Suppress User Consent Popup in PowerApps

PowerApps Consent

By default when you deploy any PowerApps application which uses connections to various data sources like SharePoint, Azure AD etc, it would show a popup to all the users trying to access the application and ask for their consent to be able to connect to the backend data sources on their behalf.

PowerApps Consent PopUp

In general, from security point of view, this might still be acceptable to some organizations. Since also, this appears to be a one time consent granted by end users.

But is it? Everytime, you make any update in the PowerApps application related to those data sources, the consent popup will reappear and users will have to grant to consent again.

This can get annoying easily, as in the cloud world we live today, evergreen applications are the norm.

So, what can be done about that?

Suppress the Consent Popup

Yes, you got it right. As the title of this article suggests, let’s do some quick magic and suppress this message for all users for the selected application(s).

If you do a google search about this issue, you would quickly find out that there is a simple command available to achieve this – Set-AdminPowerAppApisToBypassConsent. Then why this article at all?

Well, this is to ensure you get it right first time. Since I have seen many IT Administrators struggling to run this command when the developers request this during their PowerApps application rollout.

Permission Requirement

  • Office 365 Global admins or Azure Active Directory Global admin permission
  • These administrators need to sign in to the PowerApps Admin Center at least once before using the PowerShell cmdlets.
  • A PowerApp License should be assigned to this admin account

Office 365 Global admins or Azure Active Directory Global admins no longer require a P2 license for administrative access to the PowerApps admin PowerShell cmdlets.

So, in a nutshell, in most production environments, you might need to ask one of the Office 365 Administrator to run this command for your application(s).

Pre-requisites

We need to install the required PowerShell modules before the actual command can be executed. First, let’s get the PowerApps Administration module installed.

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell

This command may give a nice little warning message about “untrusted repository”. Just go ahead and type “Y” and enter.

Install Module

Now, we need to install PowerApps PowerShell module

Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber

Ensure to add the -AllowClobber switch otherwise you might receive an error message similar to this –

Install Module

Now that both the modules are installed, let’s move to next step.

Find Application ID

If you are a PowerApps developer reading this article, you might already know this, but I will add here just in case you are new to PowerApps.

  • Go to web.powerapps.com and click on Apps in left navigation
  • Click on “…” next to the App of which you need to find the ID
  • Click on Details from the context menu
Find App ID

You will see the App ID mentioned at the bottom of the new screen. Copy and note it down to share with the Office 365 Administrator.

Found App ID

Now, we have almost everything ready to go ahead and try to suppress the consent popup for all users.

Create Connection to PowerApps

Essentially, at this stage we just need an one line script

Add-PowerAppsAccount

I prefer this one, because this opens up a login screen which can accept users with Multi-factor Authentication (MFA) enabled. Since, for most all organizations, MFA is enabled for their Office 365 Admin accounts, this works like a charm.

Add-PowerAppsAccount

If in your organization, that’s not the case, then you can also pass the admin credentials directly in the script

$pass = ConvertTo-SecureString "password" -AsPlainText -Force
Add-PowerAppsAccount -Username [email protected] -Password $pass

Once the connection is successfully established, you are ready to run the Suppress command.

Set-AdminPowerAppApisToBypassConsent

The actual command is one liner

Set-AdminPowerAppApisToBypassConsent -AppName <AppID>

But when the Office 365 Administrator executes it, he/she might get this error message

Permission

So, what happened?

Well, even though the error message is a bit cryptic about the PowerApp Path, essentially, the Office 365 Administrator doesn’t have permission on your application.

Just go to your app again from web.powerapps.com and share it.

Share App

Add your Office 365 Administrator as Co-Owner of the application.

This access is required only to run this command. After the command gets executed successfully, permission can be removed.

Shared App

Run the script again and Whola… A nice success message appears and all your application users are happy not being prompted again by incremental changes done in the application going forward.

Success

Hope this helps save some of your efforts. You can refer this microsoft article for more details about other PowerApps Administration related commandlets.

Enjoy,
Anupam

You may also like

13 comments

    1. If you google, you will find something like this – “Evergreen IT refers to running services comprised of components that are always up to date.” Essentially, it’s always getting updated and new features getting added without the need of complete upgrade to a new version… Some examples you can think of is Office 365 suite apps, Windows 10 etc.

  1. I am following your instructions however at the step
    >>Add-PowerAppsAccount
    I get the error:
    Add-PowerAppsAccount : Method invocation failed because
    [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext] does not contain a method named ‘AcquireToken’.
    At line:1 char:1
    + Add-PowerAppsAccount
    + ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [Add-PowerAppsAccount], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound,Add-PowerAppsAccount

    I have Googled for a solution to this but haven’t found anything I can use. Do you know how to move past this issue?

    1. You can try uninstalling and installing PowerApps module again
      Install-Module -Name Microsoft.PowerApps.PowerShell
      Also, ensure the account is a global admin and also is the owner of the PowerApps Application.

    1. This solution is about hiding user consent popup which gets normally triggered when underlying data source changes. I am not sure what you meant by “Integrated flow with PowerApps”.

  2. Hey Anupam,

    we followed all the instructions and we got this response after running the command.

    Code : 200
    Description : OK
    Headers : {[Strict-Transport-Security, max-age=31536000; includeSubDomains], [x-ms-request-id,
    eastus:00000000-0000-0000-0000-000000000000], [Content-Length, 0], [Cache-Control, no-cache,
    no-store]…}
    Error :
    Errors :
    Internal :

    But the Power BI consent still poping up everytime we start the app. ?

    Any idea why this happen?

    Thanks

  3. This does not work. Cmd Add-PowerAppsAccount fails with error that ‘method invocation failed because [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext] does not contain a method named ‘AcquireToken’.

    I tried your suggestions from your comment to someone else having the same error message and they didn’t work either.

  4. What did work to eliminate that error message was to close PowerShell window and re-open, and start over. Unbelievable!

  5. On the last step when you Set-AdminPowerAppApisToBypassConsent -AppName it asks me for Environment Name which I entered but then gives me error saying ‘The environment ” could not be found in the tenant

    1. Hey Oliver,
      I also had to include the environment name. I would double check the environment id. This worked for me:

      Set-AdminPowerAppApisToBypassConsent -EnvironmentName [GUID] -AppName [GUID]

Leave a Reply

Your email address will not be published. Required fields are marked *