Power Automate Flow Inventory - You Can't Govern What You Can't See

Ask any IT leader how many Power Automate flows run in their tenant. The answer is almost always a guess. “Maybe 20 or 30.” “A handful.” “Not many.”

Then you run an actual Power Automate flow inventory. The real number is often 300, 800, or 2,000. A meaningful fraction are typically owned by people who no longer work at the company. Some haven’t run successfully in months. Others connect to external services that IT never approved. Several may be sending data to personal OneDrive accounts. The CoE Starter Kit’s Maker dashboard documentation describes exactly this orphan-and-unsanctioned-flow pattern as the typical reason organizations install it in the first place.

This isn’t hypothetical. This is what happens in every organization where Power Platform adoption grew organically without governance. Users discover Power Automate, solve their own problems, and move on. Nobody tracks what was built. Nobody reviews what’s running. Nobody knows what happens when those flows break.

You can’t govern what you can’t see. The inventory is step one.

Why Do You Need a Power Automate Flow Inventory?

Without a flow inventory, you cannot identify orphaned flows, enforce naming conventions, audit connector usage, or verify license compliance. A flow inventory gives administrators a single source of truth for every automation in the tenant, enabling informed governance decisions instead of guesswork.

Discovery Methods

There are four ways to discover flows in your tenant, from simplest to most comprehensive.

1. Power Platform Admin Center

The simplest approach. Navigate to admin.powerplatform.microsoft.com, select an environment, go to Resources, and click Flows. You get a list of all cloud flows in that environment with owner, status, and creation date.

Limitations: you can only view one environment at a time. Filtering is basic. There’s no export button for custom analysis. For a tenant with 3 environments, this is manageable. For a tenant with 30 environments, it’s not practical.

Best for: quick spot checks and small organizations.

2. PowerShell Cmdlets

The Get-AdminFlow cmdlet from the Microsoft.PowerApps.Administration.PowerShell module returns detailed information about flows. You can script it to loop through all environments and export the results.

# Install the module
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell

# Get all flows across all environments
$environments = Get-AdminPowerAppEnvironment
$allFlows = @()

foreach ($env in $environments) {
    $flows = Get-AdminFlow -EnvironmentName $env.EnvironmentName
    foreach ($flow in $flows) {
        $allFlows += [PSCustomObject]@{
            FlowName       = $flow.DisplayName
            FlowId         = $flow.FlowName
            Environment    = $env.DisplayName
            CreatedBy      = $flow.CreatedBy.userId
            CreatedTime    = $flow.CreatedTime
            LastModified   = $flow.LastModifiedTime
            State          = $flow.Enabled
        }
    }
}

$allFlows | Export-Csv -Path "FlowInventory.csv" -NoTypeInformation

PowerShell returns the most up-to-date data because it queries the platform APIs directly. Get-AdminFlow returns all cloud flows in an environment. You get flow name, ID, creator, creation date, last modified date, and enabled/disabled state.

Best for: one-time audits, scripted bulk operations, and organizations comfortable with PowerShell.

3. Admin Connectors

Power Platform provides admin connectors that you can use inside Power Automate flows themselves. This means you can build a flow that inventories all other flows. Recursive? Yes. Useful? Extremely.

The relevant connectors:

• Power Automate Management - list flows, get flow details, list flow runs
• Power Automate for Admins (Microsoft Flow for Admins) - disable flows, delete flows, administrative actions
• Power Platform for Admins - environment operations, DLP policies

You build a scheduled flow that runs daily or weekly, calls the admin connector to list all flows across environments, and writes the results to a Dataverse table or SharePoint list. This gives you a continuously updated inventory without manual effort.

Best for: ongoing monitoring with custom logic. You can add classification rules, anomaly detection, and alerting directly in the flow.

4. CoE Starter Kit Core Module

The Center of Excellence Starter Kit is Microsoft’s reference implementation for Power Platform governance. The Core module includes inventory flows that automatically sync all apps, flows, connectors, and environments to Dataverse tables.

The inventory flows run on a driver/sync pattern:

• Admin | Sync Template v4 (Driver) - orchestrates the sync process
• Admin | Sync Template v3 (Flows) - gets cloud flow information using the Power Automate Management connector
• Admin | Sync Template v3 (Flow Action Details) - (optional) gets the actions and triggers for every flow

The CoE Starter Kit stores inventory in Dataverse and includes Power BI dashboards for visualization. It handles the heavy lifting of discovery, deduplication, and incremental sync. The inventory flows only update objects modified since the last sync, reducing API consumption.

Best for: enterprise-scale governance. If you’re serious about Power Platform governance, the CoE Starter Kit is the starting point. You’ll likely customize it, but it provides the foundation.

What to Capture Per Flow

Running a discovery query is step one. Making the data useful is step two. Here is what you should capture for every flow in your inventory:

Classification Framework

Raw inventory data is overwhelming. A flat list of 500 flows isn’t actionable. Classification turns data into decisions.

