PowerShell support for PowerApps (preview)

With the preview launch of the PowerShell cmdlets for app creators and administrators, you can automate many of the monitoring and management tasks that are only possible manually today in PowerApps or the PowerApps Admin center.

Cmdlets

Cmdlets are functions written in PowerShell script language that execute commands in the Windows PowerShell environment. Running these PowerApps cmdlets will allow you to interact with your Business Application Platform without having to go through the admin portal in a web browser. You can combine these cmdlets with other PowerShell functions to write complex scripts that can optimize your workflow. Note that you can still use the cmdlets if you’re not an admin on the tenant, but you will be limited to the resources you own. Cmdlets that start with the word ‘Admin’ are designed to be used by an administrative user account.

Cmdlets are available on the PowerShell gallery as two separate modules:

Note

Regarding Dynamics 365 Government Community Cloud (GCC) level 2 support:

The default endpoint is “prod”. If a user wants to run a PowerShell script on the GCC environment, the -Endpoint parameter needs to be changed to “usgov”. GCC High and DOD are not yet supported.

Add-PowerAppsAccount -Endpoint "usgov" 

Installation

To run the PowerShell cmdlets for app creators, do the following:

  1. Run PowerShell as an administrator.

    Run PowerShell as an administrator

  2. Import the necessary modules using the following commands:

    Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
    Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
    
  3. If you are prompted to accept the change to InstallationPolicy value of the repository, accept [A] Yes to all modules by typing ‘A’ and pressing Enter for each module.

    Accept InstallationPolicy value

  4. Before accessing any of the commands, you have the option to provide your credentials using the following command. These credentials are refreshed for up to ~8 hours before you’re required to sign in again to continue using the cmdlets.

    # This call opens prompt to collect credentials (Azure Active Directory account and password) used by the commands 
    Add-PowerAppsAccount
    
    # Here is how you can pass in credentials (avoiding opening a prompt)
    $pass = ConvertTo-SecureString "password" -AsPlainText -Force
    Add-PowerAppsAccount -Username foo@bar.com -Password $pass
    

PowerApps cmdlets for app creators (preview)

Prerequisite

Users with a valid PowerApps license can perform the operations in these cmdlets, but they will only have access to the resources (for example, apps, flows, etc.) that have been created or shared with them.

Cmdlet list - Maker Cmdlets

Note

We have updated some of the cmdlets function names in the latest release in order to add appropriate prefixes to prevent collisions. See the table below for an overview of what has changed.

Purpose Cmdlet
Add a canvas app to a Common Data Service solution SetPowerAppAsSolutionAware
Read environments Get-PowerAppEnvironment (previously Get-PowerAppsEnvironment)
Get-FlowEnvironment
Read, update, and delete a canvas app Get-PowerApp (previously Get-App)
Remove-PowerApp (previously Remove-App)
Publish-PowerApp (previously Publish-App)
Set-AppDisplayName (previously Set-PowerAppDisplayName)
Get-PowerAppVersion (previously Get-AppVersion)
Restore-PowerAppVersion (previously Restore-AppVersion)
Read, update, and delete canvas app permissions Get-PowerAppRoleAssignment (previously Get-AppRoleAssignment)
Set-PowerAppRoleAssignment (previously Set-AppRoleAssignment)
Remove-PowerAppRoleAssignment (previously Remove-AppRoleAssignment)
Read, update, and delete a flow Get-Flow
Get-FlowRun
Enable-Flow
Disable-Flow
Remove-Flow
Read, update, and delete flow permissions Get-FlowOwnerRole
Set-FlowOwnerRole
Remove-FlowOwnerRole
Read and respond to flow approvals Get-FlowApprovalRequest
Get-FlowApproval
RespondTo-FlowApprovalRequest
Read and delete connections Get-PowerAppConnection (previously Get-Connection)
Remove-PowerAppConnection (previously Remove-Connection)
Read, update, and delete connection permissions Get-PowerAppConnectionRoleAssignment (previously Get-ConnectionRoleAssignment)
Set-PowerAppConnectionRoleAssignment (previously Set-ConnectionRoleAssignment)
Remove-PowerAppConnectionRoleAssignment (previously Remove-ConnectionRoleAssignment)
Read and delete connectors Get-PowerAppConnector (previously Get-Connector)
Remove-PowerAppConnector (previously Remove-Connector)
Read, update, and delete custom connector permissions Get-PowerAppConnectorRoleAssignment (previously Get-ConnectorRoleAssignment)
Set-PowerAppConnectorRoleAssignment (previously Set-ConnectorRoleAssignment)
Remove-PowerAppConnectorRoleAssignment (previously Remove-ConnectorRoleAssignment)

