We are using Azure DevOps Power Platform Build Tools (1.0.13) extension.
We are currently trying to use the following step : "Power Platform Backup Environment" and we would like to know when the feature using the service principal name will be available?
We're using at the moment a service account and the MFA is not supported with this authentication type.
We have read this documentation : https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tool-tasks#power-platform-backup-en....
Do you have a narrower timeline for the availability of this feature ?
Many thanks in advance!
I have set the application user as a System Administrator per the docs. Sorry it's not working for you.
Ensure that the added Application User has the system administrator role assigned (available from “Manage Roles” in the security settings for the application user).
Thanks for linking to the docs! While skimming over it I think I might have found the culprit. The service principal (or rather: the application user) already has the role of a system administrator. But the docs mention another requirement:
This application is then added as an administrator user to the Microsoft Power Platform tenant itself.
As far as I know this has not happened. I will get in touch with our Power Platform / Dynamics 365 Admin next week so he will add the service principal accordingly. I will report back here if that resolves the issue.
I'm having the same error. The service principal doesn't have permission to the Power Platform backup API endpoint.
As mentioned here, it probably need the "service admin" role: Power Platform Admin.
I'll ask for this permission and try again.
Hello @sit-md , did you resolve the issue by adding the application user as Power Platform admin ? Because from my side I have did'nt work for me and I the pipeline backup task return the error bellow :
did you resolve the issue. I have the same issue on my pipeline. I add the user application as Administrator on Power platform Tenant but the pipeline return to me the same error :
Hi @HediBER unfortunately adding the role of Power Platform admin did not resolve the issue. I gave up for the time being. I also requested help from a Microsoft DSE multiple times but somehow he never got back to me about that specific topic.
The docs say to add the service principal to the "System Administrator" role in the specific dynamics environment. It's easy to do using the new interface in https://admin.powerplatform.microsoft.com/
Just open the environment and click the S2S Apps link. Then choose the Service principal and add the System admin security role.
Hi @JeffCarma , I already add the application user as a system administrator in the target CRM environement and also I add him as a Power Platform administrator in the Tenant.
@HediBER Your input got me thinking (and searching) and I think you might be right. Unfortunately adding this permission requires a tenant admin and that person needs to send a HTTP PUT request, adding the service principal as an admin management application. The process is described here: https://docs.microsoft.com/en-us/power-platform/admin/powerplatform-api-create-service-principal
If you get the chance maybe you can give that a go. If it starts working after that we found the culprit. I cannot test this short-term as I am working for a big organization and a tenant admin won't do this just because I ask him to. Approval from an information security officer would be necessary which makes this a tedious task for me. I will do it though if you can confirm that it starts working afterwards.