Disable The Power Apps Permissions Pop-Up (Bypass Consent Form)
When a user opens the Power Apps canvas app for the first-time they see a message “Almost there… the app needs your permission to use the following. Please allow the permissions to proceed.” This is potentially confusing to the user because they are not sure what they are approving. In this article, I will show you how to disable the Power Apps permissions pop-up and make it stop appearing for users.
Table of Contents
• Introduction: The Power Apps Permissions Form
• Write A PowerShell Cmdlet To Bypass The Power Apps Permissions Form
• Get The Power Platform Environment ID
• Obtain The Canvas App Unique ID
• Open Windows PowerShell In Administrator Mode
• Optional Step: Install The Power Apps Administration Power Shell Module
• Enter The PowerShell Cmdlet To Bypass Consent
• Test The Power Apps Canvas App To Ensure The Permissions Form Is Turned Off
Introduction: The Power Apps Permissions Form
A user opening a Power Apps canvas app sees this pop-up known as the Power Apps consent form. It asks the user permission to create a new connection to the online services used in the app. We want to prevent this form from showing.
Write A PowerShell Cmdlet To Bypass The Power Apps Permissons Form
We can use a PowerShell cmdlet to make the Power Apps consent form stop appearing. To do this, we will need to obtain the environment name GUID, the app name GUID and then use them in the PowerShell cmdlet below.
Set-AdminPowerAppApisToBypassConsent -EnvironmentName [Guid] -AppName [Guid]
Get The Power Platform Environment ID
To find the Power Platform environment ID for app the app open make.powerapps.com and navigate the environment where the app is located. Then go to the Settings menu and select Developer resources.
Copy the Environment ID from the Developer resources menu…
…and paste it into Windows notepad for safe-keeping until we need it.
Default-f1b8b509-50a4-4a5c-8e48-bf3d3e7c10ed
Obtain The Canvas App Unique ID
Next, we will get the canvas app unique ID. Click the three dots beside the canvas app and then select Details.
Copy the App ID from the Details menu…
…and paste it into notepad alongside the Environment ID.
9a6d22d6-79a2-4d32-8abd-747a1d8ebcb0
Open Windows PowerShell In Administrator Mode
Go to the Windows start menu and search for Windows Powershell. Run Windows PowerShell as an administrator. There will likely be multiple versions of PowerShell installed on your machine. Ensure you select the proper one.
Optional Step: Install The Power Apps Administration Power Shell Module
If you have never used a Power Apps Administration PowerShell cmdlet before you will need to install the module.
Type these commands into the PowerShell console. Enter a username and password when the Microsoft 365 login prompt appears.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
Enter The PowerShell Cmdlet To Bypass Consent
Once the Power Apps administration library is installed we can input the cmdlet to bypass the consent form.
Write this PowerShell command in the console. Supply the environment name and app name GUIDs we gathered earlier in the tutorial>
Set-AdminPowerAppApisToBypassConsent -EnvironmentName Default-f1b8b509-50a4-4a5c-8e48-bf3d3e7c10ed -AppName 9a6d22d6-79a2-4d32-8abd-747a1d8ebcb0
Run the command by pressing enter. The PowerShell console should look like this if the command executed successfully.
Test The Power Apps Canvas App To Ensure The Permissions Form Is Turned Off
To test that the permissions form is no longer appearing to end-users, ask a user who is seeing the prompt to play the app.
If the permissions form does not appear then we can confirm that the user is no longer required to give consent.
Did You Enjoy This Article? 😺
Subscribe to get new Power Apps articles sent to your inbox each week for FREE
Questions?
If you have any questions or feedback about Disable The Power Apps Permissions Pop-Up (Bypass Consent Form) please leave a message in the comments section below. You can post using your email address and are not required to create an account to join the discussion.
Hey Matt, just a heads up. This doesn’t work for all connectors. It should work for all Microsoft connectors. Spatial Services for example is provided by Tom Tom and cannot be bypassed.
Peter C.,
It’s a good call out. True, this is really for the Microsoft connectors that are already covered with single-sign on. I’d wager that’s 90% of apps out there.
Is there a way to apply this to other connectors?
Dillion,
This applies it to all connectors. If no credentials are required, the consent form doesn’t appear.
My view is that this shouldn’t be a thing but rather that we should be able to append to or amend the message provided. Being able to provide a link to a page qualifying the security issues would be significantly better than the current options of on or ‘off via powershell’
Great post, though, Matt, as always
This requires you to be an Office 365 Global admin, right?
Does this also work for Power Automate flows that are triggered via a selected SharePoint item?
Thanks, Matthew! I wish there was a way to do a loop where it pulls in all the App IDs in an environment and disables the consent form. Sigh.
Valerie,
Me too. It should be an environment setting.
Hello,
Thank you for this.
I ran the PS cmd first time it stated:
WARNING: The names of some imported commands from the module ‘Microsoft.PowerApps.AuthModule’ include unapproved verbs that might make them less discove
rable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Ge
t-Verb.
but still got the status code 200
When testing I still got prompted SP permissions.
