No Code apps built by users – Blessing or curse for IT?


With the public availability of the new AI supported Power Apps by Microsoft, enabling end users to do No Code application development, new opportunities and challenges arise for IT.

When I saw the keynote on new features of M365 during the M365 Virtual Marathon, the first things that came to my mind were “who should support this?” and “That needs a completely new governance approach!”.

To be clear about this: I am not talking about applications developed by IT or external partners – whatever methodology is used, a support concept is (or should be) part of the final product. In the ideal world the product will fit into the established processes like change and release management, service portfolio management and so on. Even in the real world, where not everything runs as ITIL would like it to, either IT or an external partner will provide support for the users and will take care for the application and its future. So, basically, nothing to worry about.

From the old world…

The thing I want to shed some light on is applications developed by end users. In the Microsoft world, VBA macros in Office products were the standard playground for power users. Everyone who has done a Microsoft Office release upgrade has, I am sure, made some experiences with user built VBA code. In fact, VBA Office macros can be a real nightmare when it comes to release and language dependencies, and test and migration efforts during Office release upgrades are often underestimated during project preparations.

Talking about ongoing support, as IT it is quite easy to write into your SLAs that VBA support will only be done up to certain point, for example as far as the skill set of the 1st level support reaches. Or you contract some external VBA developers to do the 2nd level support in case a user has a problem with an application that was inherited from a colleague who left the company. Costly, but manageable.

When it comes to governance, there is not that much about it. Although you could use VBA to send mails around and automate mostly everything a user can do manually, it is still possible to restrict a lot of “evil” things by applying client GPOs. So, regardless of if you are in a small or enterprise grade business, user developed applications in the old MS world are something you could handle.

…to the new world

Let’s get back to the keynote mentioned above. Have you ever implemented an automatic invoice recognition and processing solution? Quite a big project, especially when SAP is involved (what it usually is in bigger companies). What really impressed me in the keynote was a live demo, where exactly that (without SAP) was shown. Based on Power Tools, AI and SharePoint, within minutes an application was built that recognises scanned invoices and creates entries in a SharePoint list with columns holding key figures from the invoices. Building the application required basically nothing but the mouse, and some very few keystrokes for entering field names. Not a single line of code, no highly sophisticated middleware. And, most important: completely set up without IT being involved – provided that the tools had been made available to the end user beforehand.

Regarding other governance topics such as data leakage prevention, Microsoft has learned a lot in the past months. With the standard, non-AI based security features you needed to set up dedicated rules, e.g. based on keywords. Nowadays you are able to define rules based on soft criteria like “contains financial data”, i.e. blocking everything that contains credit card numbers, account data, and so on. If you think this a bit further, you need to consult all business departments when setting up your new DLP rule set, and get a clear understanding of the communication requirements. I see this as a key topic for the future IT governance: Creating clear regulations on the use of the modern tools.

A real life example: In Exchange Online you could apply a very granular rule set to define which kind of information flow is allowed and which not. But: these rules only worked for traffic through your own Exchange. As soon as a user set up a flow in MS Flow, the standard Microsoft mail environment outside your tenant was used to send mails, completely circumventing your EXO rule set. I have no information if that will change with the new AI based DLP.

And beyond Microsoft?

Outside the MS world, an example for a no code development by the business is an application that was presented on a BMC user group meeting some time ago. Based on BMC’s Business Process solution, a logistics department was able to create a full blown driver and fleet management related application more or less on their own. It was a pilot project which was closely monitored and, where necessary, supported by IT, in a company where IT and the business had already been working closely together for quite some time.

Power users: the new IT

The example above shows that if IT is involved in application development done by the business in a way that the same rules are applied to those applications as for the “classic” ones, application development by the business can be a benefit for both IT and the business. For IT, it is a chance to overcome the shortage of qualified developers. For the business, tailor made applications can be made available a very short notice, and with a high flexibility in rapidly changing market situations. And compared to the old times, where “the IT” delivered the applications “the users” worked with but not on, the Digital Natives are now entering all kinds of companies, bringing in a completely different mind set and IT affinity, thus pushing the necessary cultural changes also into old fashioned, hierarchical structured “old economy” enterprises.

