cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Advocate III
Advocate III

DevOps Power Apps Build Tools - Service Principal and MFA

In attempting to automate source control / build / release tasks, our org recently looked into using DevOps with Power Apps Build Tools.

 

Wanted to share our experience here to see if anyone else had similar problems.

 

So far, we’ve only started with the Export/Unpack pipeline for migrating a solution from a dev environment into source control in DevOps.

 

We had a lot of trouble with the service connection to CDS. When I was attempting to connect with my credentials (sys admin in environment with dynamics service admin role in 365 center), the Export Solution task would always time-out in the pipeline.

 

Our org uses MFA by default on all office365 accounts as the rule; it takes a special exception (read; act of god) for non-MFA access. I suspect that the service connection was the issue because it was setup with my credentials (which would prompt MFA).

 

So, we attempted to change the service connection using a service principal.  We created a new app registration in azure and configured an application user in the target CDS environment that was connected to the app registration. The app user was granted system customized role.  We then reset the DevOps service connection to use the service principal.  No luck- still timeout.

 

Next, we ended up creating a new Office 365 user in exchange and our exchange admin set it to not require MFA. We gave the account a D365/PowerApps/Flow license and when the account synced to the CDS environment, assigned it the system customizer role.  I verified the user was set to Read\Write and then logged in as this new user to verify that I didn’t get MFA prompts.  Success.

 

Back in DevOps, we changed the service connection to use this new user account’s credentials and reran they build pipeline.  Success.

 

So, we are now in a space where the following is less than ideal because we had to create a user that consumes licenses.

 

Is there something that we’re missing on getting a service principal working correctly for the DevOps tasks?

1 REPLY 1
Highlighted
Microsoft
Microsoft

Hi,

 

Looking through your post here, I am not certain myself. It seems like it should have worked fine before but MFA is tricky and not something that I work on often. This might be a better question for Microsoft Support. I will include a link below; on creating a ticket with them. Otherwise if any other communities members might know feel free to chime in.

 

If you would like to create a ticket with Microsoft Customer Support here is a link on how to do so: https://docs.microsoft.com/en-us/power-platform/admin/get-help-support

 

Regards,

 

Alex

 

-------

 

Community Support Team _ Alex Rezac
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

News & Announcements

Community Blog

Stay up tp date on the latest blogs and activities in the community News & Announcements.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Community Highlights

Community Highlights

Check out the Power Platform Community Highlights

Users online (8,145)