So I reran the PS script but got a 204:
StatusCode : 204
StatusDescription : No Content
Content : {}
RawContent : HTTP/1.1 204 No Content
I am getting the 204 status code now too. When I ran it the first time, it worked great. When I run it for a second app, I get 204.
We did this last year for a new Power App that was launched for all of our users to use…A large number of our personnel work out in the field and are not used to being logged into Office 365 for their day-to-day work (we don’t have mobile access yet for security reasons) – and those users ran into issues because they weren’t already logged into those data connections. So bypassing the screen didn’t give them a chance to log in before clicking the “Allow” button and then the app would try to load but give error messages. Now that our agency has been using SharePoint Online more and more, I haven’t heard of this still being much of an issue – maybe our IT people figured out a way to incorporate the single sign on with this bypass step so that it’ll automatically log people in AND bypass the message? I don’t know. But just wanted to mention it in case others run into issues.
Hi Matthew,
If you disable the consent form for an app developed in a dev environment, as part of a solution, and then you export the solution to a test or Prod environment, does this consent form need to be disabled again for the app in the target environments?
Guillaume,
Excellent question. It does need to be disabled in the target environment upon deployment. Importing the app is effectively creating a new copy of it.
So, essentially, if the user has already connected to the needed connectors, this should work, but if they haven’t, we are likely to run into issues?
Justin,
Not at all. If connectors use Microsoft 365, consent is automatically given. But if the connector use a 3rd party service, the user is still prompted for credentials.
Essentially, this prompt now only appears when the user ACTUALLY has to take actions.
Hey Matt,
What will be roll back plan if any issue happens after applying the changes for disabling the power apps permission pop up?
Meena,
It’s possible to use the CLEAR command to undo this admin function:
https://learn.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/clear-adminpowerappapistobypassconsent?view=pa-ps-latest
This one is good
Yogi,
Many thanks 🙂
Your content is always great, always relevant, and well explained. Thank you!
Is this a run-once / permanent change or will I need to re-run the scripts again after a certain period of time? Thanks.
Ciaran,
This is a run once change. But you can re-enable it if you have some regrets.
Thanks Matthew.
In our dev, we ran into an issue when a user was asked every time he launched the app. What would cause that?
When I run this, I get the error below. Any idea why?
Invoke-WebRequest : {“error”:{“code”:”BusinessAppPlatformRequestFailed”,”message”:”The request failed with client
error: ‘The environment ” could not be found in the tenant ‘<my tenant id>‘. The correlation
Id is ‘57397322-dea5-4ba5-98ff-d7df1cbd5e0d’.”,”details”:[{“code”:”MultipleErrorsOccurred”,”message”:”Multiple errors
occurred. Please see details.”,”details”:[{“code”:”EnvironmentNotFound”,”message”:”The environment ” could not be
found in the tenant ‘<my tenant id>‘.”}]},{“code”:”FullNonLocalizedError”,”message”:”{\”error\”:{
\”code\”:\”EnvironmentNotFound\”,\”message\”:\”The environment ” could not be found in the tenant
‘<my tenant id>‘.\”}}”}]}}
At C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerApps.Administration.PowerShell\2.0.170\Microsoft.PowerApps
.RestClientModule.psm1:80 char:25
+ … $response = Invoke-WebRequest -Uri $Uri -Headers $Headers -Method $Me …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
From a Data Privacy perspective, shouldn’t users have transparency to see what permissions they are granting to the Power App before they use the App?
Data,
Yes, they should see what permissions they are granting. But it can also cause confusion because many folks don’t know what this message means. Pick one or the other 😉
Hello,
I have used same bove approach to bypass the sig-in, but for MSN weather apps not working, it would be great if we get any help on saem?
Venkata,
MSN Weather will always require authorization because it is not an M365 Service.
I ran the Powershell script to bypass consent form but users are still getting the prompt for Microsoft Entra. Any ideas on how to bypass that consent? Does that need done in the Entra Admin Center?
Hi Matthew,
Hope you are doing well. Thank you for the Great Article. I have followed the exact steps and the PowerShell Command was successful.
But still I am unable to get rid of that Permission Pop-up for the below connectors( This issue persists for both External and Internal users)
Looking for your response at the earliest.
Thank you!!!!
Hi Matt,
Could you please let me know what is the minimum permission level required to be able to successfully execute the command?
Robin,
The Power Platform PowerShell documentation states:
“To perform the administration operations in the cmdlets, you’ll need the following: Any of these roles from Microsoft Entra ID, Tenant admin, Power Platform administrator, Dynamics 365 Service Administrator, can access the Power Apps admin PowerShell cmdlets.”
Will this work for a Model Driven App? If not, is there an equivalent for an MDA? Thanks in advance.
David,
Yes, it is the same process for model-driven apps using custom pages. If there are no custom pages, the consent pop-up does not appear.
Thanks for this Matthew. I applied the PowerShell command to a custom PowerApps SharePoint list form–it is not a Power App per se. I thought it seemed to work. The App ID I used in the script is from a Settings page I see while the custom form is being edited. I tried the fix with a generic tenant account and while a little clunky, it eventually bypassed the permissions prompt. However, another user still gets the prompt regardless. Any thoughts on why she is still getting it?