Introduction
Power Apps is a collection of apps, services, connectors, and a data platform that offers a quick development environment for creating unique apps for your company's requirements.
You can easily create unique business apps with Power Apps that link to your data housed in the Microsoft Dataverse or in a variety of online and on-premises data sources (such as SharePoint, SQL Server, Microsoft 365, and so on).
PowerShell is a cross-platform task automation solution consisting of a command-line shell, a scripting language, and a configuration management framework. You can automate many monitoring and administration operations that are now only performed manually in Power Apps by using PowerShell cmdlets for app developers and administrators.
Let’s see how we can use PowerShell to make Power Apps more efficient and easier to code.
Cmdlets
Cmdlets are script functions that run commands in the Windows PowerShell environment. They are created in the PowerShell scripting language. You may communicate with your business application platform by using these Power Apps cmdlets instead of a web browser and the admin portal. These cmdlets can be used with other PowerShell functions to create intricate scripts that can improve your workflow. Although you can only access the resources you own if you are not the tenant's administrator, you may still utilise the cmdlets. The administrator user account is intended to use the cmdlets that begin with the term "Admin." On the PowerShell gallery, we have two kinds of cmdlets: the administrator and the maker.
Cmdlets Requirements
You need PowerShell 5.x or above for cmdlets. To check the version of PowerShell your computer has, run the following code:
$PSVersionTable.PSVersionInstallation of Cmdlets
Run the PowerShell cmdlets for app developers by following these steps:
- Start Windows PowerShell as an administrator.
-
Use the commands below to import the required modules:
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber - If you are asked to approve the modification to the repository's InstallationPolicy value, choose [A] Yes for each module by entering "A" and hitting Enter.
-
You have the choice to enter your credentials using the following command before executing any of the commands. These login credentials are valid for up to eight hours before you have to sign in again in order to use the cmdlets again.
# Prompt to collect credentials (Azure Active Directory account and password) used by the commands
Add-PowerAppsAccount
# Input credentials
$pass = ConvertTo-SecureString "password" -AsPlainText -Force Add-PowerAppsAccount -Username user@contoso.com -Password $pass
Power Apps cmdlets for app creators
Requirements
Users that possess a valid Power Applications licence can use these cmdlets, but they can only use the resources (such as apps, flows, etc.) that have been made or shared with them.
Maker Cmdlets List
| Purpose | Cmdlet |
| Add a canvas app to a Microsoft Dataverse solution | Set-PowerAppAsSolutionAware |
| Read environments | Get-PowerAppEnvironment Get-FlowEnvironment |
| Read, update, and delete a canvas app |
Get-PowerApp Remove-PowerApp Publish-PowerApp Set-PowerAppDisplayName Get-PowerAppVersion Restore-PowerAppEnvironment |
| Read, update, and delete canvas app permissions |
Get-AdminPowerAppRoleAssignment Remove-AdminPowerAppRoleAssignment |
| Read, update, and delete a flow |
Get-AdminFlow Enable-AdminFlow Disable-AdminFlow Remove-AdminFlow |
| Read, update, and delete flow permissions |
Get-AdminFlowOwnerRole Set-AdminFlowOwnerRole Remove-AdminFlowOwnerRole |
| Read and respond to flow approvals |
Get-AdminFlowApprovalRequest Remove-AdminFlowApprovals |
| Read and delete connections |
Get-AdminPowerAppConnection Remove-AdminPowerAppConnection |
| Read, update, and delete connection permissions |
Get-AdminPowerAppConnectionRoleAssignment Set-AdminPowerAppConnectionRoleAssignment |
| Read, and delete connectors |
Get-AdminPowerAppConnector Remove-AdminPowerAppConnector
|
Power Apps cmdlets for administrators
Environments commands
To find out more about and update environments in your tenant, use these commands.
Display a list of all environments
It gives you a list of all the environments in your tenant, together with information about each one, such as its name (guid), display name, creator, location, etc.
Get-AdminPowerAppEnvironmentDisplay details of your default environment
Returns information just for the tenant's default environment.
Get-AdminPowerAppEnvironment –DefaultDisplay details of a specific environment
Returns information just for the user-given environment.
