M04 DeployingApps
M04 DeployingApps
ADMIN IN A DAY........................................................................................................................ 2
Scenario ............................................................................................................................................................... 46
Task 1: Share the device ordering app ...................................................................................................................46
Task 2: Share the device procurement model-driven app ....................................................................................48
Scenario ............................................................................................................................................................... 49
Task 1: Test the Device Ordering app ....................................................................................................................49
Task 2: Test the Device Procurement app .............................................................................................................51
Scenario ............................................................................................................................................................... 54
Task 1: Setup the service principal .........................................................................................................................54
Task 2: Edit the flow to fix up the connections......................................................................................................59
TERMS OF USE ..........................................................................................................................64
FEEDBACK ............................................................................................................................................................ 64
DISCLAIMER ......................................................................................................................................................... 64
Admin in a day
Hands on lab
Lab Scenario
In this Hands-on Lab, you are an administrator for Contoso, helping them to adopt the
Power Platform. neighborly
The team building the Device Order Management app is now ready for you to transport
their solution from their development environment to the test environment for testing.
In this lab, you will be using Azure DevOps and the Power Apps build tools to automate
checking their solution into a source control repository and then using that to deploy to
test and production.
Because this is the first deployment to test, you will have to do some setup to configure
security for users to be able to access the app.
Lab Requirements
Lab Test Environment
This hands-on lab is designed to be completed in an environment setup for multiple
students to complete the Admin in a day series of hands-on labs.
You will be assigned one or more users to use to complete the hands-on tasks. Because this
is a shared environment, some tasks that require a tenant Global Administrator or a Service
Administrator will already be performed.
This lab assumes you have completed M03_Automation prior to starting this lab. In that
lab you would have created the environment that you will deploy to in this lab.
Exercise 1: Initialize Azure DevOps
In this exercise, you will be signing up for an Azure DevOps account and configuring the PowerApps build
tools for the account.
Note: If you already have Azure DevOps outside of this course and this environment, you CANNOT use
that here. You will need to follow our instructions to sign up.
Note: Use the same account you have been using for the other labs.
5) Click Continue.
6) If prompted, provide a unique Azure DevOps Organization name such as lastnameMMYY, select
a location closest to your tenant, select your region, enter captcha if prompted and click
Continue. Replace lastname with your last name, MM current month and YY current year.
7) Enter Device Management lastnameMMYY for Project Name and click Create project. Replace
lastname with your Last name, MM with current month, and YY with current year.
Projects are containers in Azure DevOps that track work items and source assets. When you set up
the automation for the deployment tasks those will be pipelines built in the context of a project.
8) Select Repos.
An Azure Repo is a source/version control container inside the Azure DevOps project used to track
changes you make. You will be using it to store the solution files for the team building the Device
Ordering app.
5. Select the Azure DevOps organization you created and click Install.
6. Click Proceed to Organization.
b. Select Pipelines.
b. Search for Power Platform hover over select Power Platform Tool Installer and click
Add.
f. Provide a Connection Name, paste the Environment URL you copied, provide your
credentials, and click Save.
g. Close the Service Connections browser window or tab.
7. Select the Generic Service Connection you created as the Power Apps Environment URL.
a. Go back to the Build Pipeline tasks and make sure you still have PowerApps Export
Solution task selected.
b. Locate the Service Connection field and click Refresh.
c. Select the Generic Service Connection you just created named Dev Connection.
10. Allow scripts to access the OAuth Token. This will allow the commands you will add to check in
files to the Azure DevOps repo to work.
a. Select Agent Job 1.
b. Scroll down and check the Allow Scripts to Access the OAuth Token checkbox.
11. Add Command Line task.
a. Click + Add a Task.
12. Add Scripts to the Command Line task. This task will be used to check in the solution file
changes to the repo.
a. Select the Command Line task.
b. Paste the script below in the Script text area. Replace [email protected]
with your username.
echo commit all changes
git config user.email "[email protected]"
git config user.name "Automatic Build"
git checkout master
git add --all
git commit -m "solution updates"
echo push code to new repo
git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push
origin master
f. Refresh the screen until your Agent job 1 has a Status of Running.
g. Click on Agent job 1 to open the job
h. The build will run up to the Command Line Script and fail because we need to adjust
permissions. The first run causes a project specific build service user to be added, we
will adjust the permissions to fix this problem.
j. Select Repositories.
k. Select the Permissions tab.
l. In the Users section, select the Device Management Build Service user.
c. The content of the folder should look like the image below.