Classification should be a field in your inventory, not a separate spreadsheet. If you use the CoE Starter Kit, add a custom column to the flow inventory table. If you use a SharePoint list, add a choice column. The classification drives the governance response.

The Orphan Problem

An orphaned flow is a flow whose owner no longer has a valid account. The owner left the organization, their account was disabled, and the flow keeps running. Or tries to. Usually it starts failing because the connections tied to the owner’s account no longer authenticate.

How to Detect Orphans

In the Power Platform Admin Center, orphaned flows show no owner in the Owners column on the environment’s flow resource page. In PowerShell, you can cross-reference the flow creator’s user ID against Microsoft Entra to check if the account is still active.

The CoE Starter Kit does this automatically. Its inventory flows track the maker’s status and flag flows owned by disabled or deleted users.

How to Fix Orphans

Prevent Orphans by Design

The best way to handle orphans is to prevent them. Service principal ownership is the answer for any flow that supports an organizational process.

A service principal is a non-human identity in Microsoft Entra. It doesn’t have a user account that can be disabled when someone leaves. It doesn’t take vacation. It doesn’t change roles. When a flow is owned by a service principal, the ownership is stable regardless of personnel changes.

Key facts about service principal flow ownership:

• Service principals can own and run flows
• For solution-aware flows, connections don’t need to be shared separately with the service principal
• Premium service principal flows need a Power Automate Process or per-flow license
• Standard (non-premium) service principal flows get 25,000 base requests per tenant per 24 hours
• Service principal flows in context of Dynamics 365 applications get higher limits from a tenant-level pool

Connector Audit

Your inventory should tell you which connectors each flow uses. This matters for three reasons:

1. DLP compliance. Data Loss Prevention policies restrict which connectors can be used together. A flow that combines a SharePoint connector (business data) with a personal Dropbox connector (personal storage) might violate your DLP policy. Your inventory should flag these combinations.

2. External service exposure. Which flows connect to services outside your organization? HTTP connectors, custom connectors, and third-party connectors can send data anywhere. You need to know which flows use them and what data they transmit.

3. Premium connector licensing. Flows that use premium connectors require premium licenses. Your inventory should identify which flows use premium connectors so you can ensure license compliance.

The CoE Starter Kit’s optional Flow Action Details flow captures connector and action details for every flow. This is resource-intensive to run but provides the deepest visibility.

Output Format

Where do you store the inventory?

For ongoing governance, Dataverse via the CoE Starter Kit is the right answer. It gives you a continuously updated, queryable inventory with Power BI dashboards out of the box. For smaller organizations or initial assessments, a SharePoint list with a weekly sync flow is a pragmatic starting point.

Keeping It Current

An inventory that’s accurate on the day you create it and wrong the next week isn’t governance. It’s a report.

The CoE Starter Kit’s incremental sync is designed for this. By default, it only updates objects modified since the last inventory run (configurable via the InventoryFilter_DaysToLookBack environment variable, default 7 days). If you need a full re-sync, set the Full inventory environment variable to Yes, run the driver flow, then set it back to No.

Quarterly manual audits are the baseline. If you do nothing else, run a PowerShell export once per quarter, compare it to the previous quarter, and flag new flows, orphaned flows, and flows that stopped running. It’s not ideal, but it’s infinitely better than not knowing what exists.

From Inventory to Action

An inventory isn’t the end goal. It’s the foundation for governance decisions:

• Flows without naming convention compliance? Reach out to the makers, help them rename.
• Loose flows that should be in solutions? Prioritize migration based on classification.
• Orphaned flows? Fix or decommission based on business need.
• Flows using unapproved connectors? Review, approve, or disable.
• Flows that haven’t run in 90 days? Candidate for decommission.
• Flows owned by users without proper licenses? Fix licensing or reassign ownership.

The inventory gives you the data. Your governance process gives you the actions. Without the inventory, you are governing blind. With it, you are making informed decisions.

Start Here

If you’re starting from zero, here’s the pragmatic path:

The inventory is the foundation. Naming conventions tell you what a flow is. Environment strategy tells you where it lives. Solution awareness tells you how it deploys. But the inventory tells you what exists in the first place. Start there.

Power Automate Governance - The Enterprise Playbook

This article is part of a 10-part series:

1. Naming Conventions That Scale
2. Environment Strategy - Dev Test Prod
3. Solution-Aware Flows
4. Flow Inventory
5. Pipelines - Dev to Prod
6. CoE Starter Kit
7. AI-Powered Flow Review
8. Versioning and Source Control
9. The Governance Repo
10. Weekly Governance Digest

AZ365.ai - Azure and AI insights for architects building on Microsoft. Follow Alex on LinkedIn for architecture deep dives.