Get-AdminPowerAppEnvironment –EnvironmentName 'EnvironmentName'Power Apps commands
Data from your tenant's Power Apps may be accessed and modified using these commands.
Display a list of all Power Apps
Lists all Power Apps in the tenant along with information about each one, such as the application name (guid), author, display name, etc.
Get-AdminPowerAppDisplay a list of all Power Apps that match the input display name
Gives you a list of all the Power Apps in your tenant that have display names matching the specified one.
Get-AdminPowerApp 'DisplayName'Feature an application
In the Power Apps mobile player, featured apps are bundled and elevated to the front of the list.
Set-AdminPowerAppAsFeatured –AppName 'AppName'Make an application a Hero app, using the pipeline
The Power Apps mobile player will display a Hero app at the top of the list. Only one Hero app is possible.
If the function has been created to support the pipeline feature, the pipeline (represented by the character "|" between two cmdlets) takes the output of the first cmdlet and sends it as the input value of the second.
Get-AdminPowerApp 'DisplayName' | Set-AdminPowerAppAsHeroDisplay the number of apps each user owns
Here, we separate the Owner attribute (an object) from the Get-AdminApp object using the Select function. We then route that output into another Select method in order to isolate the name of the owner object. The Group function, when given the output of the second Select function, produces a tidy table that includes a count of how many applications each owner has.
Get-AdminPowerApp | Select –ExpandProperty Owner | Select –ExpandProperty displayname | GroupDisplay the number of apps in each environment
Get-AdminPowerApp | Select -ExpandProperty EnvironmentName | Group | %{ New-Object -TypeName PSObject -Property @{ DisplayName = (Get-AdminPowerAppEnvironment -EnvironmentName $_.Name | Select -ExpandProperty displayName); Count = $_.Count } }Download Power Apps user details
The command will save the Power Apps user details—basic use facts about the input user—in the designated text file. If no file with that name currently exists, a new one will be created, and if one does, an existing text file will be overwritten.
Get-AdminPowerAppsUserDetails -OutputFilePath '.\adminUserDetails.txt' –UserPrincipalName 'admin@bappartners.onmicrosoft.com'Export a list of assigned user licenses
The command creates a tabular view.csv file that exports all of the allocated user licences (for Power Apps and Power Automate) in your tenant. Plans from Azure Active Directory and self-service signup internal trial plans are both included in the exported file.
Get-AdminPowerAppLicenses -OutputFilePath '<licenses.csv>'Set logged in user as the owner of a canvas app
Replaces the original owner of a PowerApp with a "can view" role type and changes the owner role to the current user.
Set-AdminPowerAppOwner –AppName 'AppName' -AppOwner $Global:currentSession.userId –EnvironmentName 'EnvironmentName'Display a list of deleted canvas apps in an environment
This lists all recently deleted but potentially recoverable Canvas applications.
Get-AdminDeletedPowerAppsList -EnvironmentName 'EnvironmentName'Recover a deleted canvas app
This restores a canvas app that can be found using the cmdlet Get-AdminDeletedPowerAppsList. There is no way to retrieve any canvas apps that aren't listed in Get-AdminDeletedPowerAppsList.
Get-AdminRecoverDeletedPowerApp -AppName 'AppName' -EnvironmentName 'EnvironmentName'Designate SharePoint custom form environment
The following cmdlets can be used to define and confirm the alternate environment from the default one where SharePoint custom forms are saved. This is the environment where freshly produced custom forms are saved when the specified environment for SharePoint custom forms changes. As these cmdlets are utilised, existing custom forms are not immediately migrated to new environments. A user must have the Environment Maker role in order to be able to develop a custom form in a certain environment. The Environment Maker job may be given to users in the Power Platform admin centre.
Get-AdminPowerAppSharepointFormEnvironmentWhen new SharePoint custom forms are generated, this function returns the EnvironmentName for the environment that is presently assigned for them. The default environment is returned if no environment has ever been specified.
Set-AdminPowerAppSharepointFormEnvironment –EnvironmentName 'EnvironmentName'Instead of using the default environment, this specifies the environment to which newly created SharePoint custom forms are saved. Custom forms already in use are not instantly moved to the newly selected environment. SharePoint custom forms may only be used in production situations.
