web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / DevOps Power Apps Buil...
Power Apps
Unanswered

DevOps Power Apps Build Tools - Service Principal and MFA

(1) ShareShare
ReportReport
Posted on by Ryan S Newcomb 236

In attempting to automate source control / build / release tasks, our org recently looked into using DevOps with Power Apps Build Tools.

 

Wanted to share our experience here to see if anyone else had similar problems.

 

So far, we’ve only started with the Export/Unpack pipeline for migrating a solution from a dev environment into source control in DevOps.

 

We had a lot of trouble with the service connection to CDS. When I was attempting to connect with my credentials (sys admin in environment with dynamics service admin role in 365 center), the Export Solution task would always time-out in the pipeline.

 

Our org uses MFA by default on all office365 accounts as the rule; it takes a special exception (read; act of god) for non-MFA access. I suspect that the service connection was the issue because it was setup with my credentials (which would prompt MFA).

 

So, we attempted to change the service connection using a service principal.  We created a new app registration in azure and configured an application user in the target CDS environment that was connected to the app registration. The app user was granted system customized role.  We then reset the DevOps service connection to use the service principal.  No luck- still timeout.

 

Next, we ended up creating a new Office 365 user in exchange and our exchange admin set it to not require MFA. We gave the account a D365/PowerApps/Flow license and when the account synced to the CDS environment, assigned it the system customizer role.  I verified the user was set to Read\Write and then logged in as this new user to verify that I didn’t get MFA prompts.  Success.

 

Back in DevOps, we changed the service connection to use this new user account’s credentials and reran they build pipeline.  Success.

 

So, we are now in a space where the following is less than ideal because we had to create a user that consumes licenses.

 

Is there something that we’re missing on getting a service principal working correctly for the DevOps tasks?

Categories:
Power Apps Pro Dev & ISV
I have the same question (0)
  • alrezac Profile Picture
    alrezac on at

    Hi,

     

    Looking through your post here, I am not certain myself. It seems like it should have worked fine before but MFA is tricky and not something that I work on often. This might be a better question for Microsoft Support. I will include a link below; on creating a ticket with them. Otherwise if any other communities members might know feel free to chime in.

     

    If you would like to create a ticket with Microsoft Customer Support here is a link on how to do so: https://docs.microsoft.com/en-us/power-platform/admin/get-help-support

     

    Regards,

     

    Alex

     

    -------

     

    Community Support Team _ Alex Rezac
    If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

  • Community Power Platform Member Profile Picture
    Community Power Pla... on at

    I'm not sure if you're still having a problem with this, but I had to set up service principal connection for our devops to run yesterday. I was able to get it working, so I thought I would share with you what I did.

     

    In the service connections for DevOps, there's now an option for Power Platform (previously we had to use the generic connection), and this is what I used. I set up the App registration in Azure, and the application user in CDS. It sounds like you had that part sorted, so that's good.

     

    When I created the pipeline, I had to check the box for 'allows scripts to access the OAuth token', previously it just kept failing to export the solution. I'm not sure if you have checked that box, but it's worth checking.

     

    I also had a small problem with finding my connection, because I didn't see the very greyed out looking radio buttons to switch between user name/password and service principal. 

     

    The next issue I encountered was permissions. This is still a slight issue, I've ended up giving my app user system admin role because I couldn't figure out the right combination of permissions...it's not ideal, and actually what I was searching the forum for when I found your post. Have you checked the permissions for your application user?

     

    I'm no expert in this, it's literally my first pipeline, but these are the things that I encountered and thought it might help you.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 721 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 320 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans