Applies to Product - Power Apps
What’s happening?
Customers are experiencing difficulties with whitelisting Azure Function App traffic over public networks toward Power Apps. This includes issues with creating OAuth connections and receiving error messages related to connection API policy violations.
Reason:
- In one case, this was caused by missing Key Vault secret permissions for the affected user.
- In another case, the problem stemmed from misconfigured VNet gateway settings and missing IP whitelisting for Azure Function Apps.
- Additional issues were related to restrictive connection API policies in the Power Platform environment.
Resolution:
For Key Vault Secret Permissions:
- Ensure the user is assigned the Key Vault Secrets User role with no conditional access restrictions.
- Confirm that the Azure Key Vault resides in the same tenant as the Power Platform subscription.
- If issues persist, compare the affected user's permissions with those of an admin who can access the secrets.
- Identify the public IP addresses used by Power Apps that need to be whitelisted on the Azure Function App.
- Use Access Restrictions on the Function App to control inbound traffic.
- For outbound traffic, integrate the Function App with a Virtual Network and configure Network Security Groups (NSGs) to define allowed traffic.
- If using a Private Endpoint, ensure all required configurations are in place for inbound connectivity.
- If problems continue, capture and analyze network traces for further troubleshooting.
- Review and adjust connection policies in the Power Platform admin center to allow the required connections.
- If the issue is not resolved, gather detailed configuration information and error messages.
- Escalate to the appropriate internal teams for further investigation.
- Refer to relevant documentation or contact Microsoft support for additional assistance.