Reset-AdminPowerAppSharepointFormEnvironmentThis replaces the selected environment for saving SharePoint custom forms with the default environment.
Display tenant setting for ability to share apps with ‘Everyone’
The Environment Maker security role's ability to share canvas apps with "Everyone in an organisation" is controlled by this parameter. Only users with an admin role (Power Platform Service admin, Dynamics 365 admin, or Azure AD tenant admin) can share applications with "Everyone in an organisation" when the option is set to "true."
$settings = Get-TenantSettings
$settings.PowerPlatform.PowerApps.disableShareWithEveryoneChange tenant setting for ability to share apps with ‘Everyone’
$settings = Get-TenantSettings
$settings.powerPlatform.powerApps.disableShareWithEveryone = $True
Set-TenantSettings -RequestBody $settingsPower Automate commands
To see and alter Power Automate-related data, use these commands.
Display all flows
A list of all flows in the tenancy is returned.
Get-AdminFlowDisplay flow owner role details
Returns information about the flow's owner.
Get-AdminFlowOwnerRole –EnvironmentName 'EnvironmentName' –FlowName 'FlowName'Display flow user details
Gives the user's use information for the flow. The user ID of the person currently logged in to the PowerShell session is used as input in this example.
Get-AdminFlowUserDetails –UserId $Global:currentSession.userIdRemove flow user details
Deletes a flow user's information from the Microsoft database. Before the flow user information can be cleared, all flows that the input user owns must be erased.
Remove-AdminFlowUserDetails –UserId 'UserId'Export all flows to a CSV file
Exports all of your tenant's flows into a.csv file with a tabular view.
Get-AdminFlow | Export-Csv -Path '.\FlowExport.csv'API connection commands
View and control your tenant's API connections.
Display all native Connections in your default environment
Shows a list of all of your default environment's API connections.
Get-AdminPowerAppEnvironment -Default | Get-AdminPowerAppConnectionDisplay all custom connectors in the tenant
Returns a list of all the tenant's custom connection information but ignores a solution's custom connections.
Get-AdminPowerAppConnectorData loss prevention (DLP) policy commands
The DLP policies for your tenant are managed using these cmdlets.
Create a DLP policy
Creates a fresh DLP policy for the tenant of the logged-in admin.
New-DlpPolicyRetrieve a list of DLP objects
Obtains policy objects for the tenant of the logged-in admin.
Get-DlpPolicyUpdate a DLP policy
Updates the policy's specifics, including the display name for the policy.
Set-DlpPolicyRemove a policy
Deletes a DLP policy.
Remove-DlpPolicyDLP resource exemption cmdlets
You can use these cmdlets to exempt or unexempt a particular resource from a DLP policy.
You require the following details in order to exclude a resource from a DLP policy:
- Tenant ID
- DLP policy ID
- Resource ID
- Resource type
Retrieve existing exempt resource list for a DLP policy
Get-PowerAppDlpPolicyExemptResources -TenantId -PolicyNameCreate a new exempt resource list for a DLP policy
New-PowerAppDlpPolicyExemptResources -TenantId -PolicyName -NewDlpPolicyExemptResourcesUpdate the exempt resource list for a DLP policy
Set-PowerAppDlpPolicyExemptResources -TenantId -PolicyName -UpdatedExemptResourcesRemove the exempt resource list for a DLP policy
Remove-PowerAppDlpPolicyExemptResources -TenantId -PolicyNameGovernance error message content commands
When your end users are prompted by governance controls, you may use the following cmdlets to direct them to your organization's governance reference materials, such as a link to governance documentation and a governance contact.
Set governance error message content
The message of governance error URL and Email can be shown separately or together. The 'enabled' variable determines whether or not each value appears in the governance error message.
