How are you handling self-service tools and shadow App development?
We have just started rolling out PowerBI internally (slowly) and are working towards external sharing of reports and dashboards.
We are looking at utilizing workspaces to help control security and access as well as looking into RLS (row level security) on our datasets when we share information.
I will tell you it took us a little bit to understand ho we would adapt our governance around deployment and management of the gateway's and workspaces. Hence the slow roll out.
Our plan is company wide roll out by end of summer.
We utilize data loss prevention (DLP) policies within O365 to help with governance related to data compliance within the tenant. Users may create automations within O365 applications, however we have controls in place to ensure company data isn't shared externally unless there is a business justification. Events are logged and monitored at the O365 security and compliance admin central. We also control which O365 sites are have external sharing enabled and put extra policies in place on those sites.
We are embracing "solution makers" throughout our business by providing a way to promote the solutions they are building, while also providing them with best practices and guidelines on how to correctly use Power Apps to build out a solution to solve their immediate problems. We are working on cultivating an internal community of these like minded solution makers so they can share ideas with each other. IT is working as a background facilitator to offer training, help, and guidance so these users can build and own their own solutions.