Security is a critical aspect of managing Microsoft Power Platform, ensuring that apps, flows, and users comply with organizational policies. PowerShell provides an automated way to generate security reports for Power Platform, covering:
User Access Levels
Role Assignments
Data Loss Prevention (DLP) Policies
Environment Security Settings
Power BI Workspace & Report Access
This guide walks through the process of generating security reports using PowerShell.
Step 1: Prerequisites
1. Install Power Platform PowerShell Modules
Ensure you have the required modules installed:
Install-Module Microsoft.PowerPlatform.Administration -Scope CurrentUser -Force
Install-Module Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser -Force
Install-Module Microsoft.PowerApps.PowerShell -Scope CurrentUser -Force
2. Connect to Power Platform
Run the following command to authenticate as a Global Administrator or Power Platform Admin:
Add-PowerAppsAccount
You are now connected to Power Platform.
Step 2: Generate User Access Report
To list all users and their assigned security roles in Power Platform environments:
Get-AdminPowerAppEnvironment | ForEach-Object {
$env = $_.EnvironmentName
Get-AdminPowerAppRoleAssignment -EnvironmentName $env | Select-Object PrincipalType, DisplayName, RoleType
} | Export-Csv -Path "C:\PowerPlatform_UserAccessReport.csv" -NoTypeInformation
This report contains users, their role type, and access levels.
Step 3: Generate Role Assignment Report
To list all users assigned to Power Platform security roles:
Get-AdminPowerAppRoleAssignment | Export-Csv -Path "C:\PowerPlatform_RoleAssignments.csv" -NoTypeInformation
This helps track role assignments across environments.
Step 4: Export Data Loss Prevention (DLP) Policies
To retrieve DLP policies applied across Power Platform environments:
Get-DlpPolicy | Select-Object Name, Description, Mode, Rules | Export-Csv -Path "C:\PowerPlatform_DLP_Policies.csv" -NoTypeInformation
This report shows compliance settings and applied restrictions.
Step 5: Retrieve Power Platform Environment Security Settings
To get a detailed security configuration report for all environments:
Get-AdminPowerAppEnvironment | Select-Object DisplayName, EnvironmentName, Location, CreatedTime, CreatedBy | Export-Csv -Path "C:\PowerPlatform_EnvironmentSecurity.csv" -NoTypeInformation
This ensures all environments are secured and tracked.
Step 6: Generate Power BI Access Report
To list all Power BI workspaces and user permissions:
Install-Module MicrosoftPowerBIMgmt -Scope CurrentUser -Force
Connect-PowerBIServiceAccount
Get-PowerBIWorkspace | ForEach-Object {
$workspace = $_.Name
Get-PowerBIWorkspaceUser -Scope Organization -WorkspaceId $_.Id | Select-Object PrincipalType, Identifier, AccessRight, $workspace
} | Export-Csv -Path "C:\PowerPlatform_PowerBI_AccessReport.csv" -NoTypeInformation
This helps track access levels in Power BI workspaces.
Step 7: Audit Power Platform Security Logs
To export audit logs for Power Platform activities:
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) -RecordType PowerApps | Export-Csv -Path "C:\PowerPlatform_AuditLogs.csv" -NoTypeInformation
This report provides insights into security events and policy violations.