[CoE Starter Kit - BUG] Failing to get Apps and Flows from some environments

[manigandan-dorairaj]

Does this bug already exist in our backlog?

• I have checked and confirm this is a new bug.

Describe the issue

The service account, which has the Power Platform Service Admin role, is encountering issues when running sync flows. Specifically, the sync flows fail to retrieve apps and flows from certain environments.

Observation:
We observed it works where the service account has the Environment's System Administrator role. However, this role assignment appears inconsistent across environments, as the service account was not manually added to the Environment's System Administrator role in those environments.

Unknowns:

1. The method by which the service account was assigned the Environment's System Administrator role in some environments but not others is unclear.
2. The discrepancy in role assignment needs to be understood and addressed.

Expected Behavior

We need to ensure that the service account can consistently retrieve apps and flows across all environments without manually adding it to the Environment's System Administrator role.

What solution are you experiencing the issue with?

Core

What solution version are you using?

4.32.2

What app or flow are you having the issue with?

Sync Helper Cloud Flows and Sync Helper Canvas Apps

What method are you using to get inventory and telemetry?

Cloud flows

Steps To Reproduce

Run Sync Flows

Anything else?

No response

AB#3813

[Jenefer-Monroe]

Hello likely you have been impacted by new product behavior that shipped recently around the way the product treats privileged roles (ex Power Platform Admin role, Global Admin role)

While there is a workaround we can put into the kit to fix this directly, we cannot ship it with the kit until the workaround is available in all regions. Hopefully for the August release.

The product change

Here is information about the product feature: Manage admin roles with Microsoft Entra Privileged Identity Management

How to check if this is the case

1. Validate the user running the flow has direct and permanent assignment to the Power Platform Admin role.
2. Take one of the target environments in your repro, one of the environments which is failing, and make sure the user running the flow has System Admin security role in that target environment.

How to address and More information

Please see #8119 for a write up on this change.
Included also is a workaround you can do until we can have it natively in the kit.

[manigandan-dorairaj]

@Jenefer-Monroe, thank you for the providing the update on the issue and upcoming fix. We will make use of the temporary workaround till we get confirmation about the fix inclusion in the starter kit.

[Jenefer-Monroe]

You are quite welcome.

[Jenefer-Monroe]

closing out as no further action for starter kit team