Episode Details
Back to Episodes
Generative Pages low‑code safety: why clicking “Edit Code” turns your Power App into a pro‑code risk
Season 1
Published 5 months, 4 weeks ago
Description
Generative Pages low‑code safety: in this episode of M365.fm, Mirko Peters explains why Microsoft’s Generative Pages feel like the final victory for low‑code—type a sentence, get a working React page—but in reality smuggle full pro‑code risk into environments that were never designed to carry it. He starts with the illusion: you describe a dashboard, GPT‑5 assembles a beautiful page that talks to Dataverse, and it all lives inside Power Apps, so it feels governed, sandboxed, and “safe by default.”
Mirko then shows where that illusion breaks the moment you click Edit Code. At that point, the page stops being managed configuration and becomes source code: React, JSX, npm dependencies, and custom logic that Microsoft no longer maintains for you. The declarative safety net of low‑code—type checks, platform‑level upgrades, centralized patching—vanishes, and you suddenly own version drift, security updates, and every subtle bug that comes with imperative UI code. The app still looks like Power Apps on the surface, but underneath it has switched from governed metadata to unmanaged JavaScript.
He walks through the technical debt that quietly appears: React version mismatches when the platform upgrades its renderer, npm packages that need patching for CVEs, Dataverse schema changes that no longer auto‑propagate, and custom logic that bypasses platform‑level guardrails. The result is a two‑layer app: a friendly low‑code shell for makers, hiding a growing pile of pro‑code complexity that only experienced developers can safely touch. Instead of eliminating the need for devs, Generative Pages often create stealth projects that IT inherits only when something breaks in production.
Throughout the episode, Mirko argues that Generative Pages are powerful—but must be treated as pro‑code projects the moment code editing is enabled. That means Git repos, code reviews, CI/CD, dependency management, and security scanning, not “we’ll let the agent fix it later.” He gives you a simple rule of thumb: if a page stays within the generated, metadata‑only model, it behaves like safe low‑code; if you ever open the React layer, it belongs under the same governance as any custom web app.
You’ll also hear how to talk about this with stakeholders: low‑code as a managed city with zoning laws, pro‑code as open construction that demands architects and inspectors. Generative Pages are the zoning exemption—useful when you truly need it, dangerous when handed out casually to citize
WHAT YOU WILL LEARN
Generative Pages didn’t kill low‑code—they killed the illusion that low‑code is always safe. The moment you unlock React, you’re no lon
Mirko then shows where that illusion breaks the moment you click Edit Code. At that point, the page stops being managed configuration and becomes source code: React, JSX, npm dependencies, and custom logic that Microsoft no longer maintains for you. The declarative safety net of low‑code—type checks, platform‑level upgrades, centralized patching—vanishes, and you suddenly own version drift, security updates, and every subtle bug that comes with imperative UI code. The app still looks like Power Apps on the surface, but underneath it has switched from governed metadata to unmanaged JavaScript.
He walks through the technical debt that quietly appears: React version mismatches when the platform upgrades its renderer, npm packages that need patching for CVEs, Dataverse schema changes that no longer auto‑propagate, and custom logic that bypasses platform‑level guardrails. The result is a two‑layer app: a friendly low‑code shell for makers, hiding a growing pile of pro‑code complexity that only experienced developers can safely touch. Instead of eliminating the need for devs, Generative Pages often create stealth projects that IT inherits only when something breaks in production.
Throughout the episode, Mirko argues that Generative Pages are powerful—but must be treated as pro‑code projects the moment code editing is enabled. That means Git repos, code reviews, CI/CD, dependency management, and security scanning, not “we’ll let the agent fix it later.” He gives you a simple rule of thumb: if a page stays within the generated, metadata‑only model, it behaves like safe low‑code; if you ever open the React layer, it belongs under the same governance as any custom web app.
You’ll also hear how to talk about this with stakeholders: low‑code as a managed city with zoning laws, pro‑code as open construction that demands architects and inspectors. Generative Pages are the zoning exemption—useful when you truly need it, dangerous when handed out casually to citize
WHAT YOU WILL LEARN
- Why Generative Pages feel like safe low‑code while quietly introducing full procode risk.
- What really happens when you click Edit Code and your page becomes unmanaged React and npm dependencies.
- How version drift, schema changes, and security updates turn AI‑generated React into technical debt.
- When Generative Pages must be treated as full software projects with Git, reviews, and CI/CD.
- How to explain to makers and leaders that “describe your page” is not the same as “no developers needed.”
Generative Pages didn’t kill low‑code—they killed the illusion that low‑code is always safe. The moment you unlock React, you’re no lon