Skip to content

Prerequisites

Requirements for deploying the Agent Access Governance Monitor solution.

PowerShell Requirements

Requirement Version Purpose
PowerShell 7.1+ Core runtime
Microsoft.PowerApps.Administration.PowerShell 2.0.180+ Power Platform queries
Microsoft.Graph 2.0+ Entra ID group queries (optional)

Installation

# Install Power Platform Admin module
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force -Scope CurrentUser

# Optional: Install Graph module for ELM zone lookup
Install-Module -Name Microsoft.Graph -Force -Scope CurrentUser

Permissions

Power Platform

The executing user/service principal must have one of: - Power Platform Admin role - Dynamics 365 Service Admin role - Global Admin role

Microsoft Graph (Optional - for ELM zone lookup)

Permission Type Purpose
Organization.Read.All Application Tenant configuration
Group.Read.All Application Admin exclusion groups

Dataverse (Phase 2+)

For Dataverse persistence features:

Role Environment Purpose
System Administrator Governance environment Schema deployment
Dataverse User Governance environment Runtime queries

Network Requirements

Endpoint Protocol Purpose
api.powerplatform.com HTTPS Power Platform API
api.bap.microsoft.com HTTPS Power Platform Admin
*.crm.dynamics.com HTTPS Dataverse (optional)

Environment Lifecycle Management (ELM) Integration

For zone classification via ELM, the ELM solution must be deployed with: - fsi_accessbaselines table containing zone classifications - Environment records linked to Power Platform environment GUIDs

Without ELM, zone classification falls back to naming convention matching.