Automate Vnet injection for power platform

Question

Hey,

I want to automate the procedure of creating network resources and running the injection script from:

https://github.com/microsoft/PowerApps-Samples/blob/master/powershell/enterprisePolicies/SubnetInjection/NewSubnetInjection.ps1

this scripts eventualy calls GetEnvironmentFromBAP which uses InvokeApi (Microsoft.PowerApps.Administration.PowerShell).

When authenticating with my user I get my environmnet,

When using spn I get 404 (env not found in tenant)

The SPN has my exact roles and permissions over azure and power platform - Auth and permissions problems produced different errors.

When using powershell module to get the auth and get the ENV details it works with both creds.

What am I doing wrnog ?

Is there another way to link\unlink injection ?

Answer 1

Dear Team,

Your situation suggests that the SPN (Service Principal Name) is authenticated properly but is missing necessary context or permissions in the Power Platform (Dataverse) environment even though it has similar roles in Azure.

Even though your SPN has Azure roles and permissions, Power Platform (Dataverse) access is not automatically granted. Environments in Power Platform must explicitly include the SPN as a user with correct security roles inside the environment.

✔️ Check & Fix:

• Go to Power Platform Admin Center.
• Navigate to the Environment you're trying to access.
• Under "Settings" > "Users + permissions" > "Users", make sure your SPN (App registration) appears.
• If not:
  • Add it manually, or
  • Trigger a login/API call using that SPN against Dataverse API (https://<env>.crm.dynamics.com/api/data/v9.1/) to get it registered.
• Once registered, assign it an appropriate security role, e.g., Environment Maker, System Administrator, or a custom role with required privileges.

If you have any question feel free to ask me

Best Regards,