PowerApps cmdlets for administrators (preview)

Prerequisite

To perform the administration operations in the admin cmdlets, you'll need the following:

  • Office 365 Global admins or Azure Active Directory Global admins no longer require a P2 license for administrative access to the PowerApps admin PowerShell cmdlets. However, these administrators need to sign in to the PowerApps Admin Center at least once before using the PowerShell cmdlets. If this is not done, the cmdlets will fail with an authorization error.

  • Office 365 Global Administrator or Azure Active Directory Global Administrator permissions if you need to search through another user’s resources. (Note that Environment Admins only have access to those environments and environment resources for which they have permissions.)

Cmdlet list - Admin Cmdlets

Purpose Cmdlets
Read, update, and delete environments and Common Data Service databases New-AdminPowerAppEnvironment
Set-AdminPowerAppEnvironmentDisplayName
Get-AdminPowerAppEnvironment (previously Get-AdminEnvironment)
Remove-AdminPowerAppEnvironment (previously Remove-AdminEnvironment)
New-AdminPowerAppCdsDatabase
Get-AdminPowerAppCdsDatabaseLanguages
Get-AdminPowerAppCdsDatabaseCurrencies
Get-AdminPowerAppEnvironmentLocations
Delete Common Data Service database Remove-LegacyCDSDatabase *New*
Read, update, and delete environment permissions

These cmdlets only work today for environments that do not have a Common Data Service database.
Get-AdminPowerAppEnvironmentRoleAssignment (previously Get-AdminEnvironmentRoleAssignment)
Set-AdminPowerAppEnvironmentRoleAssignment (previously Set-AdminEnvironmentRoleAssignment)
Remove-AdminPowerAppEnvironmentRoleAssignment (previously Remove-AdminEnvironmentRoleAssignment)
Read, update, and remove canvas apps Get-AdminPowerApp (previously Get-AdminApp)
Remove-AdminPowerApp (previously Remove-AdminApp)
Get-AdminPowerAppConnectionReferences
Set-AdminPowerAppAsFeatured
Clear-AdminPowerAppAsFeatured
Set-AdminPowerAppAsHero
Clear-AdminPowerAppAsHero
Set-AdminPowerAppApisToBypassConsent
Clear-AdminPowerAppApisToBypassConsent
Read, update, and delete canvas app permissions Get-AdminPowerAppRoleAssignment (previously Get-AdminAppRoleAssignment)
Remove-AdminPowerAppRoleAssignment (previously Remove-AdminAppRoleAssignment)
Set-AdminPowerAppRoleAssignment (previously Set-AdminAppRoleAssignment)
Set-AdminPowerAppOwner (previously Set-AdminAppOwner)
Read, update, and delete flows Get-AdminFlow
Enable-AdminFlow
Disable-AdminFlow
Remove-AdminFlow
Remove-AdminFlowApprovals
Read, update, and delete flow permissions Get-AdminFlowOwnerRole
Set-AdminFlowOwnerRole
Remove-AdminFlowOwnerRole
Read and delete connections Get-AdminPowerAppConnection (previously Get-AdminConnection)
Remove-AdminPowerAppConnection (previously Remove-AdminConnection)
Read, update, and delete connection permissions Get-AdminPowerAppConnectionRoleAssignment (previously Get-AdminConnectionRoleAssignment)
Set-AdminPowerAppEnvironmentConnectionRoleAssignment (previously Set-AdminConnectionRoleAssignment)
Remove-AdminPowerAppConnectionRoleAssignment (previously Remove-AdminConnectionRoleAssignment)
Read and delete custom connectors Get-AdminPowerAppConnector (previously Get-AdminConnector)
Remove-AdminPowerAppConnector (previously Remove-AdminConnector)
Read, update, and delete custom connector permissions Get-AdminPowerAppConnectorRoleAssignment (previously Get-AdminConnectorRoleAssignment)
Set-AdminPowerAppConnectorRoleAssignment (previously Set-AdminConnectorRoleAssignment)
Remove-AdminPowerAppConnectorRoleAssignment (previously Remove-AdminConnectorRoleAssignment)
Read a user's PowerApps user settings, user-app settings, and notifications Get-AdminPowerAppsUserDetails
Read and delete a user's Microsoft Flow settings, which are not visible to user, but that support flow execution Get-AdminFlowUserDetails
Remove-AdminFlowUserDetails
Create, read, update and delete data loss prevention policies for your organization Get-AdminDlpPolicy (previously Get-AdminApiPolicy)
New-AdminDlpPolicy (previously Add-AdminApiPolicy)
Remove-AdminDlpPolicy (previously Remove-AdminApiPolicy)
Set-AdminDlpPolicy (previously Set-AdminApiPolicy)
Add-ConnectorToBusinessDataGroup
Remove-ConnectorFromBusinessDataGroup
Add-CustomConnectorToPolicy
Remove-CustomConnectorFromPolicy
Read and update tenant settings Get-TenantSettings
Set-TenantSettings