New-PowerAppDlpErrorSettings -TenantId 'TenantId' -ErrorSettings @{
ErrorMessageDetails = @{
enabled = $True
url = "https://contoso.org/governanceMaterial"
}
ContactDetails= @{
enabled = $True
email = "admin@contoso.com"
}
}Display governance error message content
Get-PowerAppDlpErrorSettings -TenantId 'TenantId'Update governance error message content
Set-PowerAppDlpErrorSettings -TenantId 'TenantId' -ErrorSettings @{
ErrorMessageDetails = @{
enabled = $True
url = "https://contoso.org/governanceMaterial"
}
ContactDetails= @{
enabled = $True
email = "admin@contoso.com"
}
}Block trial licenses commands
The accepted consent plans cmdlets can be used to provide or deny a tenant access to a certain kind of consent plan. Users can enrol in "internal" consent plans through the Power Apps/Power Automate portals, which are either trial licences or development plans. Users can sign up for "ad-hoc subscription" or "viral" consent plans, which are trial licences, via https://signup.microsoft.com, or administrators can assign them to users using Azure Active Directory (Azure AD) or the Microsoft 365 admin interface.
By default, tenants may have any form of consent plan. These cmdlets are frequently used by Power Platform administrators who want to prevent users in their tenant from assigning themselves trial licences while retaining the option to issue trial licences on behalf of users. This may be done by deactivating the Azure AD option AllowAdHocSubscriptions and running the command Remove-AllowedConsentPlans -Types "Internal".
The commands are:
Remove-AllowedConsentPlans
Add-AllowedConsentPlans
Get-AllowedConsentPlansCommon PowerShell automated tasks
Using script commands, admins may accomplish admin portal tasks using PowerShell cmdlets. With PowerShell, you can automate routine activities by sequentially running several commands at once or by pipe-outputting commands.
Displaying a list of environments
Get-AdminPowerAppEnvironmentImportant details, such as the environment's Display Name and GUID, are provided by tasks.
This work is frequently required for subsequent operations.
Administrators can locate the tenant's default environment by adding options like -Default.
Get-AdminPowerAppEnvironment -DefaultReturn a non-display name for the environment using the GUID.
After that, you may go deeper into the specifics of that setting. For instance:
Get-AdminPowerAppEnvironment -Environment 'EnvironmentName'This gives you a list of all the connections in the environment, including those in the environment that is set as the default for the tenant.
Get-AdminPowerAppEnvironment -Default | Get-AdminPowerAppConnectionThis connects the output of two cmdlets. In each tenant environment, a list of number applications is displayed.
Get-AdminPowerApp | select -ExpandProperty EnvironmentName | Group | %{ New-Object -TypeName PSObject -Property @{ DisplayName = (Get-AdminPowerAppEnvironment -EnvironmentName $_.Name | select -ExpandProperty displayName); Count = $_.Count } }Data Loss Prevention (DLP) SDK
Data loss prevention (DLP) procedures can serve as barriers to stop users from mistakenly disclosing company data. DLP policies give freedom to design logical rules that achieve the ideal mix between protection and productivity. They can be scoped at the environment level or tenant level. You may specify the scope for tenant-level rules as being all environments, a subset of environments, or all environments except those you expressly exclude. One environment at a time can have its own set of environment-level regulations created.
With experiences spanning from generating, reading, updating, and deleting DLP rules, DLP SDK can assist you in managing your tenant and environment policies.
Run the sample
- To have a local copy of the Samples repository, download or clone it.
- As an administrator, launch PowerShell ISE.
-
Run the command line:
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force -
Make the following adjustments to RunSamples.ps1:
- Your tenant admin account should be used in place of $TenantAdminName.
- Your tenant admin account password should be substituted for $TenantAdminPassword value.
- Your environment admin account should be used in place of $EnvironmentAdminName.
- Your environment admin account password should be substituted for $EnvironmentAdminPassword value.
- Run RunSamples.ps1.
What the sample does
This sample uses DLP APIs in Microsoft.PowerApps.Administration.PowerShell to create, read, remove and update DLP policies. The situations that the SDK supports are listed below:
- Create a policy at the tenant level that divides connections into categories for blocked, non-business, and business connectors.
- Create a policy that divides connections into categories known as Business, Non-business, and Blocked for all settings, with the exception of a few.
- Create a policy that divides connectors into groups for business, non-business, and blocked connections for a single environment.
- Obtain a list of tenant-level regulations (all environments).
- Change the policy to relocate the connection between groupings (Business, Non-business, and Blocked).
- To every Teams environment inside a tenancy, apply a DLP policy.
- Check the compliance of current policies with new PowerShell APIs that replace older ones that used legacy PowerShell APIs.
27+ registered 
