Triggering a Power Automate HTTP Trigger from External Applications For production environments, manually triggering a Power Automate flow via an HTTP trigger from external applications (.NET, React, or Agents Toolkit) requires Entra ID authentication if only users within the tenant can trigger it. If set to ‘anyone’ the Url of the workflow contains a sig parameter which is required to call the flow. This guide walks through the setup and testing process for only ‘any user in my tenant’.

Summary Error AADSTS650057 Invalid resource occurs when https://service.powerapps.com isn’t included in the app registration permissions for PnP.PowerShell. Fix by adding the Power Apps Service API with user delegated permission in Entra ID. Optional: add the permission through the app manifest with requiredResourceAccess. Symptom If https://service.powerapps.com from the entra ID used in PnP PowerShell is missing, you’ll see an error similar to: Get-PnPPowerApp: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client’s application registration.

When automating Copilot Studio agents or building custom integrations, you need to grant your Entra ID app registration the proper Power Platform API permissions. However, the Power Platform API often doesn’t appear in the standard API permissions list in the Azure Portal. This guide shows you how to enable the Power Platform API service principal and add the CopilotStudio.Copilot.Invoke permission to your app registration. Table of Contents The Problem Why Power Platform API is Missing Prerequisites Solution Overview Step 1: Verify Power Platform API Status Step 2: Enable Power Platform API Service Principal Step 3: Add API Permissions to Your App Step 4: Grant Admin Consent Alternative: Manual Manifest Configuration Verification Conclusion References The Problem While setting up automated testing for Copilot Studio agents using the Copilot Studio Kit (inspired by Matthew Devaney’s excellent video Copilot Studio Test Automation: STOP Testing Manually!

Certificate-based authentication is a secure method for connecting to SharePoint Online and Microsoft 365 services using service principals and automated scripts. This guide demonstrates two methods for generating self-signed certificates using PowerShell and how to use them with PnP PowerShell for SharePoint authentication. Table of Contents Why Use Certificate-Based Authentication? Prerequisites Method 1: Using New-SelfSignedCertificate Method 2: Using New-PnPAzureCertificate Locating Your Certificate Exporting Certificates Registering Certificate with Entra ID App Connecting to SharePoint with Certificate Best Practices Troubleshooting Conclusion References Why Use Certificate-Based Authentication?

Managing Entra ID (formerly Azure AD) app permissions across SharePoint sites is crucial for maintaining proper security governance. This guide demonstrates how to audit and revoke app permissions using PnP PowerShell, ensuring your SharePoint environment remains secure and compliant. Table of Contents Problem Statement Understanding the Challenge Prerequisites The Solution Script Breakdown Important Considerations References Problem Statement When managing Entra ID applications with SharePoint access (especially those using Sites.Selected permissions), you may need to: