On July 14, 2026, HERE Enterprise opened a limited preview of HERE Studio, a tool that lets employees describe a business application in plain language and have it built for them—inside the company’s controlled browser environment. For Windows administrators in regulated industries, it’s a potential answer to the chronic problem of users creating ungoverned workflows with sensitive data.
The announcement marks a notable shift in how organizations can approach citizen development. Rather than blocking employees from building their own tools entirely, IT teams can now offer a sanctioned path that keeps everything inside the browser workspace they already manage.
What’s Actually Inside the Preview
HERE Studio lives inside the HERE Enterprise Browser, a governed workspace already used by many financial institutions, healthcare organizations, and government agencies. It works like this: an employee types a description of an app they need—say, a dashboard that pulls client data from Salesforce, ServiceNow, and an internal PostgreSQL database—and the system generates a functional application, complete with visualizations and interactive elements. The app then gets published within the browser, with access assigned to specific users or groups.
But the real hook isn’t the prompt-based generation itself. Plenty of tools have promised that. The differentiator is the “AI contract” that HERE applies from the moment an app is created. This contract enforces the organization’s data classifications, brand standards, API entitlements, interoperability rules, and security policies. In practice, that means Studio can only use the AI models your company has already approved—whether that’s Microsoft Copilot, Claude Enterprise, ChatGPT Enterprise, Google Gemini, or a proprietary model running on your own infrastructure. It can only access data sources, APIs, and retrieval-augmented generation (RAG) systems that IT has whitelisted. And no intellectual property or sensitive data ever leaves the governed workspace.
Apps built with Studio can be assembled into “Supertabs,” which are dashboard-style workspaces that pull together multiple apps and widgets, sharing data between them while respecting governance boundaries. Individual users can personalize layouts, but the underlying app logic and data connections remain within the guardrails set by administrators.
What It Means for Windows Shops
For Windows administrators, particularly those in finance, healthcare, or government, HERE Studio addresses a familiar headache: the employee who spins up a payment calculator in an unmanaged web service, pastes customer data into a public AI chatbot, or builds a workflow in a low-code sandbox that bypasses all identity and logging controls. Those tools often become business-critical before IT ever knows they exist. And once they’re embedded, untangling the compliance mess can be a nightmare.
HERE Studio gives admins a structured alternative. Because the entire experience runs inside the HERE Enterprise Browser—which itself integrates with Microsoft Entra ID, Okta, and other identity providers—IT can control who can build apps, which data sources are available, and how generated apps are published and monitored. Audit trails are built in. Role-based access can be fine-tuned. And if a generated app suddenly needs to be revoked, it can be done from the same admin console that governs the browser.
But this is not a drop-in replacement for Microsoft Power Platform nor a full-blown development environment. Studio’s scope is intentionally narrow: task-focused internal tools that live inside the HERE ecosystem. Organizations already invested in Power Apps may not see a compelling reason to adopt another builder, especially if their compliance needs are already met. The appeal of Studio is strongest in environments where the tolerance for configuration drift is near zero and where every external service must be vetted. If your security policy forbids employees from using public low-code platforms, HERE Studio provides a compliant sandbox that you control.
End users in these organizations may feel liberated—or constrained. They gain the ability to create personalized dashboards without waiting for IT to allocate developer resources. A sales manager can build a “Start of Day” view that combines data from eight systems, no prompt engineering required. But they can only build with the parts IT gives them. For many, that trade-off will be acceptable; for others, it may feel like a gilded cage. The success of the tool will hinge on how well admins tune the available building blocks to meet actual workflow needs.
How We Got Here
HERE Enterprise has been building out its governed browser platform for years, rooted in the financial industry’s need for secure, interoperable workspaces. The company created the FDC3 standard (now part of FINOS under the Linux Foundation) to allow browser-based apps to share context securely without opening up cross-origin risks. With Studio, it’s layering an app-generation capability on top of that foundation, responding to the rise of “vibe coding”—a term increasingly used to describe the practice of non-developers creating software through natural language prompts.
Low-code and no-code tools have exploded across the enterprise, but regulated industries have lagged behind. The risks are real: data leakage, unauthorized API consumption, non-compliant interfaces, and the lack of an audit trail. Microsoft has tackled some of these issues with Power Platform’s governance controls and Dataverse, but those solutions still often require separate admin consoles and can feel disconnected from the browser-based workflows that employees actually spend their days in. HERE’s bet is that baking the builder directly into the user’s primary workspace—and enforcing governance at the browser level—will close the shadow IT gap more effectively than platform-level controls alone.
What to Do Now
If you’re a Windows administrator or IT decision-maker in a regulated organization, the preview means you have a new option to evaluate—but not one you can jump into tomorrow. HERE Studio is limited to existing HERE Enterprise Browser customers, and the company hasn’t announced broader availability or pricing. Still, you can start preparing:
- Verify eligibility: Confirm whether your organization already uses HERE Enterprise Browser. If not, this preview isn’t for you yet.
- Map your current citizen-development gaps: Identify the spreadsheets, unsanctioned SaaS tools, or prompt-based workflows that already exist in your environment. Understanding what employees are building illicitly will help you configure Studio’s guardrails effectively.
- Review your AI governance stance: Studio requires you to designate approved AI models and RAG systems. If you haven’t already formalized which models staff can use, now’s the time.
- Audit API entitlements: The app builder will only be as secure as the APIs you expose to it. A rigorous review of which systems Studio can pull data from is essential before you let anyone type a prompt.
- Test with a pilot group: If you get into the preview, don’t roll it out widely. Pick a small team with a clear, bounded use case—like consolidating customer service views—and walk through the full governance lifecycle: design, approval, publishing, monitoring, and revocation.
- Compare with Power Platform: For Microsoft-centric shops, contrast Studio’s browser-level governance with Power Platform’s own compliance features. Some organizations may find that a combination of the two is ideal, using HERE for highly sensitive browser-first workflows and Power Platform for broader app development.
Remember: “Compliant by construction” is a product aspiration, not a certification. You’ll need to validate that the AI contract actually enforces your policies the way you expect. Request a detailed technical architecture from HERE’s support team, and test edge cases—like a user crafting a prompt that tries to exfiltrate data through an unexpected channel.
What to Watch Next
HERE Studio represents an intriguing front in the enterprise AI governance war. As other browser vendors and low-code platforms race to add natural-language app builders, the accountability for security will increasingly fall on the execution environment. Expect Microsoft to respond with tighter integration between Edge, Copilot, and Power Platform controls. For now, the preview of HERE Studio is a signal that regulated Windows shops can have both self-service app creation and strict compliance—if they’re willing to build inside a browser that acts as a fortress. Keep an eye on HERE’s general availability announcements, and listen for feedback from early financial services adopters. The measures you take today to catalog your ungoverned workflows will pay off when this sort of technology becomes mainstream.