“I’m trying to add AD group as co-owner in PowerApps, but the checkbox is disabled, what can I do about it?”
When you manage access in Microsoft environment, you might want to use AD groups instead of specific users. While users can join or leave your organisation and it’s hard to keep track of the individual permissions, M365 groups will stay. The same principle applies to PowerApps ownership too. Instead of keeping application ownership on specific users, you might want to co-own them with a group.
But that works only if it’s a separate application. Once you add it into a Solution, and you should add it into a solution, such option will be disabled.
How do you then share the app with the group?
Use PowerShell to add the co-owner
If something is not doable using the interface, there’s a high chance that there’s another way. It could be some http request in a flow, or a PowerShell script as in this example.
Run the ‘Windows PowerShell ISE’ application on your Windows machine as an administrator. If you don’t have such option you might need to contact your local IT.
Administrator is necessary because you must install two modules to work with PowerApps.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber Once you have the modules, gather some information – the AD group id, application id, and the Power Platform environment id.
You can find the AD group id in Azure or using one of the ‘List groups…’ actions in a flow.
Application (blue) and environment (red) id is in the application details.
Store them into variables in the script, e.g.
$groupId = "367e79b7-a0ed-48d8-99c3-a140a64a8f44"
$appId = "fa1545f5-2d29-4022-a0b1-f883214a2e9e"
$envId = "Default-c3adda97-555b-44f6-9fbb-ecf0395f334b"Once ready, there’s just one more command to use for the sharing.
Set-AdminPowerAppRoleAssignment -PrincipalType Group -PrincipalObjectId $groupId -RoleName CanEdit -AppName $appId -EnvironmentName $envId
Run the script and check that the AD group was added among the app co-owners.
Summary
As you can see, there’s always some workaround to achieve what you need. In this case, even if PowerApps disabled co-owner sharing with an AD group, you can still bypass it using PowerShell. It isn’t a low-code solution, far from it, but learning a bit of PowerShell will never hurt anyway.
Next week I’ll show you how to get rid of the annoying connection confirmation popup when launching the PowerApp.
1 thought on “Overcome disabled PowerApps co-owner sharing with AD group”