Disable The Power Apps Permissions Pop-Up (Bypass Consent Form)
When a user opens the Power Apps canvas app for the first-time they see a message “Almost there… the app needs your permission to use the following. Please allow the permissions to proceed.” This is potentially confusing to the user because they are not sure what they are approving. In this article, I will show you how to disable the Power Apps permissions pop-up and make it stop appearing for users.
Table of Contents
• Introduction: The Power Apps Permissions Form
• Write A PowerShell Cmdlet To Bypass The Power Apps Permissions Form
• Get The Power Platform Environment ID
• Obtain The Canvas App Unique ID
• Open Windows PowerShell In Administrator Mode
• Optional Step: Install The Power Apps Administration Power Shell Module
• Enter The PowerShell Cmdlet To Bypass Consent
• Test The Power Apps Canvas App To Ensure The Permissions Form Is Turned Off
Introduction: The Power Apps Permissions Form
A user opening a Power Apps canvas app sees this pop-up known as the Power Apps consent form. It asks the user permission to create a new connection to the online services used in the app. We want to prevent this form from showing.
Write A PowerShell Cmdlet To Bypass The Power Apps Permissons Form
We can use a PowerShell cmdlet to make the Power Apps consent form stop appearing. To do this, we will need to obtain the environment name GUID, the app name GUID and then use them in the PowerShell cmdlet below.
Set-AdminPowerAppApisToBypassConsent -EnvironmentName [Guid] -AppName [Guid]
Get The Power Platform Environment ID
To find the Power Platform environment ID for app the app open make.powerapps.com and navigate the environment where the app is located. Then go to the Settings menu and select Developer resources.
Copy the Environment ID from the Developer resources menu…
…and paste it into Windows notepad for safe-keeping until we need it.
Default-f1b8b509-50a4-4a5c-8e48-bf3d3e7c10ed
Obtain The Canvas App Unique ID
Next, we will get the canvas app unique ID. Click the three dots beside the canvas app and then select Details.
Copy the App ID from the Details menu…
…and paste it into notepad alongside the Environment ID.
9a6d22d6-79a2-4d32-8abd-747a1d8ebcb0
Open Windows PowerShell In Administrator Mode
Go to the Windows start menu and search for Windows Powershell. Run Windows PowerShell as an administrator. There will likely be multiple versions of PowerShell installed on your machine. Ensure you select the proper one.
Optional Step: Install The Power Apps Administration Power Shell Module
If you have never used a Power Apps Administration PowerShell cmdlet before you will need to install the module.
Type these commands into the PowerShell console. Enter a username and password when the Microsoft 365 login prompt appears.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
Enter The PowerShell Cmdlet To Bypass Consent
Once the Power Apps administration library is installed we can input the cmdlet to bypass the consent form.
Write this PowerShell command in the console. Supply the environment name and app name GUIDs we gathered earlier in the tutorial>
Set-AdminPowerAppApisToBypassConsent -EnvironmentName Default-f1b8b509-50a4-4a5c-8e48-bf3d3e7c10ed -AppName 9a6d22d6-79a2-4d32-8abd-747a1d8ebcb0
Run the command by pressing enter. The PowerShell console should look like this if the command executed successfully.
Test The Power Apps Canvas App To Ensure The Permissions Form Is Turned Off
To test that the permissions form is no longer appearing to end-users, ask a user who is seeing the prompt to play the app.
If the permissions form does not appear then we can confirm that the user is no longer required to give consent.
Did You Enjoy This Article? 😺
Subscribe to get new Power Apps articles sent to your inbox each week for FREE
Questions?
If you have any questions or feedback about Disable The Power Apps Permissions Pop-Up (Bypass Consent Form) please leave a message in the comments section below. You can post using your email address and are not required to create an account to join the discussion.
Hey Matt, just a heads up. This doesn’t work for all connectors. It should work for all Microsoft connectors. Spatial Services for example is provided by Tom Tom and cannot be bypassed.
Peter C.,
It’s a good call out. True, this is really for the Microsoft connectors that are already covered with single-sign on. I’d wager that’s 90% of apps out there.
Is there a way to apply this to other connectors?
Dillion,
This applies it to all connectors. If no credentials are required, the consent form doesn’t appear.
My view is that this shouldn’t be a thing but rather that we should be able to append to or amend the message provided. Being able to provide a link to a page qualifying the security issues would be significantly better than the current options of on or ‘off via powershell’
Great post, though, Matt, as always
This requires you to be an Office 365 Global admin, right?
Does this also work for Power Automate flows that are triggered via a selected SharePoint item?
Thanks, Matthew! I wish there was a way to do a loop where it pulls in all the App IDs in an environment and disables the consent form. Sigh.
Valerie,
Me too. It should be an environment setting.
Hello,
Thank you for this.
I ran the PS cmd first time it stated:
WARNING: The names of some imported commands from the module ‘Microsoft.PowerApps.AuthModule’ include unapproved verbs that might make them less discove
rable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Ge
t-Verb.
but still got the status code 200
When testing I still got prompted SP permissions.
So I reran the PS script but got a 204:
StatusCode : 204
StatusDescription : No Content
Content : {}
RawContent : HTTP/1.1 204 No Content
We did this last year for a new Power App that was launched for all of our users to use…A large number of our personnel work out in the field and are not used to being logged into Office 365 for their day-to-day work (we don’t have mobile access yet for security reasons) – and those users ran into issues because they weren’t already logged into those data connections. So bypassing the screen didn’t give them a chance to log in before clicking the “Allow” button and then the app would try to load but give error messages. Now that our agency has been using SharePoint Online more and more, I haven’t heard of this still being much of an issue – maybe our IT people figured out a way to incorporate the single sign on with this bypass step so that it’ll automatically log people in AND bypass the message? I don’t know. But just wanted to mention it in case others run into issues.
Hi Matthew,
If you disable the consent form for an app developed in a dev environment, as part of a solution, and then you export the solution to a test or Prod environment, does this consent form need to be disabled again for the app in the target environments?
Guillaume,
Excellent question. It does need to be disabled in the target environment upon deployment. Importing the app is effectively creating a new copy of it.
So, essentially, if the user has already connected to the needed connectors, this should work, but if they haven’t, we are likely to run into issues?
Justin,
Not at all. If connectors use Microsoft 365, consent is automatically given. But if the connector use a 3rd party service, the user is still prompted for credentials.
Essentially, this prompt now only appears when the user ACTUALLY has to take actions.
Hey Matt,
What will be roll back plan if any issue happens after applying the changes for disabling the power apps permission pop up?
Meena,
It’s possible to use the CLEAR command to undo this admin function:
https://learn.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/clear-adminpowerappapistobypassconsent?view=pa-ps-latest
This one is good
Yogi,
Many thanks 🙂
Your content is always great, always relevant, and well explained. Thank you!
Is this a run-once / permanent change or will I need to re-run the scripts again after a certain period of time? Thanks.
Ciaran,
This is a run once change. But you can re-enable it if you have some regrets.
Thanks Matthew.