web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Power Pages pay-as-you...
Power Pages
Answered

Power Pages pay-as-you-go Licensing question

(0) ShareShare
ReportReport
Posted on by KevinGador 822 Super User 2025 Season 2
Hello Everyone, 

Understanding licensing is one of the hardest task in creating a power platform solution and I would like to ask those that has already tackled this path. My scenario is that I need to create a power page that has the ability to be accessed by external and internal users that wants to be anonymous. 

The confusing thing is I already have a power apps premium license in which the latest licensing guide stated that I can create power pages for internal users. (See Image below)
 
Now if we subscribe to the power pages pay as you go license, will the internal anonymous authentication count as 1 user even though they're from the internal organization? I believe if it does then their credentials is still being checked somewhere by Microsoft which makes it not technically "anonymous" this is why I am not sure. 

I also would like to add that does every internal user who access the power page needs to have a certain license or is my 1 power apps premium enough to cover this and be accessible to everyone ?

I hope somebody is able to help me with my concern. Thank you! 
Categories:
General topics
I have the same question (0)
  • Suggested answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at
    Hi, a few points here
     
    • if your users don't sign-in, they are considered Anonymous External users, Microsoft can't identify that those people using the Portal have a license somewhere else (there is no such thing as anonymous authentication)
    • what are the functionalities of your Portal? I normally don't recommend anonymous Portal as you lose a lot of data security and other benefits
    • why not using the native Entra ID/Azure AD authentication? if you need to be more flexible with your data security you can still do that using Table Permissions
    • each Power Apps Premium will grant the sufficient license for a particular signed-in user
    • I don't think you need to go Pay-as-you-go here, if you already have Premium licenses you can leverage them and use it "for free"
  • KevinGador Profile Picture
    KevinGador 822 Super User 2025 Season 2 on at
    Hello @oliver.rodrigues , 

    Thank you for your response. Please see my answers marked in red.
    • if your users don't sign-in, they are considered Anonymous External users, Microsoft can't identify that those people using the Portal have a license somewhere else (there is no such thing as anonymous authentication) - Yes this is exactly my purpose. I am developing a tool where there is an option to be anonymous originally I planned this to be on power apps however I was informed that power apps doesnt have the functionality to be anonymous because it will always be authenticated hence I was redirected here in Power Pages because it has the capability of doing so. 
       
    • what are the functionalities of your Portal? I normally don't recommend anonymous Portal as you lose a lot of data security and other benefits
      - Basically they will just submit and view reports.
    • why not using the native Entra ID/Azure AD authentication? if you need to be more flexible with your data security you can still do that using Table Permissions
      - It has to be anonymous and can't be pinpointed or review who made the report. If its an entra ID or azure AD, I assume that with proper "tinkering" they will be able to find out who made the report
    • each Power Apps Premium will grant the sufficient license for a particular signed-in user
      Im sorry but this is not clear to me. Say I have power apps premium and there will be 100 internal users that will be "signed-in" to the power pages, they won't be needing additional license? Please correct me if I am wrong.
    • I don't think you need to go Pay-as-you-go here, if you already have Premium licenses you can leverage them and use it "for free"
      unfortunately, the premium license only caters to internal users. I am not aware whether this also caters to external users/anonymous because when I checked my license it says "Power Pages internal user" 
       
    Looking forward to your response! I will be more than happy to accept your comment as an answer once this has been cleared :)
  • Mahendar Pal Profile Picture
    Mahendar Pal 191 on at
    Hi,
     
    When we are accessing Power Pages without credentials, this will be counted as a anonymous access to your website but once authenticated it will be counted as authenticated user. 
     
    While trying look into I found some points which should help you
     

    In order for Power Apps per users/premium and Dynamics 365 enterprise licenses to be recognized:

    • Users should access the Power Pages site using their Entra ID and utilizing the out of the box Azure AD provider.
    • Users need a license assigned in the same tenant as the Power Pages site. If the user's license is assigned in a different tenant, it is not recognized.

    If a user accesses a site anonymously and then logs in to the site in the same session, will the user be counted as both an anonymous and an authenticated user?

    If a user accesses a site in both an anonymous and an authenticated manner, in the same session or even within the same day (24 hours using UTC time zone), the user will be counted as an authenticated user.

