cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft.PowerApps.Administration.PowerShell should be useable with read access

I used to be able to use the Microsoft.Xrm.OnlineManagementAPI powershell module with a service account with Service Admin rights. The new Microsoft.PowerApps.Administration.PowerShell module requires global admin and that the user has logged into the power apps admin center.

 

These requirements mean there is no upgrade path for scripts that are pulling information out from PowerApps as no organization in its right mind is going to give global admin rights out to every body, and definitely not to a service account.

 

I have a simple script that extracts information on all D365 instances in our tenant and posts it somewhere our developers can see it. I've updated it to use the new module but cannot get an account to run it under.

 

 

Add-PowerAppsAccount -Username $Email -Password $secpasswd

$result = Get-AdminPowerAppEnvironment

$result = $result | select-object @{N='Name';E={$_.DisplayName}}, @{N='EnvironmentURL';E={'[' + $_.Internal.properties.linkedEnvironmentMetadata.instanceUrl + ']'}}, @{N='Purpose';E={($_.Internal.properties.description,' ' -gt '')[0]}}, @{N='Security Group';E={($_.Internal.properties.linkedEnvironmentMetadata.securityGroupId,' ' -ne [system.guid]::empty)[0]}}, @{N='EnvironmentType';E={$_.Internal.properties.environmentType}}, @{N='Version';E={$_.Internal.properties.linkedEnvironmentMetadata.version}}
$result = $result | Sort-Object -Property Name

# Attach Azure AD Security Group Name
Connect-AzureAD -Credential $creds | Out-Null

$result | ForEach-Object -Process {
    if ($_.'Security Group' -ne ' ' -and $_.'Security Group' -ne $null) {
        $group = Get-AzureADGroup -ObjectId $_.'Security Group'
        if ($group) {
            $_.'Security Group' = $group.DisplayName
        }
    }
}

 

 

Status: New