Tips

  • Use Get-Help ‘CmdletName’ to get a list of examples.

    Get-Help command

  • To cycle through the possible options for input tags, click on the tab key after typing out the dash (-) character, after the cmdlet name.

Example commands:

Get-Help Get-AdminPowerAppEnvironment
Get-Help Get-AdminPowerAppEnvironment -Examples
Get-Help Get-AdminPowerAppEnvironment -Detailed

Operation examples

Below are some common scenarios that show how to use new and existing PowerApps cmdlets.

Environments commands

Use these commands to get details on and update environments in your tenant.

Display a list of all environments

Get-AdminPowerAppEnvironment

Returns a list of each environment across your tenant, with details of each (e.g., environment name (guid), display name, location, creator, etc).

Display details of your default environment

Get-AdminPowerAppEnvironment –Default

Returns the details for only the default environment of the tenant.

Display details of a specific environment

Get-AdminPowerAppEnvironment –EnvironmentName ‘EnvironmentName’

Note: The EnvironmentName field is a unique identifier, which is different from the DisplayName (see first and second fields in the output in the following image).

Get-AdminEnvironment command

PowerApps commands

These operations are used to read and modify PowerApps data in your tenant.

Display a list of all PowerApps

Get-AdminPowerApp

Returns a list of all PowerApps across the tenant, with details of each (e.g., application name (guid), display name, creator, etc).

Display a list of all PowerApps that match the input display name

Get-AdminPowerApp 'DisplayName'

Returns a list of all the PowerApps in your tenant that match the display name.

Note: Use quotation characters (”) around input values that contain spaces.

Feature an application

Set-AdminPowerAppAsFeatured –AppName 'AppName'

Featured applications are grouped and pushed to the top of the list in the PowerApps mobile player.

Note: Like environments, the AppName field is a unique identifier, which is different from the DisplayName. If you want to perform operations based on the display name, some functions will let you use the pipeline (see next function).

Make an application a Hero app, using the pipeline

Get-AdminPowerApp 'DisplayName' | Set-AdminPowerAppAsHero

A Hero app will appear at the top of the list in the PowerApps mobile player. There can only be one Hero app.

