Latest Posts

Managing Power Platform Security Groups using PowerShell

Posted on by Rishan Solutions

Loading

Power Platform security groups help manage user access to Power Apps, Power Automate, and Dataverse resources efficiently. Using PowerShell, you can automate the creation, assignment, and management of security groups.

This guide provides step-by-step instructions on how to:
Connect to Power Platform using PowerShell
List existing security groups
Create a new security group
Add users to a security group
Remove users from a security group
Delete a security group

Step 1: Prerequisites

Before managing Power Platform security groups, ensure the following:

1. Install the Microsoft Graph PowerShell Module

Microsoft Graph API is required to manage security groups.

Install-Module Microsoft.Graph -Scope CurrentUser -Force

2. Connect to Microsoft Graph

Authenticate using an administrator account:

Connect-MgGraph -Scopes "Group.ReadWrite.All", "User.Read.All"

Step 2: List Existing Security Groups

To retrieve a list of all security groups, run:

Get-MgGroup -All | Select-Object DisplayName, Id, Mail

For Power Platform-specific groups, filter by name or description:

Get-MgGroup -Filter "startswith(displayName,'PowerPlatform')"

All security groups are listed!

Step 3: Create a New Security Group

To create a new security group for Power Platform:

$groupParams = @{
    DisplayName = "PowerPlatformAdmins"
    Description = "Security group for Power Platform administrators"
    MailEnabled = $false
    SecurityEnabled = $true
}

New-MgGroup @groupParams

New security group created!

Step 4: Add Users to a Security Group

To add a user, first retrieve the User ID:

Get-MgUser -UserPrincipalName "user@yourdomain.com"

Now, add the user to the group:

$groupId = "<Security_Group_ID>"
$userId = "<User_ID>"

New-MgGroupMember -GroupId $groupId -DirectoryObjectId $userId

User added to security group!

Step 5: Remove Users from a Security Group

To remove a user, run:

Remove-MgGroupMember -GroupId $groupId -DirectoryObjectId $userId

User removed from security group!

Step 6: Delete a Security Group

To delete a security group:

Remove-MgGroup -GroupId $groupId -Confirm:$false

Security group deleted!

Step 7: Automate Security Group Management

Create a PowerShell script (ManagePowerPlatformGroups.ps1) to automate:

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Group.ReadWrite.All", "User.Read.All"

# Define Security Group Name
$groupName = "PowerPlatformAdmins"

# Check if Security Group Exists
$group = Get-MgGroup -Filter "displayName eq '$groupName'"

if ($group) {
    Write-Host "Security group '$groupName' already exists."
} else {
    # Create Security Group
    $groupParams = @{
        DisplayName = $groupName
        Description = "Security group for Power Platform administrators"
        MailEnabled = $false
        SecurityEnabled = $true
    }
    New-MgGroup @groupParams
    Write-Host "Security group '$groupName' created successfully!"
}

# Add Users to Group
$userEmail = "user@yourdomain.com"
$user = Get-MgUser -UserPrincipalName $userEmail
if ($user) {
    New-MgGroupMember -GroupId $group.Id -DirectoryObjectId $user.Id
    Write-Host "User '$userEmail' added to '$groupName'."
} else {
    Write-Host "User not found!"
}

Security group management is now automated!

Leave a Reply

Your email address will not be published. Required fields are marked *