In a real project this is where you could add steps to import the solution into a build Common Data
Service environment to check for missing dependencies. You could also add build tasks to run tests
against your solution as well as run Power Apps Solution Checker to detect problems. In this lab
exercise we will skip those extra steps to ensure you have enough time to complete the lab.
3. Click Continue.
4. Click Empty Job.
5. Enter Build Managed Solution for Name, click Save and Queue and select Save.
9. Search for Power Platform Pack, hover over Power Platform Pack Solution and click Add.
23. Click on Agent job 1 and wait for the run to complete. Build tasks should run and succeed.
24. Click on 1 artifact produced
25. Expand the folder and you should see the managed solution.
Exercise 5: Build a Release Pipeline
In this exercise, you will build your release pipeline. The release pipeline is intended to take the output
from the build pipeline and coordinate deploys to one or more release environments. A common
release pipeline might deploy to dev -> test -> user acceptance -> production. Release pipelines can
have approval requirements between each environment.
For the purposes of this lab we are only going to deploy to one test environment. For the purposes of
this lab, we will be using the Central Apps Test trial environment we created in the previous lab. In real
use, you would deploy to both Test and Production and would use environments of type production
instead of trial.
10. Enter Test for Connection Name, paste the Environment URL copied in the previous step,
provide your credentials, and click Save.
11. Select Pipelines -> Releases.
14. Enter Test for Stage Name and click + Add Artifacts.
15. Select Build Managed Solution for Source and click Add.
16. Select the Tasks tab and click + Add Task.
17. Search for Power Platform Tool, hover over Power Platform Tool Installer and click Add.
18. Search for Power Platform Import, hover over Power Platform Import Solution and click Add.
22. Enter SolutionName for Name, ContosoDeviceOrderManagement for Value, and click Save.
27. Wait for the release tasks to complete. The release pipeline should succeed.
If your Release has succeeded, go to to Step 28
If your Release has failed, try:
A common error here is the import fails because the Solution file is not found – one of the reasons
for this could be that you have named your pipeline different to what’s written in the lab.
A fix for this is to manually select the solution file for the import. To do click on Edit → Edit Pipeline
Select the .zip file in the drop folder and confirm with OK
Go back to Releases and click Create Release and Create
28. Navigate to Power Apps maker portal and select the Test environment Central Apps Test.
29. Select Solutions. You should see the managed solution you published from the release pipeline.
30. Click to open the Contoso Device Order Management solution.
31. You should get the You cannot edit managed solution message.
32. Select Apps. You should see Device Ordering App Canvas application and Device Procurement
Model-Driven-Application.
Exercise 6: Share the apps with the users
Scenario
In this exercise, you will be sharing the Device Ordering canvas app with all users of the
Device Ordering App Azure AD security group (we pre-created this for you!). When you do
the share, you will pick the Device Ordering App security role for the CDS permissions.
Behind the scenes this will cause the system to create a CDS team that is associated with
the Azure AD group and associate that team with the security role. The end result of this is
making it possible to give users access to the app and CDS data all in the same sharing
action.
2. Select Apps, click on the … More Commands button on the Device Ordering App and
select Share.
4. Search for Device and select the Device Ordering App group.
5. On the right side of the share panel next to the CDS Connector click on the Assign a
security role dropdown and select the Contoso CDS Model Driven User and Contoso
Device Order App security roles. The system will create a CDS Team and assign this
security roles to the team. Any member of the Azure AD Group will then get those
privileges.
6. Un-check the Send Notification checkbox and click on the Share button.
7. Do not close the share pane we are going to use it in the next task.
Task 2: Share the device procurement model-driven app
While you can click on the Share link of a model-driven app it will simply list the manual
steps you need to take. These steps are the following * Make sure the model-driven app has
a security role assigned to it, and users that need to run it has that role * Make sure the
users that need to access the app have a security role giving them appropriate CDS
permissions to the data.