  • Suggested answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at
    • if your users don't sign-in, they are considered Anonymous External users, Microsoft can't identify that those people using the Portal have a license somewhere else (there is no such thing as anonymous authentication) - Yes this is exactly my purpose. I am developing a tool where there is an option to be anonymous originally I planned this to be on power apps however I was informed that power apps doesnt have the functionality to be anonymous because it will always be authenticated hence I was redirected here in Power Pages because it has the capability of doing so. 
    Correct, if you use Power Apps with Dataverse, you will have track of users who made changes
     
    • what are the functionalities of your Portal? I normally don't recommend anonymous Portal as you lose a lot of data security and other benefits
      - Basically they will just submit and view reports.
    I am not sure about the nature of these reports, but if there is any sensitive data there, please be aware that if you have unauthenticated access, these will be available to anyone that opens the Portal
     
    • why not using the native Entra ID/Azure AD authentication? if you need to be more flexible with your data security you can still do that using Table Permissions
      - It has to be anonymous and can't be pinpointed or review who made the report. If its an entra ID or azure AD, I assume that with proper "tinkering" they will be able to find out who made the report
    Unless you specifically set the user who made the changes, it won't be that easy to identify a Portal Authenticated user creating / viewing reports. They would have to mix Azure AD sign-in logs and cross reference data in Dataverse - this wouldn't be straight forward
     
     
    • each Power Apps Premium will grant the sufficient license for a particular signed-in user
      Im sorry but this is not clear to me. Say I have power apps premium and there will be 100 internal users that will be "signed-in" to the power pages, they won't be needing additional license? Please correct me if I am wrong.
    That's correct, if the users sign-in using Entra ID and they already have a Power Apps Premium license, you don't need any additional license
     
    • I don't think you need to go Pay-as-you-go here, if you already have Premium licenses you can leverage them and use it "for free"
      unfortunately, the premium license only caters to internal users. I am not aware whether this also caters to external users/anonymous because when I checked my license it says "Power Pages internal user" 
    This is correct, Power Apps Premium would only cover internal and authenticated users via Entra ID. External users/anonymous users aren't covered here
     
    If you really need it to be Anonymous that's fine, but the key points here are:
    • You won't be able to leverage existing licenses - it will be considered unauthenticated external users - either PAYG or License Packs
    • Be careful with data exposed - your data may be exposed to anyone with the Portal URL
  • KevinGador Profile Picture
    KevinGador 822 Super User 2025 Season 2 on at
    Hello @oliver.rodrigues ,

    Thank you for response! I have few last clarifications 

    I am not sure about the nature of these reports, but if there is any sensitive data there, please be aware that if you have unauthenticated access, these will be available to anyone that opens the Portal
    Yes I do have sensitive data that cannot be viewed. My architecture is that the datasource should be using SharePoint lists, is this feasible? I have specific permissions set on that list so that they cannot be accessed. 
     
    That's correct, if the users sign-in using Entra ID and they already have a Power Apps Premium license, you don't need any additional license
    - I need to clarify this one. Only I have the "Power App Premium" license not the users if you see the images attached it said "Power Pages internal users" I thought this means that the power page I developed can be accessed by internal users without additional licensing needs, does that mean that my 100 users will still need to have an elevated license other than their usual "E5" or "E3" license or whatever standard office license? 


    Do you think in my use case should I still use Power Pages for the anonymous authentication? or is there another way where I can let anonymous users access my power app without being detected who they are instead? 
  • Verified answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at
    • SharePoint List
      • The main usage for Power Pages is when your data resides in Dataverse/D365 - if you are telling me the data is in SharePoint lists, I am actually not sure how you will expose that on Power Pages
      • Have you considered using Dataverse for you data?
      • Virtual Tables would probably be the best option on to expose SP Lists - but I am not sure how you would filter the data without authentication
    • Licenses
      • Apologies, I understood all the users accessing the Portal would also have Power Apps Premium
      • In your scenario, only 1 Power Apps Premium is enough for the Portal development itself, but you still need either PAYG or License Pack for the external users (either authenticated or anonymous access)
      • An easy way to view this is that Microsoft licenses works based on users accessing the solution, and not a single stand-alone license
      • E3/E5 are more focused on the Microsoft 365 side of things and aren't relevant here
    • Use of Power Pages
      • First of all consider the data, I think the best use of Power Pages is when the data resides in Dataverse/D365
      • You can still build Power Pages in a way that there is no straight forward audit log on users who downloaded the report
      • On the audit topic, it sounds to me like it goes against any Data Protection / Compliance requirements that I see with my customers
      • Also, keep in mind the fact that you have sensitive data and that it could endup being exposed without any traceability
  • KevinGador Profile Picture
    KevinGador 822 Super User 2025 Season 2 on at
    Thanks @oliver.rodrigues  & @Mahendar Pal for answering my questions! 

