Desktop Flows (RPA): Modes and Governance

Introduction to Desktop Flows

Desktop Flows are the Robotic Process Automation (RPA) component of Microsoft Power Automate. They enable automation of manual processes executed on legacy applications or systems that lack standard APIs. This automation replicates human actions—such as clicks, mouse movements, typing, or window interactions—allowing automation capabilities to extend beyond cloud boundaries.

Desktop Flows are designed to work in synergy with Cloud Flows, creating hybrid automation architectures. In a typical scenario, a Cloud Flow triggers a Desktop Flow on a dedicated machine to perform local or legacy-system operations, then retrieves results to continue subsequent processing steps.

This architecture ensures flexibility and scalability, enabling orchestration of complex workflows that integrate both cloud and on-premises infrastructure.

Execution Modes: Attended and Unattended

Microsoft Power Automate Desktop provides two operational modes for desktop flow execution:

Attended Mode

In this mode, a user signs into their computer and actively participates in the Desktop Flow execution. It is commonly used during development, testing, or in assisted automation scenarios for daily tasks. Users can manually trigger flows or receive completion notifications.

• Requires interactive user access.
• Ideal for assisted automation, training, or demonstrations.
• Supports debugging and step-by-step analysis.

Unattended Mode

The unattended mode is designed for production environments, where Desktop Flows run autonomously without human intervention. The machine logs in automatically and executes scheduled or triggered flows from a Cloud Flow.

• Does not require user presence.
• Suitable for production or high-volume processes.
• Supports centralized orchestration and remote management.

Both modes rely on the Machine Runtime App to connect the Power Automate cloud with local computers, replacing the previous On-Premises Data Gateway. This app supports both single-machine and multi-machine configurations, enabling horizontal scalability and load balancing.

For more technical details, refer to the official Power Automate Desktop documentation.

Components and Architecture of Power Automate Desktop

The Power Automate Desktop system consists of multiple components working together to deliver full automation capability:

• Power Automate Desktop: the main application for creating, testing, and running desktop flows.
• Browser Extensions: extensions for Microsoft Edge, Google Chrome, and Mozilla Firefox required for automating web applications.
• Machine Runtime App: manages hybrid connections between the Power Automate cloud and local computers to execute unattended flows.

Desktop Flows can be designed manually by selecting actions within the graphical interface or by using recording to capture user activity. Afterwards, steps can be optimized, input/output variables defined, and flows modularized for reuse.

For licensing details required for Power Automate Desktop, visit the Power Automate Licensing Types page on Microsoft Learn.

Desktop Flow Security and Governance

Security is a critical aspect in RPA design and management. Desktop Flows, especially in unattended mode, operate on sensitive enterprise resources and must adhere to the same governance policies applied to other Power Platform components.

Authentication and Access Control

Desktop Flows use user credentials or service accounts configured for automatic execution. Authentication is handled by Azure Active Directory and can integrate with Conditional Access and Multi-Factor Authentication to ensure that only authorized users and devices can launch or modify flows.

Environment Isolation

Each Desktop Flow should be associated with a dedicated Power Platform environment, controlling resources, connectors, and DLP (Data Loss Prevention) policies. In enterprise scenarios, organizations can leverage Managed Environments to monitor and restrict flow sharing.

Orchestration and Monitoring

Desktop Flow orchestration can be managed from the cloud via Power Automate, which allows initiating, scheduling, and monitoring flows from a single console. Execution metrics, logs, and errors are centralized for full auditability.

Best governance practices also recommend using Managed Environments and defining run policies to limit concurrent executions and manage unattended flow queues.