Solved! Go to Solution.
Hi @jhoolachan ,
Hi @jhoolachan ,
I'm trying to use a Generic service connection with username/password so that is probably it. Out of curiosity, does the area mean that a Generic connection will never work with Power Platform Build Tools in general or does it mean my organization requires MFA so a Generic connection will not work with that specific restriction?
Generic service connections (i.e. username/password authentication) will work IF your user credential's AAD config allows for it. Many AAD admins do configure their user accounts to require additional security/identity confirmation like 2FA/MFA etc.; summarily known as Conditional Access
This is also what happened in your authN attempt via the Build Tools tasks: the particular user account seems to be configured to require a login to come from a domain joined PC/device, but the Azure DevOps build agents are typically not domain joined (certainly not the AzDO hosted agents).
From the error log:
USER intervention required but not permitted by prompt behavior AADSTS53001: Device is not in required device state: domain_joined. Conditional Access policy requires a domain joined device, and the device is not domain joined.
Two approaches to work around that:
a) ask the AAD admin to remove those stricter security requirements for that particular user, i.e. enable "Legacy Access"
b) in many enterprises, the above isn't a tolerable approach. Instead, authenticate to CDS using an AppID/AppUser (aka SPN) and a client secret, as @M365Architect suggested earlier.
More info: https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tools#configure-service-connections...
Thanks for the extra detail. As you mentioned, an AAD admin definitely will not grant me legacy access so a service principal account is the way to go.
Stay up tp date on the latest blogs and activities in the community News & Announcements.
Mark your calendars and join us for the next Power Apps Community Call on January 20th, 8a PST
Dive into the Power Platform stack with hands-on sessions and labs, virtually delivered to you by experts and community leaders.
Watch Nick Doelman's session from the 2020 Power Platform Community Conference on demand!