From improved internal processes to volunteer-led solutions, the organisation has been able to gain real value while maintaining confidence in how technology is being used. 

 

Where to start 

For organisations at an earlier stage, the path forward doesn’t need to be complex but it does need to be intentional. 

It starts with understanding your current level of maturity, and aligning on what you want to achieve. From there, it’s about bringing the right stakeholders together and building a governance approach that reflects both your risks and your ambitions. 

Perhaps most importantly, it’s about recognising that you don’t have to do it alone. There is a growing ecosystem of partners, frameworks, and shared experiences that can help you move faster and avoid common pitfalls. 

If you’re navigating how to scale Power Platform and Copilot safely and want a clearer, more confident path forward, we’ve captured the full discussion in our webinar recording. 

Watch the full webinar here to explore the frameworks, real-world examples, and practical guidance in more detail. 

 

Share

LinkedInX

Ready To Move Forward?

Speak with a member of the team today

Contact Us
Red Marra arrow logo