PowerApps Portal – Control Azure AD User Access

Introduction:

Hi Everyone,

Welcome to the Power Guide Blog series. Hope you all are doing great and staying safe!
In the past few days, I have got several queries regarding controlling the PowerApps Portal access to a particular group/subsidiaries or business unit.
Let\’s understand this with the help of the following business use case.
As we all know that PowerApps Portal supports Azure AD authentication, which allows all Azure AD users to directly login to the portal without being registered on the portal. However, sometimes we want to restrict portal access only to a specific group of users instead of all Azure AD users.
For example, Power Guide is an organization that has two departments let say: Helpdesk and HR Department. The helpdesk department has around 50 support agents who need PowerApps Portals access to handle queries and resolution of tickets. However, the HR department requires to have access only to Microsoft Teams. Now, If the organization wants to give portal access only to the Helpdesk department, not to the HR department then how can you handle that scenario?
In this article, I will share PowerGuideTip27 and will tell you a tip to handle such scenarios using Azure AD Conditional Access Policies.
What is Azure AD Conditional Access
Check this article to know about Microsoft\’s Azure AD Conditional Access.
Pre Requisites:
  • Azure AD Subscription (Trial is also fine)
  • Dynamics 365 License (Trial is also fine)
  • PowerApps Portals (of any type)
Implementations Steps:
1. Create a Dynamics 365 Free Trial.
2. Create a trial (subscription-based) environment in the Power Platform admin center.
3. Install PowerApps Portal (ignore if you already have). Click here for the installation steps.
4. Configure Azure AD Conditional Access Policy.

Step 1: Go to https://portal.azure.com/ and sign with your Dynamics 365 trial credentials

Note: Make sure you have Global Administrator rights.

Step 2: Click on View under Manage Azure Active Directory.

Step 3:  Click on Properties 


Step 4: Click on Manage Security defaults 

Step 5: Turn Off the Enable Security defaults settings and choose My organization is using Conditional Access. Click Save


Step 6: Click on Security.


Step 7: Click on Conditional Access



Step 8: Click on + New Policy.


Note: if the + New Policy option is disabled, that means you don\’t have an Azure AD Premium P2 subscription. Click on the -> arrow and Activate it.

Step 9: Give the policy name



Step 10: Click on 0 users and groups selected under Assignment.


Include – Users whom you want to restrict from accessing the portal
Exclude – User whom you want to give access to the portal

Under Include >  Select users and groups > choose Users and group checkbox > Search the user or group that you want to keep out of this policy and then Select to add them in the Include list.

Under Exclude >  Select users and groups > choose Users and group checkbox > Search the user or group that you want to keep out of this policy and then Select to add them in the Exclude list.

Note: If you have fewer users, then you can search and choose them individually from the list, otherwise create a security group, add all these users in that group and then search the group name and choose the group from the list. By doing that, this policy will be applied to all the members of that particular group.

Step 11: Click on No cloud apps or actions selected under Cloud apps or actions

Click on Include and Choose Select apps.

Search and choose all those apps that you want to restrict and apply this policy to.
Since we want to restrict only PowerApps Portal, therefore we will search Microsoft CRM Portals and add only that to the Include list.
Similarly, if you also want to restrict PowerApps and Power Automate then you can search for PowerApps and Microsoft Flow app respectively, and add them too to the include list

Note: Choose Microsoft PowerApps and Microsoft Flow apps only if you want to restrict Model-driven apps, Canvas apps, and Power Automate along with PowerApps Portals.

Step 12: Click on Grant under Access controls > choose Block Access >  Select


Step 13: Finally Turn On the Enable policy and Hit Create to create the policy,




Test and Demo


Hope you found this PowerGuideTip helpful.

Stay tuned for the next interesting Power Guide Tip. 

Cheers.

Published by arpitpowerguide

My name is Arpit Shrivastava, who is a Microsoft MVP in the Business Applications category. I am a Microsoft Dynamics 365 and Power Platform enthusiast person who is having a passion for researching and learning new things and acquiring immense knowledge. I am providing consistent help, support, and sharing my knowledge through various Social Media Channels along with my Personal Blog, Microsoft Community, conducting online training and attending various 365 Saturday Events worldwide and sharing the best Solutions to the readers helping them achieve their goals and objectives in Customer Relationship Space.

3 thoughts on “PowerApps Portal – Control Azure AD User Access

  1. Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to (hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time. Contact him now and thank me later.

    Like

  2. Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to (hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time. Contact him now and thank me later.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: