cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
NewcombR Advocate II
Advocate II

DevOps Power Apps Build Tools - Service Principal and MFA

In attempting to automate source control / build / release tasks, our org recently looked into using DevOps with Power Apps Build Tools.

 

Wanted to share our experience here to see if anyone else had similar problems.

 

So far, we’ve only started with the Export/Unpack pipeline for migrating a solution from a dev environment into source control in DevOps.

 

We had a lot of trouble with the service connection to CDS. When I was attempting to connect with my credentials (sys admin in environment with dynamics service admin role in 365 center), the Export Solution task would always time-out in the pipeline.

 

Our org uses MFA by default on all office365 accounts as the rule; it takes a special exception (read; act of god) for non-MFA access. I suspect that the service connection was the issue because it was setup with my credentials (which would prompt MFA).

 

So, we attempted to change the service connection using a service principal.  We created a new app registration in azure and configured an application user in the target CDS environment that was connected to the app registration. The app user was granted system customized role.  We then reset the DevOps service connection to use the service principal.  No luck- still timeout.

 

Next, we ended up creating a new Office 365 user in exchange and our exchange admin set it to not require MFA. We gave the account a D365/PowerApps/Flow license and when the account synced to the CDS environment, assigned it the system customizer role.  I verified the user was set to Read\Write and then logged in as this new user to verify that I didn’t get MFA prompts.  Success.

 

Back in DevOps, we changed the service connection to use this new user account’s credentials and reran they build pipeline.  Success.

 

So, we are now in a space where the following is less than ideal because we had to create a user that consumes licenses.

 

Is there something that we’re missing on getting a service principal working correctly for the DevOps tasks?

1 REPLY 1
Community Support
Community Support

Re: DevOps Power Apps Build Tools - Service Principal and MFA

Hi,

 

Looking through your post here, I am not certain myself. It seems like it should have worked fine before but MFA is tricky and not something that I work on often. This might be a better question for Microsoft Support. I will include a link below; on creating a ticket with them. Otherwise if any other communities members might know feel free to chime in.

 

If you would like to create a ticket with Microsoft Customer Support here is a link on how to do so: https://docs.microsoft.com/en-us/power-platform/admin/get-help-support

 

Regards,

 

Alex

 

-------

 

Community Support Team _ Alex Rezac
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
MBAS Gallery 2020

MBAS Gallery 2020

Watch Microsoft Business Applications Summit sessions on-demand.

‘Better Together’ T-Shirt Contest – Winner Announced!

‘Better Together’ T-Shirt Contest – Winner Announced!

And the winner is...

firstImage

New Ranks and Rank Icons released on April 21!

The time has come: We are finally able to share more details on the brand-new ranks coming to the Power Apps Community!

Power Platform 2020 release wave 1 plan

Power Platform 2020 release wave 1 plan

Features releasing from April 2020 through September 2020

Users online (6,057)