Blog

Admin - How to quarantine or block all users from running a specific app

There is now a preview feature that enables app builders to block all users from opening and running an app. This post describes how to use this feature.

There are often times where we want to block all users from opening a specific app, and there is now a preview feature that enables us to carry out this task by quarantining apps via PowerShell. This post walks through this process.

For reference, the link to the full Microsoft documentation is here:

Why block or quarantine an app?

Why would we want to block the user from running a specific app? Possible use case scenarios could include:

  • Occasions when we discover a bug with one of our apps and we want to temporarily stop all users from using the app whilst we develop a fix.
  • Where we have an app that's no longer in use - for example, a registration app for events. By quarantining an app, we can prevent users from using the app, but still easily bring it online again at a future point in time.
  • If we have an app that integrates or relies on other services, we can briefly quarantine an app if there are outages with external dependent services.

How to install the PowerShell Cmdlets

At present, we can only block or quarantine apps through PowerShell. Therefore, the first step is to install the Power Apps cmdlets. To do this, we start PowerShell as an administrator and run the following commands: 

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
If we've installed the Power Apps cmdlets in the past, we can force an update to the latest version (2.0.133 at the time of writing) by specifying the 'Force' argument:
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force
The official documentation with full installation instructions is here:


Once we install the Cmdlets, we can open PowerShell and login to our Power Apps environment. Here's the command to authenticate to an environment. This will open a separate window that prompts for our AAD authentication details.

Add-PowerAppsAccount

How to block/quarantine an app

To quarantine an app, we need 2 bits of information - the App ID, and the name of the environment that hosts the app.

We can determine the environment name by inspecting the address of the Maker Portal. Note that the environment name isn't necessarily an exact GUID. With the default environment in this example, notice how the GUID is prefixed with the value "Default-".


To find the app ID, we can open the details of the target app in the Maker Portal.



From PowerShell, we can then block or quarantine an app by running the following command:
Set-AppAsQuarantined -EnvironmentName <EnvironmentName> -AppName <AppName>
When the command runs successfully, the cmdlet returns the message 'Quarantined' (shown beneath).



When any user now attempts to run or play a quarantined app, the following message will appear. Note that app makers can still continue to edit the app as normal in Power Apps Studio.



How to unblock/un-quarantine an app

To un-quarantine an app, we would run the following command:
Set-AppAsUnquarantined -EnvironmentName <EnvironmentName> -AppName <AppName>
When the command runs successfully, the cmdlet returns the message 'Unquarantined' (shown beneath) and all users will be able to run/play the app again.


Conclusion

It can be very useful to prevent all users from accessing an app for use cases such as fixing bugs, maintenance, or administrative purposes. We can accomplish this by quarantining an app with PowerShell, and this post walked through the steps to carry out this task.
Related posts