Important upcoming changes and deprecations in Power Apps portals
The announcements for changes and deprecations described in this article apply to Power Apps portals.
Makers, developers, and IT pros can use this information to prepare for future releases.
Deprecated means that we intend to remove the feature or capability from a future major release. The feature or capability will continue to work and is fully supported until it's officially removed. This deprecation notification can span a few months or years. After it's removal, the feature or capability no longer work. This notice is to allow you sufficient time to plan and update your code before the feature or capability is removed.
Controlling site visibility changes in Power Pages
Starting October 2022 with website version 9.4.9.xx, any new site created in Power Pages or Power Apps portals will be private by default. Only makers or people in the organization granted permission by makers will have website access, making Power Pages sites secure. This feature will provide another layer of security using Azure Active Directory authentication to prevent accidental leaks of partially developed website data and design. When a website is ready to go-live, the site visibility can be changed to public making it accessible to everyone over the internet anonymously or secured with identity providers.
At launch, users with the system administrator role along with service admins will by default have privilege to change site visibility status (private to public or vice versa).
All system administrators being able to change the site visibility will only be for a certain duration after which service admins will need to explicitly specify whether all system administrators are allowed to change site visibility. However, admins can grant or revoke the privilege of changing site visibility status for system administrators at tenant level by running a PowerShell script. Additionally, to provide granular control on who can change the site visibility status, admins can delegate the permissions to specific System administrators in certain Azure Directory security groups.
OAuth 2.0 implicit grant flow within your portal
The authorize endpoint, token endpoint using GET request, and using the default certificate for OAuth 2.0 implicit grant flow is deprecated. No action is needed for newly created portals or for existing portals that don't use this feature. If you're already using this feature, you need to use the token endpoint POST request to get a secure access token to authorize the external APIs.
List OData feed
Starting October 2022, newly provisioned portals won't able to use list OData features.
Portal content editor
Starting June 2022, the portal content editor tool to design your website is deprecated. We recommend using Power Apps portals Studio to edit the portal.
This feature will be removed by April 2023.
Portals search using Lucene.NET search
Starting with website version 9.4.4.xx, portal search uses Dataverse search as a default search provider for all new portals. Lucene.NET search is deprecated; however, existing portals that use Lucene.NET search won't be affected. We recommend that users migrate to Dataverse search. Enable Dataverse search for existing portal by setting the Search/EnableDataverseSearch site setting to true.
All existing customers who use Lucene.NET search must migrate to Dataverse search by October 2023.
Content Delivery Network for US Government
|Power Apps portals version||Content Delivery Network URL|
|Government Community Cloud (GCC)||
|Power Apps Department of Defense||
Table permission changes for forms and lists on new portals
Also, with the same release, lists on all portals (new or existing) that have list OData feeds enabled will require that the appropriate table permissions be set up for the feed on these lists to work.
The changes described above also apply to portals converted from trial to production.
To configure anonymous access explicitly, use proper table permissions and web role set up instead.
SameSite mode changes
Starting with portals version 9.3.6.x, makers can mark SameSite mode as Strict for all portal cookies where applicable.
With this change, we're adding a new website setting to control the SameSite mode for all cookies, configurable to the level of specific cookies.
|Site setting name||Scope||Possible value|
|HTTP/SameSite/Default||Global, for all cookies.||None
The default value for all existing and newly provisioned portals is None.
To learn how to configure site settings for portals, go to Configure site settings for portals.
Tracking for webpage, web file, and login
Starting with portals version 9.3.4.x, the following functionality has been retired:
Submit and view feedback for