    just to answer a few on your questions. 
    • The main usage for Power Pages is when your data resides in Dataverse/D365 - if you are telling me the data is in SharePoint lists, I am actually not sure how you will expose that on Power Pages
      -  Im Completely new with power pages but I suppose in my mind, the architecture goes like the SP list has a unique ID that only the user knows and the power pages prompts for that ID and then lookup the sharepoint list using that ID in order for that user the only one whos going to be able to view the report. 
    • You can still build Power Pages in a way that there is no straight forward audit log on users who downloaded the report
    • On the audit topic, it sounds to me like it goes against any Data Protection / Compliance requirements that I see with my customers
      I do not know what you meant here by the audit logs but I will not let them download anything its just send report and view report using a unique id in the sharepoint list. I definitely do not want to go against any data protection / compliance faults.
  • Suggested answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at
    Thanks for marking my answers as verified 😊😊
     
    • ID search
      • I am assuming SharePoint also works with GUID as ID (similar as Dataverse)
      • From a security perspective, these GUID, even though it may be unique, are not completely random, they can technically be found/hacked using brute force attacks
      • Also if browser history might retain them and they could be seen if users are using shared computers
      • perhaps from a business/solution perspective, this might be a very very rare scenario, unlikely to happen, but from a security perspective you could be exposing your data to unwanted users
    • Audit
      • Downloading/Viewing is probably the same from a security point of view
      • You previously mentioned that you don't want to track users who view these reports, from a compliance point of view, most of my projects have the exact opposite requirement, customers want to know who has had access to certain data
  • KevinGador Profile Picture
    KevinGador 822 Super User 2025 Season 2 on at
    No problem. Thank you for the prompt response. Your expertise is very well appreciated.
     
    • ID search
      • I am assuming SharePoint also works with GUID as ID (similar as Dataverse) 
        Yes. This is the one.
      • From a security perspective, these GUID, even though it may be unique, are not completely random, they can technically be found/hacked using brute force attacks
        - do you have any advice how I can prevent such attacks in power pages?
      • Also if browser history might retain them and they could be seen if users are using shared computers
      • perhaps from a business/solution perspective, this might be a very very rare scenario, unlikely to happen, but from a security perspective you could be exposing your data to unwanted users
        - aren't there any workarounds for the security for power pages? I believe the data in SharePoint is secure because of the permissions that are set. For example I have the list advanced settings set to "read items that were created by the user" and "Create items and edit items that were created by the user"
    • Audit
      • Downloading/Viewing is probably the same from a security point of view
      • You previously mentioned that you don't want to track users who view these reports, from a compliance point of view, most of my projects have the exact opposite requirement, customers want to know who has had access to certain data
        This makes a lot of sense! Thank you for letting me know about this. How is this done in power pages where they know everything about the item?  How do you often let them know about the audit logs on their items ?
  • Suggested answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at
    A few points in general
     
    • best security here for you is having an Authenticated Portal and ensure via Table Permissions and Contact relationship that users can only see the records that they are associated with
    • the above assumes using Dataverse/D365 data
    • the security you have added in SharePoint is basically bypassed by architecture to retrieve that report
      • what I mean here is that your logic is to expose (anonymously) a "search" box that users will add a GUID and then the system will fetch a Report in SharePoint that they can see
      • in this scenario, the system will probably need a generic / elevated account to search the SharePoint list item, and any security that you may have set will be bypassed
    At a high-level, my solution here would be something like:
    • Dataverse data model to support your Reports data
    • These reports need to be associated with one (or more) Contacts via Dataverse relationships
    • by default, every Portal user is a Contact record
    • enable Authentication (using Entra External ID / Azure AD B2C)
    • add table permissions to ensure Portal users can only see their own reports
    • add lists / forms to support users to view the reports
    • by default here, the system won't track which users opened which report - if needed, additional logic can be introduce (via forms / web api) to store this information when users open a report

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Fubar Profile Picture

Fubar 74 Super User 2025 Season 2

#2
Jerry-IN Profile Picture

Jerry-IN 55

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans