cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
PlanetWilson
Frequent Visitor

Audit run data for a Flow

I can see run data in the run history of Flows in the admin centre. How can I get to that data programmatically?

Given we cannot easily restrict which instances of services that a Flow connects to with a connector, I wish to monitor where Flows transfer data to. The Office 365 audit log only captures changes to Flows, not the actual running instance data.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @PlanetWilson,

Not sure if it will work with a service principal. Can you ensure the account has Power Platform Admin role in Office 365, and if that doesn't work can you try with tenant/global admin role:

2020-08-29_12-38-09.png

And then here's a snippet to get it working:

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
 
$pass = ConvertTo-SecureString "password" -AsPlainText -Force
Add-PowerAppsAccount -Username "foo@bar.com" -Password $pass

foreach ($env in (Get-FlowEnvironment "environment")) {
     foreach ($flow in (Get-AdminFlow -EnvironmentName $env.EnvironmentName)) {   
        foreach ($run in (Get-FlowRun -EnvironmentName $env.EnvironmentName -FlowName $flow.FlowName)) {
            #do stuff!
        }
    }
}

 

View solution in original post

17 REPLIES 17
EricRegnier
Super User
Super User

Hi @PlanetWilson,

You can get all the run history with PowerShell with the new PowerShell Cmdlets (in preview). Use the Get-FlowRun command to retrieve all the run history for a specific flow. If you want to get it for all, you'll have to loop through all the flows by using the Get-AdminFlow in the environment and run Get-FlowRun for each.

More info on the PowerShell Cmdlets: https://docs.microsoft.com/en-us/power-platform/admin/powerapps-powershell 

Hope this helps..

Thanks - I am really struggling to get this working properly though. I can connect with a user account who is admin and get a list of Flows but to get the detailed run history I can only do that if I am a Flow owner and I don't want to start editing Flow ownerships.

 

If I instead create an appreg and service princpial and give it all the Flow permissions and use that, I can connect but I get errors back from the call it makes:-

 

{"error":{"code":"Forbidden","message":"The service principal with id '05a648a9-a973-4a7c-bd5b-bdcc3c4f3333' for application d28391d3-6efc-4394-a617-35b0176f3333 does not have permission to access the path 'https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments?$exp...' in tenant 1852a578-cc98-460b-89dc-8af158ad3333."}}

 

and no matter which permission I attempt to give to the app I always get this...

 

Does anyone have any ideas? because the only way to resolve this would be to alter the permission of each and every Flow to get the run history

 

Hi @PlanetWilson,

Not sure if it will work with a service principal. Can you ensure the account has Power Platform Admin role in Office 365, and if that doesn't work can you try with tenant/global admin role:

2020-08-29_12-38-09.png

And then here's a snippet to get it working:

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
 
$pass = ConvertTo-SecureString "password" -AsPlainText -Force
Add-PowerAppsAccount -Username "foo@bar.com" -Password $pass

foreach ($env in (Get-FlowEnvironment "environment")) {
     foreach ($flow in (Get-AdminFlow -EnvironmentName $env.EnvironmentName)) {   
        foreach ($run in (Get-FlowRun -EnvironmentName $env.EnvironmentName -FlowName $flow.FlowName)) {
            #do stuff!
        }
    }
}

 

Thank - so I am definitely running as a tenant admin here with a user account and not a service principal now. The only way I get data back from the Run history is if I add the user performing the PowerShell cmdlets as a Flow Owner first. Otherwise you get forbidden back from the call.

Sorry for my late reply. I just re-tested it and a service account who's global admin or Power Platform admin can retrieve run history of flows owned by other users. Have you tried my snippet? Also, to better support would it be possible to share a cut down version your script? Cheers

I am using your script exactly, with an additional line which calls write-host with the contents of $run. I only get entries back from the Get-FlowRun call from the Flows where the user described in the Add-PowerAppsAccount has ownership.

 

And you replaced “environment” with your environment display name at the line Get-FlowEnvironment?

Yes I did, it's in the form "Default-<guid>" and I do get run history data for some Flows - the ones where I am also an owner.

Strange then... it’s hard to investigate further without having access but I would submit an Microsoft Support Ticket at: https://admin.powerplatform.microsoft.com

Helpful resources

Announcements
Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Power Apps Africa Challenge 2022

Power Apps Africa Challenge

Your chance to join an engaging competition of Power Platform enthusiasts.

Super User 2 - 2022 Congratulations

Welcome Super Users

The Super User program for 2022 - Season 2 has kicked off!

September Events 2022

Check out all of these events

Attend in person or online, there are incredible conferences and events happening all throughout the month of September.

Users online (2,968)