Showing results for 
Search instead for 
Did you mean: 
Advocate I
Advocate I

Powerapps Permission/License and not working in Browser when conditional access rule enabled (block Management Azure Management)

Can anyone help me about the following questions...

1. We built a PowerApp and in order to allow everyone else in the organization to use it, we need to turn on their licnese under the business subscription (E3)? Does that mean, once users have licnese, they can also create apps within our company's domain (environment)?


2. The biggest issue we are facing is our internal tech support would like to block normal user access to Azure management portal ( so they followed the article below and applied the conditional access to block the MS Azure Management for normal users. This does the job


However, the PowerApps embeded in the SharePoint page are now asking for signing in. The domain user clicks sign in and will get an error.  Has anyone met similar issue? Really struggle with this and hard to find out the connection between PowerApps and Azure Management...



Community Support
Community Support

Hi @Li ,


1. If you would like the user not be able to create App in the environments, then you may remove the user from the Environment Admin and the Environment Maker, only share the App (set with Can use permission) created in the Environments with the user.

Doing in this way would have those users only be able to use the App shared with them, but have no rights to create new app in the corresponding Environments.


For now, permission configured through the environments have two roles:

Environment Admin, Environment Maker.

Please check the Manage security for your environments part in the following article for more details:

Environments administration in PowerApps


The Environment Maker role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Microsoft Flow. Environment Makers can also distribute the apps they build in an environment to other users in your organization. They can share the app with individual users, security groups, or all users in the organization. For more information, seeShare an app in PowerApps.


2. What is the data source of this app? To access data inside the app, users must sign in and their account must have the proper permission on the data source. For more information, please refer to:




Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks very much for looking into my questions! @v-monli-msft 


Regarding 1. I have already followed the links to remove user roles, however, they can still see the Create button from PowerApps portal, I noticed some people mentioned it's something to do with default environment? if that's ture, that means any user can create PowerApps in the default environment



Regarding 2. The app is talking to SharePoint Online lists, all other connections are Azure function (using API key), Outlook. It is still working on the standalone app (mobile/teams etc.) But giving the error from the embeded PowerApps web part on the SharePoint Online web page. I cannot understand why blocking Microsoft Azure Management will also block web access to PowerApps?


Thanks for your time!

Helpful resources

Power Platform Call June 2022 768x460.png

Power Platform Community Call

Join us for the next call on August 17, 2022 at 8am PDT.

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Users online (1,545)