web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / PowerApps cannot be ex...
Power Apps
Suggested Answer

PowerApps cannot be excluded from "block" Conditional Access (CA) policy

(0) ShareShare
ReportReport
Posted on by PK-24021449-0
Good day, dear colleagues!
 
I am happy to post some feedback here FYI.
 
Issue:
PowerApps service is not compatible with Entra Conditional Access (CA) Policies today what makes it impossible to create a CA policy that will block access to all cloud applications except “PowerApps”.
It is a blocker for “Zero Trust” implementation for all customers working on Zero Trust strategy.
 
Need:
We need to ask PowerApps PG to make this scenario* work.
*Scenario = create a CA policy that will block access to all cloud applications and allow to exclude PowerApps.
 
Support on this request is highly appreciated.
 
Here is the official link:
Set up Microsoft Entra Conditional Access - Microsoft Power Platform - Power Platform | Microsoft Learn and quote from there:
 
“If you’re using Conditional Access polices to limit access to Power Platform and it’s features, the following apps must be included in Cloud apps policy application:
•    Dataverse
•    Power Platform API
•    PowerApps Service
•    Microsoft Flow Service
•    Microsoft Azure Management”
 
We tested making exceptions in CA for 5 services that could make it work based on the link above (it is for “inclusion” so we assumed it should work for “exclusion” as well), but it didn’t help.

We consider the current design to be inadequate and requested a Design Change Request (DCR) through the support ticket, but this request was rejected as "there are no plans to address it".
 
Our main concern is that the current design forces us to exclude all PowerApps users from the global block CA policy, allowing them default access to all cloud applications.
 
Categories:
Governance & administering
I have the same question (9)
  • Suggested answer
    Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,969 Moderator on at
    Hi,
     
    So I do get what your saying but I am a little tiny bit confused if you could help.
     
    Let's say I have 10 Canvas or Model Driven apps. If I do not share them to them or a security group added to the app instead, they are not available to people to use aside from the specific admins and owners of the app.
     
    So when you say you want to give them access to all your cloud applications, what is a cloud application exactly? Is it extensions on D365, or Specifically items only set for Power Apps.
     
    You are saying making exceptions for 5 services.
     
    Can you please give a more (use fake app names) but more details than "cloud applications" so it will be easier to help.
    P.S. Blocking people from using Default is essentially impossible, you need to have policies around using Connectors etc but actually blocking them from that no.
     
    Thanks
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 505

#2
WarrenBelz Profile Picture

WarrenBelz 502 Most Valuable Professional

#3
Haque Profile Picture

Haque 324

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans