Governance in Power Automate

Prevent users manually updating Power Automate for desktop

Using the following registry entry you can prevent users to manually update Power Automate for desktop on their machines and receive update notifications.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop DisableOptionalUpdates DWORD

Value

  • 1: Users won't be able to manually update Power Automate for Desktop.

Prevent users accessing Power Automate for desktop using their Microsoft accounts

Using the following registry entry you can prevent users to sign in on Power Automate for desktop on their machines using a Microsoft account.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop RestrictMSAAccountsSignIns DWORD

Value

  • 1: Users won't be able to sign-in using their Microsoft account

Prevent users accessing Power Automate for desktop using their work or school accounts

You can use the following registry entry to prevent users from logging into Power Automate for desktop with their work or school account without a per user plan with attended RPA license.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop RestrictNoLicenseOrgIDAccountsSignIns DWORD

Value

  • 1: Users won't be able to sign-in using their work or school account without a per user plan with attended RPA license

Prevent users accessing Power Automate for desktop using their work or school accounts or organization premium accounts

You can use the following registry entry to prevent users from logging into Power Automate for desktop with their work or school accounts or organization premium accounts.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop RestrictOrgIDAccountsSignIns DWORD

Value

  • 1: Users won't be able to sign-in using their work or school account or organization premium account

Note

  • Setting any value other than 1, or not setting a value at all will allow users to access for desktop. When all registry keys are set to 1, users will not be able to login to Power Automate for desktop with any type of account.

Restricting access to Power Automate for desktop

In order to restrict access to Power Automate for desktop on a workstation with Windows 10 or Windows 11, use Applocker.

Allow users to sign in to Power Automate for desktop using Web Account Manager (WAM)

You can use the following registry entry to allow users to sign in to Power Automate for desktop using Windows Web Account Manager (WAM).

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop UseMsalWindowsBroker DWORD

Values

  • 1: Power Automate for desktop will authenticate users using the WAM funcionality.

Allow users to select a particular organization in Power Automate for desktop

You can use the following registry entry to allow users to select the organization of their preference in Power Automate for desktop.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop EnableOrganizationPicker String

Values

  • "isEnabled":1: Signed in users will be able to select the organization of their preference through the “Switch organization” option in the Power Automate for desktop console.

  • "isEnabled":0: Signed in users won't be able to select the organization of their preference and the “Switch organization” option will be disabled.

  • "organizationList":[OrgID(s)] (e.g.: organizationList:["10z677m8-l4v6-9cm5-c6n6-r1747rp5338k","86d487j7-y1t2-9gk7-k7n2-x5079jq4619r"]): The organizations with the specified IDs listed, will be available to connect during sign in.

  • "selectOrganizationFromListIsEnabled":1: Power Automate for desktop will try to connect to each one of the organizations specified in the "organizationList" value based on their order, during sign in.

  • "selectOrganizationFromListIsEnabled":0: The specified list in the "organizationList" value won’t be taken into consideration during sign in.

Note

The "isEnabled” values aren't related to the "organizationList" and "selectOrganizationFromListIsEnabled" values. The "isEnabled” values define if the “Switch organization” option will be available to signed in users, whereas the "organizationList" and "selectOrganizationFromListIsEnabled" values define the organizations that Power Automate for desktop will try to connect to automatically during the sign in procedure.

Allow users of Power Automate for desktop to connect to a region

You can use the following registry entry to allow users to select the region they want to connect to.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop Cloud DWORD

Value

  • 0: The user will have the option to select the region of their preference to connect to through an additional option in the sign in screen.
  • 1: The user will be automatically connected to the first available region they are registered to.
  • 2: The user will connect to the global public region.
  • 3: The user will connect to the US Government GCC region.
  • 4: The user will connect to the US Government GCC High region.
  • 5: The user will connect to the US Government DoD region.
  • 6: The user will connect to the China (operated by 21Vianet) region.

Configure Power Automate for desktop to interact with a corporate proxy server

IT administrators, may set the following registry key, to configure the Power Automate’s interaction with a corporate proxy server.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop ProxyServer String

Value

  • ProxyAddress:Port (e.g.: myproxy.com:3128): The proxy server and port configured, will override the proxy server and port configured in Windows.

Configure Power Automate for desktop to bypass a corporate proxy server

IT administrators, may set the following registry key, to configure the Power Automate’s bypassing of a corporate proxy server.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop DisableWindowsProxy DWORD

Value

  • 1: Power Automate for desktop won't honor the Windows Proxy settings and the proxy server will be bypassed for Power Automate's traffic.

Configure Power Automate for desktop to authenticate to a corporate proxy server using the current user's credentials

IT administrators, may set the following registry key, to configure the Power Automate’s authentication with a corporate proxy server.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop UseDefaultProxyCredentials DWORD

Value

  • 1: Power Automate for desktop will authenticate to the corporate proxy server using the current user's credentials.

Configure Power Automate for desktop notification settings

You can use the following registry entry to configure how Power Automate for desktop displays notifications and monitoring information.

Hive Key Name Type
HKEY_CURRENT_USER SOFTWARE\Microsoft\Power Automate Desktop NotificationsType DWORD

Value

  • 1: Power Automate for desktop will display notifications through the flow monitoring window.
  • 2: Power Automate for desktop will use the integrated Windows notifications.
  • 3: Power Automate for desktop won't display notifications.

Disable confirmation dialog when invoking Power Automate desktop flows via URL

You can use the following registry entry to prevent Power Automate for desktop from displaying a confirmation dialog when invoking desktop flows via URL.

Hive Key Name Type
HKEY_CURRENT_USER SOFTWARE\Microsoft\Power Automate Desktop EnableAskBeforeRunningAFlowExternally DWORD

Value

  • 0: Power Automate for desktop won't display a confirmation dialog when invoking desktop flows via URL.

Configure Power Automate for desktop to keep the flow run details

You can use the following registry entry to configure Power Automate for desktop to keep the flow run details logs in a local folder.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop KeepRunDefinitionFilesCopy DWORD

Value

  • 1: Power Automate for desktop creates a copy of the RunDefinition.json file, preventing the local flow run details from getting cleaned up.

Configure Power Automate for desktop to prevent cleanup of flow run action details

You can use the following registry entry to configure the cleanup of local flow run action details logs.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop\Global DisableRunFilesCleanup DWORD

Value

  • 1: Flow run action details stored in the Actions.log file won't be deleted from the local disk after the run is completed.

Prevent Power Automate for desktop from running flows containing cloud connectors

You can use the following registry entry to disable the execution of flows containing cloud connectors.

Hive Key Name Type
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Power Automate Desktop\Global DisableCloudConnectors DWORD

Value

  • 1: The machine won't be able to run desktop flows containing cloud connectors. An appropriate error message will inform users about the set limitation.

Learn more