Auditing user access in Microsoft Power Platform is essential for ensuring security, compliance, and governance. With PowerShell, you can automate the process of tracking user activities, permissions, and role assignments across Power Apps, Power Automate, and Power BI.
This guide will walk you through auditing user access to Power Platform using PowerShell by:
Listing all users and their assigned roles
Retrieving Power Apps and Power Automate access logs
Checking DLP policy compliance
Auditing Power BI workspace permissions
Exporting audit logs for security reviews
Step 1: Prerequisites
1. Install Required PowerShell Modules
Ensure the necessary modules are installed for managing Power Platform access.
Install-Module Microsoft.PowerPlatform.Administration -Scope CurrentUser -Force
Install-Module Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser -Force
Install-Module Microsoft.PowerApps.PowerShell -Scope CurrentUser -Force
Install-Module MicrosoftPowerBIMgmt -Scope CurrentUser -Force
2. Connect to Power Platform
Run the following command to authenticate as a Global Administrator or Power Platform Admin:
Add-PowerAppsAccount
Connect-PowerBIServiceAccount
You are now connected to Power Platform.
Step 2: Retrieve User Access Details in Power Platform
List all users and their assigned security roles
To audit all users and their assigned roles in Power Platform environments:
Get-AdminPowerAppRoleAssignment | Select-Object PrincipalType, DisplayName, RoleType | Export-Csv -Path "C:\PowerPlatform_UserAccess.csv" -NoTypeInformation
This report helps track user access levels.
Step 3: Retrieve Power Apps & Power Automate Permissions
List all users and their access levels for Power Apps
To get a detailed list of users with access to Power Apps:
Get-AdminPowerApp | ForEach-Object {
Get-AdminPowerAppRoleAssignment -AppName $_.AppName | Select-Object PrincipalType, DisplayName, RoleType, $_.AppName
} | Export-Csv -Path "C:\PowerApps_UserAccess.csv" -NoTypeInformation
This ensures that only authorized users have access to Power Apps.
List all users with access to Power Automate Flows
To audit user permissions on Power Automate flows:
Get-AdminFlow | ForEach-Object {
Get-AdminFlowOwnerRole -FlowName $_.FlowName | Select-Object PrincipalType, DisplayName, RoleType, $_.FlowName
} | Export-Csv -Path "C:\PowerAutomate_UserAccess.csv" -NoTypeInformation
This report provides visibility into flow ownership and permissions.
Step 4: Audit Power BI Access Permissions
List all users with access to Power BI Workspaces
To retrieve Power BI workspace user access levels:
Get-PowerBIWorkspace | ForEach-Object {
Get-PowerBIWorkspaceUser -WorkspaceId $_.Id | Select-Object PrincipalType, Identifier, AccessRight, $_.Name
} | Export-Csv -Path "C:\PowerBI_UserAccess.csv" -NoTypeInformation
This helps track Power BI workspace access across the organization.
Step 5: Retrieve Data Loss Prevention (DLP) Policies
To check if users comply with DLP policies for data protection:
Get-DlpPolicy | Select-Object Name, Description, Mode, Rules | Export-Csv -Path "C:\PowerPlatform_DLP_Report.csv" -NoTypeInformation
This ensures Power Platform compliance with security policies.
Step 6: Export Power Platform Audit Logs
Retrieve Audit Logs for User Activities
To export audit logs for security reviews:
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) -RecordType PowerApps | Export-Csv -Path "C:\PowerPlatform_AuditLogs.csv" -NoTypeInformation
This report helps track security events and policy violations.
Step 7: Automate Power Platform Access Auditing
To schedule automatic user access audits, create a PowerShell script and schedule it using Task Scheduler:
$timestamp = Get-Date -Format "yyyyMMdd"
$reportPath = "C:\PowerPlatform_Access_Audit_$timestamp.csv"
Get-AdminPowerAppRoleAssignment | Export-Csv -Path $reportPath -NoTypeInformation
Write-Output "Power Platform User Access Report Generated: $reportPath"
Steps to Schedule the Script
- Open Task Scheduler
- Click Create Basic Task
- Set a schedule (e.g., Weekly)
- Select Start a Program → PowerShell.exe
- Add script path:
-File "C:\Scripts\Audit_PowerPlatform.ps1" - Click Finish to automate reports.
Now, the audit runs automatically!