An administrator needs to prevent users from creating Power Apps outside of the approved environment (Production). The company has a Development and a Production environment. Users should only be able to create apps in Development. Which configuration should the administrator use?
This limits creation to Development.
Why this answer
The Environment Maker role grants permission to create apps within a specific environment. By assigning this role only to the Development environment, users can create apps there but are blocked from creating them in Production, where they lack the role. This directly enforces the requirement without affecting other permissions.
Exam trap
The trap here is that candidates often confuse DLP policies with environment-level permissions, incorrectly assuming DLP can block app creation, when in fact DLP only restricts data connectors and sharing, not the ability to create apps.
How to eliminate wrong answers
Option A is wrong because assigning the Environment Maker role to users in both environments would allow app creation in Production, violating the requirement. Option C is wrong because Data Loss Prevention (DLP) policies control data connectors and sharing, not the ability to create apps; they cannot block app creation itself. Option D is wrong because removing the Environment Maker role from all users in all environments would prevent app creation in Development as well, failing to meet the requirement that users should be able to create apps in Development.