The pipeline (represented as the ‘|’ character between two cmdlets) takes the output of the first cmdlet and passes it as the input value of the second, assuming the function has been written to accommodate the pipeline feature.

Note: an app must already be a featured app before it is changed to a hero.

Display the number of apps each user owns

Get-AdminPowerApp | Select –ExpandProperty Owner | Select –ExpandProperty displayname | Group

You can combine native PowerShell functions with the PowerApps cmdlets to manipulate data even further. Here we use the Select function to isolate the Owner attribute (an object) from the Get-AdminApp object. We then isolate the name of the owner object by pipelining that output into another Select function. Finally, passing the second Select function output into the Group function returns a nice table that includes a count of each owner’s number of apps.

Get-AdminPowerApp command

Display the number of apps in each environment

Get-AdminPowerApp | Select -ExpandProperty EnvironmentName | Group | %{ New-Object -TypeName PSObject -Property @{ DisplayName = (Get-AdminPowerAppEnvironment -EnvironmentName $_.Name | Select -ExpandProperty displayName); Count = $_.Count } }

Get-AdminPowerApp command

Download PowerApps user details

Get-AdminPowerAppsUserDetails -OutputFilePath '.\adminUserDetails.txt' –UserPrincipalName ‘admin@bappartners.onmicrosoft.com’

The above command will store the PowerApps user details (basic usage information about the input user via their user principal name) in the specified text file. It will create a new file if there is no existing file with that name, and overwrite the text file if it already exists.

Set logged in user as the owner of a PowerApp

Set-AdminPowerAppOwner –AppName 'AppName' -AppOwner $Global:currentSession.userId –EnvironmentName 'EnvironmentName'

Changes the owner role of a PowerApp to the current user, and replaces the original owner as a “can view” role type.

Note: The AppName and EnvironmentName fields are the unique identifiers (guids), not the display names.

Flow commands

Use these commands to view and modify data related to Microsoft Flow.

Display all flows

Get-AdminFlow

Returns a list of all flows in the tenant.

Display flow owner role details

Get-AdminFlowOwnerRole –EnvironmentName 'EnvironmentName' –FlowName ‘FlowName’

Returns the owner details of the specified flow.

Note: Like Environments and PowerApps, FlowName is the unique identifier (guid), which is different from the display name of the flow.

Display flow user details

Get-AdminFlowUserDetails –UserId $Global:currentSession.userId

Returns the user details regarding flow usage. In this example we’re using the user Id of the current logged in user of the PowerShell session as input.

Remove flow user details

Remove-AdminFlowUserDetails –UserId 'UserId'

Deletes the details on a flow user completely from the Microsoft database. All flows the input user owns must be deleted before the flow user details can be purged.

Note: The UserId field is the Object ID of the user’s Azure Active Directory record, which can be found in the Azure Portal under Azure Active Directory > Users > Profile > Object ID. You must be an admin to access this data from here.

Export all flows to a CSV file

Get-AdminFlow | Export-Csv -Path '.\FlowExport.csv'

Exports all the flows in your tenant into a tabular view .csv file.

API connection commands

View and manage API connections in your tenant.

Display all native Connections in your default environment

Get-AdminPowerAppEnvironment -Default | Get-AdminConnection

Displays a list of all API connections you have in the default environment. Native connections are found under the Data > Connections tab in the maker portal.

Display all custom connectors in the tenant

Get-AdminPowerAppConnector

Returns a list of all custom connector details in the tenant.

Data Loss Prevention (DLP) policy commands

These cmdlets will control the DLP policies on your tenant.

Display all policies

Get-AdminDlpPolicy

Returns a list of all the policies.

Display a filtered list of policies

Get-AdminDlpPolicy 'DisplayName'

Uses the display name to filter the policies

Display all ‘Business data only’ API connectors in a policy

Get-AdminDlpPolicy 'PolicyName' | Select –ExpandProperty BusinessDataGroup

Lists the API connections that are in the Business data only(or BusinessDataGroup) field in an input policy.

