Power Apps Code Apps GA: Code-First Web Apps
Summary
Microsoft has made Power Apps code apps generally available, giving developers a code-first way to build web apps with frameworks like React or Vue while using 1,400+ Power Platform connectors and standard local development tools. It matters because apps deployed through Power Platform’s managed host inherit enterprise governance features such as Microsoft Entra ID authentication, built-in connector authorization, and runtime DLP enforcement—helping organizations scale custom app development without sacrificing security or IT control.
Introduction: Why this matters
Organizations are building more custom apps than ever—often accelerated by AI-assisted development and code generation. That speed is great for delivery, but it can increase risk if apps proliferate without consistent identity, data controls, and operational visibility. Power Apps code apps (now generally available) aim to close that gap by letting web developers build with familiar frameworks while IT retains governance and security through Power Platform.
What’s new: Code apps in Power Apps (GA)
Code apps bring a “code-first” experience to Power Apps while still leveraging platform services.
Developer experience (build your way)
- Use modern web frameworks such as React, Vue, or other JavaScript frameworks of choice.
- Local development in your preferred IDE with existing toolchains and workflows.
- JavaScript access to 1,400+ Power Platform connectors, used like standard APIs.
- Deploy to the Managed Host, where apps run within Power Platform and automatically inherit enterprise controls.
IT governance and security (govern at scale)
Each code app becomes a governed Power Platform asset, helping IT manage an expanding app landscape without blocking developer productivity:
- Zero-config authentication via Microsoft Entra ID, avoiding custom authentication implementations.
- Built-in connector authorization with automatic consent flows.
- DLP policy enforcement at runtime, reducing the need for app-level code changes to meet data governance requirements.
- Conditional Access compliance, ensuring apps respect organizational access policies.
- Health monitoring and diagnostics through the Power Platform Monitor.
- App lifecycle management (ALM) support via Power Platform deployment and versioning tools.
Impact for administrators and platform owners
- Improved control without heavy lift: With Entra ID auth, DLP, and Conditional Access aligned to the platform, governance is applied consistently across code apps.
- Better visibility: Code apps show up as managed assets, enabling inventory, monitoring, and operational oversight.
- Connector governance becomes critical: Because developers can call connectors directly from JavaScript, connector permissions, consent policies, and DLP boundaries become central to risk management.
Action items / next steps
- Review DLP policies to ensure connector classifications (Business/Non-business/Blocked) align with code app usage scenarios.
- Validate Conditional Access coverage for Power Platform and ensure intended device/user conditions apply to hosted code apps.
- Establish an ALM path (environments, solution strategy, versioning, deployment) for code apps alongside existing Power Apps assets.
- Update developer guidance: standardize templates, connector usage patterns, and monitoring expectations.
- Pilot with a controlled environment and monitor usage/telemetry in Power Platform Monitor before broader rollout.
For implementation guidance, Microsoft points to the Quickstart and documentation, plus community GitHub templates and samples to accelerate adoption.
Need help with Power Platform?
Our experts can help you implement and optimize your Microsoft solutions.
Talk to an ExpertStay updated on Microsoft technologies