You’re offline. This is a read only version of the page.
4
Hello,
We are using Azure DevOps Power Platform Build Tools (1.0.13) extension.
We are currently trying to use the following step : "Power Platform Backup Environment" and we would like to know when the feature using the service principal name will be available?
We're using at the moment a service account and the MFA is not supported with this authentication type.
We have read this documentation : https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tool-tasks#power-platform-backup-environment.
Do you have a narrower timeline for the availability of this feature ?
Many thanks in advance!
This helped me out, thanks!
Am also facing same issue
Hi @NativeNass_
Your post drove me to test it out again with the steps that @yoya described in his post - and this time it worked! Backups of the environments are now happening within the pipeline and it is just working great! 😀
Hi,
I was encoutering the same path error.
Actually the API permission needed can be set only trough API or powershell (not via Azure portal app registration):
"Today, there's no way to do this via the Power Platform admin center; it must be done programmatically via Power Platform API or PowerShell for Power Platform administrators. A service principal can't register itself—by design, the application must be registered by an administrator username and password context. This ensures that the application is created knowingly by someone who is an administrator for the tenant."
Follow the steps described here:
https://docs.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal
It took me 5min to set it.
You have to be admin on powerapps.
1) create an app registration on Azure, note its appID
2) install powershell powerapps module if not done
3) run this script (just change yourappID parameter, nothing else)
You have to login as an admin of the targeted powerapps env.
$appId = "yourappID"
# Login interactively with a tenant administrator for Power Platform
Add-PowerAppsAccount -Endpoint prod -TenantID $tenantId
# Register a new application, this gives the SPN / client application same permissions as a tenant admin
New-PowerAppManagementApp -ApplicationId $appId
Done
@Anonymous Your input got me thinking (and searching) and I think you might be right. Unfortunately adding this permission requires a tenant admin and that person needs to send a HTTP PUT request, adding the service principal as an admin management application. The process is described here: https://docs.microsoft.com/en-us/power-platform/admin/powerplatform-api-create-service-principal
If you get the chance maybe you can give that a go. If it starts working after that we found the culprit. I cannot test this short-term as I am working for a big organization and a tenant admin won't do this just because I ask him to. Approval from an information security officer would be necessary which makes this a tedious task for me. I will do it though if you can confirm that it starts working afterwards.
@JeffCarma I think I need to give the application user the authorization to use the api of Power Platform Management (https://api.bap.microsoft.com) at Azure AD Level. But which one I need to choose in the list :
Hi @JeffCarma , I already add the application user as a system administrator in the target CRM environement and also I add him as a Power Platform administrator in the Tenant.
The docs say to add the service principal to the "System Administrator" role in the specific dynamics environment. It's easy to do using the new interface in https://admin.powerplatform.microsoft.com/
Just open the environment and click the S2S Apps link. Then choose the Service principal and add the System admin security role.
#1
WarrenBelz
85
Most Valuable Professional
#2
Michael E. Gernaey
57
Super User 2025 Season 1
#3
mmbr1606
55
Super User 2025 Season 1
Share
Report
All responses (
Answers (
