cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
laurentissot
New Member

Power Platform Build Tools (1.0.13) backup Environment task

Hello,

We are using Azure DevOps Power Platform Build Tools (1.0.13) extension.

We are currently trying to use the following step : "Power Platform Backup Environment" and we would like to know when the feature using the service principal name will be available?

We're using at the moment a service account and the MFA is not supported with this authentication type.

We have read this documentation : https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tool-tasks#power-platform-backup-en....

Do you have a narrower timeline for the availability of this feature ?

Many thanks in advance!

24 REPLIES 24

I have set the application user as a System Administrator per the docs. Sorry it's not working for you.

https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tools

 

Ensure that the added Application User has the system administrator role assigned (available from “Manage Roles” in the security settings for the application user).

Thanks for linking to the docs! While skimming over it I think I might have found the culprit. The service principal (or rather: the application user) already has the role of a system administrator. But the docs mention another requirement:

 

This application is then added as an administrator user to the Microsoft Power Platform tenant itself.

 

As far as I know this has not happened. I will get in touch with our Power Platform / Dynamics 365 Admin next week so he will add the service principal accordingly. I will report back here if that resolves the issue.

khoait
Advocate I
Advocate I

I'm having the same error. The service principal doesn't have permission to the Power Platform backup  API endpoint.

As mentioned here, it probably need the "service admin" role: Power Platform Admin.

Use service admin roles to manage your tenant - Power Platform | Microsoft Docs

I'll ask for this permission and try again.

Hello @sit-md , did you resolve the issue by adding the application user as Power Platform admin ? Because from my side I have did'nt work for me and I the pipeline backup task return the error bellow :

Message=The service principal with id 'xxxxx' for application *** does not have permission to access the path 'https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/environments/xxxxxxx/backups?a...'
 
Thank you for help

Hello @sit-md 

did you resolve the issue. I have the same issue on my pipeline. I add the user application as Administrator on Power platform Tenant but the pipeline return to me the same error :

The service principal with id 'xxxxx' for application *** does not have permission to access the path 'https://api.bap.microsoft.com

 

sit-md
Frequent Visitor

Hi @HediBER unfortunately adding the role of Power Platform admin did not resolve the issue. I gave up for the time being. I also requested help from a Microsoft DSE multiple times but somehow he never got back to me about that specific topic. 

JeffCarma
Helper I
Helper I

The docs say to add the service principal to the "System Administrator" role in the specific dynamics environment. It's easy to do using the new interface in https://admin.powerplatform.microsoft.com/

Just open the environment and click the S2S Apps link. Then choose the Service principal and add the System admin security role.

JeffCarma_0-1642524390332.png

 

HediBER
New Member

Hi @JeffCarma , I already add the application user as a system administrator in the target CRM environement and also I add him as a Power Platform administrator in the Tenant.

HediBER
New Member

@JeffCarma  I think I need to give the application user the authorization to use the api of Power Platform Management (https://api.bap.microsoft.com) at Azure AD Level. But which one I need to choose in the list :

HediBER_0-1642526601169.png

 

@HediBER Your input got me thinking (and searching) and I think you might be right. Unfortunately adding this permission requires a tenant admin and that person needs to send a HTTP PUT request, adding the service principal as an admin management application. The process is described here: https://docs.microsoft.com/en-us/power-platform/admin/powerplatform-api-create-service-principal

 

If you get the chance maybe you can give that a go. If it starts working after that we found the culprit. I cannot test this short-term as I am working for a big organization and a tenant admin won't do this just because I ask him to. Approval from an information security officer would be necessary which makes this a tedious task for me. I will do it though if you can confirm that it starts working afterwards.

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Users online (3,372)