Add a connector to the ‘Business data only’ group

Add-ConnectorToBusinessDataGroup -PolicyName 'PolicyName' –ConnectorName 'ConnectorName'

Adds a connector to the ‘Business data only’ group in a given DLP policy. See the list of connectors by DisplayName and ConnectorName (used as input) here.

Version History

Date Updates
04/23/2018
  1. Initial launch of the PowerApps cmdlets for app creators (preview) including management cmdlets for Environments, Apps, Flows, Flow approvals, Connections, and Custom Connectors
  2. Initial launch of the PowerApps cmdlets for administrators (preview) including administrative cmdlets for Environments, Apps, and Flows
05/24/2018
  1. Minor bug fixes in both the cmdlets for app creators and administrators
  2. Added the following new administrative cmdlets:
    Get-AdminConnection
    Remove-AdminConnection
    Get-AdminConnectionRoleAssignment
    Set-AdminConnectionRoleAssignment
    Remove-AdminConnectionRoleAssignment
    Get-AdminConnector
    Remove-AdminConnector
    Set-AdminConnectorRoleAssignment
    Get-AdminConnectorRoleAssignment
    Remove-AdminConnectorRoleAssignment
    Get-AdminPowerAppsUserDetails
    Get-AdminFlowUserDetails
    Remove-AdminFlowUserDetails
    Get-AdminApiPolicy
    Add-AdminApiPolicy
    Remove-AdminApiPolicy
    Set-AdminApiPolicy
    Add-ConnectorToBusinessDataGroup
    Remove-ConnectorFromBusinessDataGroup
07/30/2018
  1. Added the ability to pass-in credentials to the Add-PowerAppsAccount (to enable recurring scripting)
  2. Minor bug fixes in both the cmdlets for app creators and administrators
  3. Added the "PowerApp" or "Flow" prefix to each cmdlet for app creators
  4. Added the "AdminPowerApp" or "AdminFlow" prefix to each cmdlet for administrators
  5. Added the following new administrative cmdlets:
    New-AdminPowerAppEnvironment
    Set-AdminPowerAppEnvironmentDisplayName
    New-AdminPowerAppCdsDatabase
    Get-AdminPowerAppCdsDatabaseLanguages
    Get-AdminPowerAppCdsDatabaseCurrencies
    Get-AdminPowerAppEnvironmentLocations
    Get-AdminPowerAppConnectionReferences
    Set-AdminPowerAppAsFeatured
    Clear-AdminPowerAppAsFeatured
    Set-AdminPowerAppAsHero
    Clear-AdminPowerAppAsHero
    Set-AdminPowerAppApisToBypassConsent
    Clear-AdminPowerAppApisToBypassConsent
    Remove-AdminFlowApprovals
08/15/2018 Added an optional parameter to the New-AdminPowerAppCdsDatabase to make the function synchronous, by default (i.e. it will not return until the database is successfully provisioned)
08/24/2018 Fixed an issue where the Flow admin cdmlets where not returning data for some using based on their security settings
01/09/2019
  1. Cmdlets are now available on the PowerShell gallery as two separate modules: Administrator and Maker.
  2. Added administrative cmdlet: Remove-LegacyCDSDatabase
  3. Added operation examples
  4. Added the ability to manage HTTP and custom connectors in data loss prevention (DLP)
03/05/2019 Added content for Government Community Cloud (GCC) level 2 support.
03/07/2019 Added a cmdlet: Add a canvas app to a Common Data Service solution - SetPowerAppAsSolutionAware
04/29/2019 Revised GCC terminology.
05/10/2019 Revised links for Cmdlets available on the PowerShell gallery to remove preset version.
05/20/2019 Added support for environment-specific Data Loss Prevention (DLP) policies.

Questions?

If you have any comments, suggestions, or questions, post them on the Administering PowerApps community board.