In the future, the model-driven share experience will be updated to be more like the canvas
experience above. Until that happens, we can leverage the canvas share to do the
connection of an Azure AD group to a CDS Team. In our example, we want the back office
group to also have access to our canvas app, but if we didn’t after using the share to hookup
the team and the security role to the Azure AD group we could remove the share to this
group and it would leave the team and connection to Azure AD in place.
1. While still on the share pane from the prior task, search for the Device Procurement
App group and select it.
2. In the Assign security role drop down select the Contoso CDS Model Driven User and
Contoso Device Procurement App security roles.
3. Un-check send an email and click Share. Since our model-driven app uses the Contoso
Device Procurement App role, our back-office users will now have access to the model-
driven app.
4. Close the share pane.
Exercise 7 (Optional): Test the application
Scenario
In this exercise, you will login with the users and test the application.
4. On the details page copy the URL in the Web link section.
5. In another in-private browser window, paste the copied URL into the browsers
address bar to launch the app.
6. Log in with your Lab Employee account.
7. Make sure the selected connections are correct and click Allow.
8. Select Manufacturer.
9. Select Few devices and click Compare.
4. In a private browser window paste the URL for the app into the address bar and login
with your Lab Back Office account. If you cannot login, give few minutes and try again.
5. Select Device Orders and you should see at least one device order.
Exercise 8 (Optional): Setup the flow to use a
service principal
Scenario
In this exercise, you will be setting up the Power Automate flow to use a service principal
and shared service accounts.
The goal of this setup is to ensure the flow runs in a non-system admin account with the
least privileges required.
To accomplish that the following accounts will be used * For Common Data Service trigger
and actions we will use a service principal that has just the permissions required for the
flow actions * For the Approval and Office 365 e-mail send we will use a Service Account
that only has permission to send e-mail and has no other permissions at this time.
The most important thing is to make sure we don’t use our admin account that generally
has very broad access to resources in the tenant.
4. Enter Device Procurement App (Your Initials) for Name, select Accounts in this
Organizational Directory Only, and click Register.
5. Copy the Application(client) ID and Directory Tenant ID. Save them in a notepad.
7. Enter Description and click Add. For the Expires duration, we are choosing 1 year, in
a real deployment you need to make sure if you choose 1 or 2 years you have a plan to
rotate the keys prior to expiration or anything using the key will fail upon expiration.
8. Copy the Value and keep in a notepad. This value is not available again once you leave
this area of the portal.
9. Go back to Power Apps maker portal click Settings and select Advanced Settings.
4. Click Edit.
5. Click on the trigger step to expand.
FEEDBACK
If you give feedback about the technology features, functionality and/or concepts described
in this demo/lab to Microsoft, you give to Microsoft, without charge, the right to use, share
and commercialize your feedback in any way and for any purpose. You also give to third
parties, without charge, any patent rights needed for their products, technologies and
services to use or interface with any specific parts of a Microsoft software or service that
includes the feedback. You will not give feedback that is subject to a license that requires
Microsoft to license its software or documentation to third parties because we include your
feedback in them. These rights survive this agreement. MICROSOFT CORPORATION
HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE
DEMO/LAB, INCLUDING ALL WARRANTIES AND CONDITIONS OF MERCHANTABILITY,
WHETHER EXPRESS, IMPLIED OR STATUTORY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE AND NON-INFRINGEMENT. MICROSOFT DOES NOT MAKE ANY ASSURANCES OR
REPRESENTATIONS WITH REGARD TO THE ACCURACY OF THE RESULTS, OUTPUT THAT
DERIVES FROM USE OF DEMO/ LAB, OR SUITABILITY OF THE INFORMATION CONTAINED
IN THE DEMO/LAB FOR ANY PURPOSE.
DISCLAIMER
This demo/lab contains only a portion of new features and enhancements in Microsoft
PowerApps. Some of the features might change in future releases of the product. In this
demo/lab, you will learn about some, but not all, new features.