The right amount of governance

The larger the company gets, the stronger the governance on IT use needs to be. This can be either in the direction of not allowing the business to develop their own applications, which is counter productive in times of rapid change and a lack of qualified IT staff. Or it can be in the direction of allowing the business to develop their own applications as far as technically possible, but at the same time clearly defining who is in charge of support and at which level, and from IT side fully understanding and utilising all means of data security, leakage prevention etc.


If enabling the usage of the modern tools is done properly, it will be a benefit for all. If not, I see a strong risk of a rapidly growing shadow IT. In any case, the role of the classic IT has to change from a solution provider towards a solution enabler.

Further reading

Power Apps: AI Builder

Bookmark the permalink.

3 Responses to No Code apps built by users – Blessing or curse for IT?

  1. Luis Suarez says:

    Hi Dirk, another great post that ties in with our previous conversation, specially, with the wonderful reflection you have shared above on the new role to be developed by IT: ‘[…] the role of the classic IT has to change from a solution provider towards a solution enabler’. This is key, indeed, and I love you have used the concept of ‘solution enabler’. Spot on!

    There is no question that governance is going to be key from here onwards, because while power users can now have the ability to develop their own apps it doesn’t necessarily mean they should / would / could.

    It’s one of the typical behaviours from IT vendors out there: throw a whole bunch of new features and capabilities into the wall and see what sticks (and what doesn’t!) and then re-focus on those efforts. Alas, that ‘spaghetti game’ doesn’t seem to be a good approach overall, because there is something else missing in the equation at the moment: a good use case / business case.

    Like I said, just because it’s now possible to develop such apps, it doesn’t necessarily mean people should do it, unless there is a very good use case for it. And for that the business needs to understand those new creations need to fit a purpose. Otherwise, it’s a waste of energy, effort, attention, but also unnecessary incurred costs.

    Why I liked your approach as well as to how important governance will be from here onwards. But not necessarily as a gatekeeper trying to cap all efforts, but, like you well pointed out, governance as a solution enabler.

    Interesting times ahead, that’s for sure!

  2. Jan Zeysing says:

    Hello Dirk,
    I think the current situation is not so much different with respect to application / solution development as it has been before. The “no code apps” are somehow the “new Excel”. Individual “solution development” has always been part of (at least my) IT reality. Current technology allows just for more conplex solutions and an even wider range of users being able to develop these.
    From my perspective the main topic should not be the application (no code development) but the “platform”, data and information. The “platform” is the Technology (IT) that enables the users to develop their solutions in an “supported environment” (maintenance, patching, backup/recovery, …). The data / information aspect has to take care of the data for input (where does the no code app get data from? Who ensures that the data is correct?) as well as for the data / information from the output (to make sure that the processed data / information is of quality and can become part of a corporate data / information store to become input for further processes and reports? This part is about data management or information management (IM). I believe that this is where real benefit for an organisation comes from. And this is where you need to understand the business (be part of the business). Therefore I think internal organisations should evolve from IT to IM.

    • Dirk Klassen says:

      Jan, thanks for your thoughts on this! You are right pointing out that evolving from Technology to Management should be the target for IT. But I don’t see a real conflict to what I wrote. On the contrary, I think it is basically the same idea put in other words. And, thanks for diving deeper into the data part! I should have elaborated this a bit further. Governance is probably the wrong word, because what I meant is not only support and security, but also everything you wrote regarding platform as well as data. And I assume we both think of all kinds of business, production and whatever other data. With more and more “digitisation” (see my last post) happening “in the field”, more and more valuable data is being produced outside IT that needs to be dealt with properly – by IT (IM). Agreed!
      A remark on where I see the difference to the “legacy” VBA apps: The “new Excel” in terms of the M365 Power AI or BMC Business Processes is in my opinion more than just an evolution, as it enables end users to create and use apps on a much larger scale than before.