Share Canvas App With A Microsoft 365 Group In Power Apps
You can share a canvas app with a Microsoft 365 group along with any associated SharePoint lists. This makes granting access to an app quicker & easier. A user assigned to the group will automatically gain access to the app & lists at once. And it reduces errors because there is no chance you will forget to share the lists. In this article I will show you my method to simplify sharing for Sharepoint based Power Apps.
Table of Contents
• Introduction: The Cheque Requests App
• Determine The Microsoft 365 Security Group Name
• Get The Microsoft 365 Group Object ID From Azure
• Enable App Sharing For The Microsoft 365 Group
• Run The Power Automate Flow To Enable App Sharing
• Share The Canvas App With The Microsoft 365 Group
Introduction: The Cheque Requests App
Members of the Wright Construction Company use the Cheque Requests App to submit cheque requests to the Finance Department. When the app is shared with a members of the Finance Department the SharePoint list it uses to store data should also be shared.
The app is located in a Power Platform Environment which does not have a Dataverse database installed.
Determine The Microsoft 365 Security Group Name
SharePoint team sites have an associated Microsoft 365 Group. To share the canvas app with the same Microsoft 365 Group as the SharePoint list it uses, go to the list and select the gear icon at the top. Open the Site Permissions and select Site Members.
The Microsoft 365 Group name will appear at the top of the modal that appears. In this example, the Microsoft 365 Group name is WC Finance Department and it has two members: Matthew Devaney and Mary Baker.
Get The Microsoft 365 Group Object ID From Azure
The next step is to retrieve the Microsoft 365 Group Object Id. The reason we are doing this is to enable the group for app sharing. Login to portal.azure.com and go to the Groups service.
Search for the group name. The object id will appear beside it.
Enable App Sharing For The Microsoft 365 Group
The Microsoft 365 group WC Finance must be enabled for app sharing before we can use it to share the Cheque Request app. If we try to try type the group name in the sharing menu nothing appears.
To do this, open Power Automate and build this flow. It uses the Microsoft 365 Groups – Send an HTTP Request action to update the WC Finance team. It locates the Microsoft 365 group by its ObjectId and then changes the group’s securityEnabled setting to true. Then in the second HTTP request it gets the group details so we can confirm the securityEnabled setting was turned on.
Send An HTTP Request V2- PATCH
URI
https://graph.microsoft.com/v1.0/groups/@{variables('varSecurityGroupObjectId')}
Method
PATCH
Body
{"securityEnabled": true}
Content-Type
application/json
Send An HTTP Request V2- GET
URI
https://graph.microsoft.com/v1.0/groups/@{variables('varSecurityGroupObjectId')}
Method
GET
Content-Type
application/json
Run The Power Automate Flow To Enable App Sharing
Execute the flow to update the securityEnabled setting for the Microsoft 365 group. After the flow run we can inspection the HTTP GET Request to see that securityEnabled has a value of true.
Share The Canvas App With The Microsoft 365 Group
Now that the security enabled setting is turned on we can share the canvas apps with the Microsoft 365 group. Go to the maker portal, find the app and navigate to the sharing menu.
Type the Microsoft 365 group name in the search box. The group WC Finance Department now appears.
Select the Microsoft 365 Group and press the Share button. The canvas app and its associated SharePoint list is now shared with all members of the group.
Did You Enjoy This Article? 😺
Subscribe to get new Power Apps & Power Automate articles sent to your inbox each week for FREE
Questions?
If you have any questions or feedback about Share Canvas App With A Microsoft 365 Group In Power Apps please leave a message in the comments section below. You can post using your email address and are not required to create an account to join the discussion.
Thank you, this is immensely helpful to me!
You’re welcome Brian 🙂
Thanks Matthew, very useful.
Dilip,
I’m glad you liked it.
Hi, first of all thank you for the content, it looks very valuable. I have a question to know if this solution covers my needs, is it possible to store confidential information in the sharepoint list? I mean, the user can use the canvas app to access information specific to him and can also add information to the list via forms. But is it possible to do this and then not have access to other users’ information that is also stored in the list? Is it possible that users have permissions to use the list in the app but can not enter it and see the content?
Thank you very much, best regards!
Titto,
You can configure a SharePoint list to show a user only records they have created. Check my article in it by following this link: https://www.matthewdevaney.com/3-ways-to-filter-a-power-apps-gallery-by-the-current-user/#Option-3:-Change-Item-Level-Permissions-in-SharePoint-List-Settings
Hi Matthew,
O365 groups have Owners and Members. Do you know if it is possible to query membership of these roles in the Power App? Or am I better off using O365 Security Groups if I need the app adapt to a user’s role?
Brilliant as always, thanks for sharing the steps! A question occurred to me while reading – does the connection for the http request steps require elevated permission in Azure to perform the update?
Corey,
Depends on whether the org has disabled it. Can only be determined through testing inside the target tenant.
Always very helpful stuff that you publish Matt. Thanks. It is a great idea to use M365 groups.
Just as an FYI, I use PowerShell rather than create a flow to configure it.
I look at the group settings with:
Get-AzureAdGroup -ObjectId | select *
Then update the securityEnabled setting with:
Set-AzureAdGroup -ObjectId -SecurityEnabled $True
The process you outlined looks to be way simpler to share with my department vs teaching them PowerShell to accomplish it. Even though I can run the PS commands to security enable a M365 group, I cannot get the Flow to work, it just hangs (and retries) and spins in circles at the first Send an HTTP Request V2. Any idea on what I can do to troubleshoot?
Chris,
Is there any error message that you are getting on the retries?
This is the error message I received after about 21 minutes of retries
“Object reference not set to an instance of an object.”
I am positive I am using the correct object ID and have copied the URI you provided correctly.
https://graph.microsoft.com/v1.0/groups/“objectID”
Thanks for your reply!
What about external users in an Azure security group with possibly no power apps plan? Love your blogs btw! Very helpful.
Metadawn,
External users will have the same licensing requirements as internal users. The organization will need to assign them a license.
Hey, Matthew, your articles are so useful for me, thank you and i have some error , please help me
Batuna,
You require elevated privileges to use the Graph API and your organization is restricting you in some way.
It is not only the securityEnabled property that must be true, but also maiEnabled, otherwise you will not be able to find the group in the search box on the share page.
Thiago,
Good point!