Power Platform Community Forum Thread Details

I had a crack at this with PowerShell and managed to get the creation to work but looks like most of the PowerShell commands either no longer exist, don't do what I want or are hallucinated into existence by AI attempt to help.

This is the PowerShell that at least creates the environment. I just couldn't get any additional config done after.

I managed to get most of the below converted, but I'm having issues just trying to authenticate, I tried a single user but ran into issues with parsing the token / it not liking something about it or something the user cannot supply.

Managed to get a template working that would auth using an Azure App_Registration, but as soon as I try the actual Environment Creation It fails, usually with invalid token, wrong audience..

Anyway as I write this I just found https://learn.microsoft.com/en-us/power-platform/admin/programmability-authentication-v2 which will probably get me through it.

I'll still post as it would be interesting to see if anyone else is using this type of method, or has any other handy scripts.

<# Replace placeholders like <FirstSecurityGroupId> and <SecondSecurityGroupId> 
with the actual security group IDs from Azure AD.
Use the correct EnvironmentName for operations that depend on the created environment.
The PowerShell modules (Microsoft.PowerPlatform.Admin.PowerShell and AzureAD) 
must be installed and imported.
Run the script in an elevated PowerShell session.#>

# Import required modules
Import-Module Microsoft.PowerApps.Administration.PowerShell
Import-Module AzureAD

# Install required modules if not already installed
# Install-Module -Name Microsoft.PowerPlatform.Admin.PowerShell
# Install-Module -Name AzureAD

# Sign in to Power Apps
Add-PowerAppsAccount -Username "Your Admin Account"
Connect-AzureAD

# Variables
$environmentName = "Shortname_PROD"
$environmentType = "Production"  # Set to "Production" or "Sandbox"
$securityGroupId1 = "Your Azure Group GUID"  
$securityGroupId2 = "Your Azure Group2 GUID"
$location = "Country"  # Adjust as needed
$url ="NewEnvironmentName" # Adjust as needed
$description = "This is a test environment made with a PowerShell Script"

if ($environmentType -eq "Production") { 
    $auditEnabled = $true
    $isProduction = $true
} else { 
    $auditEnabled = $false
    $isProduction = $false
}

# Create a new Power Apps environment
New-AdminPowerAppEnvironment -DisplayName $environmentName -Location $location -EnvironmentSku $environmentType -SecurityGroupId $securityGroupId1 -Description $description -Domainname $url -ProvisionDatabase -WaitUntilFinished
Write-Output "Environment $environmentName created successfully."

# Get the environment details
$environment = Get-AdminPowerAppEnvironment ("*" + $environmentName + "*") 

#TO DO 
#error checking above, set as managed environment##



# Works to this point but not any further....

# Create a Team and assign the System Administrator role
New-AdminPowerAppEnvironmentTeam -EnvironmentName $environmentName -DisplayName "$environmentName`_EnvironmentAdmins" -Description "System Administrator role" -MembershipType "Members" -AzureADGroupId $securityGroupId1
Set-AdminPowerAppEnvironmentRole -EnvironmentName $environmentName -TeamDisplayName "$environmentName`_EnvironmentAdmins" -RoleName "System Administrator"
Write-Output "System Administrator Team $environmentName`_EnvironmentAdmins created and assigned roles."

# Create a Team and assign the App Opener role
New-AdminPowerAppEnvironmentTeam -EnvironmentName $environmentName -DisplayName "$environmentName`_Users" -Description "App Opener Role" -MembershipType "Members" -AzureADGroupId $securityGroupId2
Set-AdminPowerAppEnvironmentRole -EnvironmentName $environmentName -TeamDisplayName "$environmentName`_Users" -RoleName "App Opener"
Write-Output "App Opener Team $environmentName`_Users created and assigned roles."

# Enable Auditing for Non-Production environments
if ($auditEnabled -and $environment.EnvironmentType -ne "Production") {
    Set-AdminPowerAppEnvironment -EnvironmentName $environmentName -IsAuditingEnabled $true
    Write-Output "Auditing enabled for the environment $environmentName."
}

# Update Environment Features
Set-AdminPowerAppEnvironment -EnvironmentName $environmentName -DisableAIBuilder $true -DisableAIPrompts $true -BlockUnmanagedCustomizations $true -DisableProcessCapacityOverage $true -DisableAutoClaimOfProcessCapacity $true
Write-Output "Environment security settings updated for $environmentName"
Write-Output "DisableAIBuilder, DisableAIPrompts, BlockUnmanagedCustomizations, DisableProcessCapacityOverage, DisableAutoClaimOfProcessCapacity"

# Enable IP address-based cookie binding for Production environments
if ($isProduction) {
    Set-AdminPowerAppEnvironment -EnvironmentName $environmentName -EnableIPBasedCookieBinding $true
    Write-Output "IP-based cookie binding enabled for production $environmentName."
}

Categories:

Microsoft Dataverse