App Insights for Power Platform - Part 3 - Canvas App Logging (Instrumentation key)

App Insights for Power Platform - Part 1 - Series Overview 

App Insights for Power Platform - Part 2 - App Insights and Azure Log Analytics 

App Insights for Power Platform - Part 3 - Canvas App Logging (Instrumentation key) (this post)

App Insights for Power Platform - Part 4 - Model App Logging

App Insights for Power Platform - Part 5 - Logging for APIM 

App Insights for Power Platform - Part 6 - Power Automate Logging

App Insights for Power Platform - Part 7 - Monitoring Azure Dashboards 

App Insights for Power Platform - Part 8 - Verify logging is going to the correct Log analytics

App Insights for Power Platform - Part 9 - Power Automate Licencing

App Insights for Power Platform - Part 10 - Custom Connector enable logging

App Insights for Power Platform - Part 11 - Custom Connector Behaviour from Canvas Apps Concern

Overview: Logging & monitoring for Canvas apps is done in two parts: App Insights, and using the Canvas app Monitor.  This post focuses on logging via App Insights.

Note: Once a solution that contains a Instrumentation key, they app logging key cannot be alter unless you make the environment have unmanaged layers.  You can use PowerCli and compose a new managed solution for each DTAP environment but it's a new compile for each environment.

Example:

In the annotated diagram below including a log snippet.  

1. Canvas App has an instrumentation key, the log captures the front end action

2. Calls to Dataverse & Power automate Flows are logged (relies on step 1)

3. Custom connector is calling an Azure Function (Function is logging to Log Analytics or app Insights),

4. the function logs into APIM and sends APIM a request (APIM logging is setup on the end points), and

5. APIM sends an outbound API request and captures the response (relies on step 4)

Note in this example I have Correlation tracking enabled on the Canvas App to get the full timeline, as shown below, it has been an experimental feature for a few years now.

When I turn off the Correlation, it is not as easy to trace items from start to finish.  All I get by default is the steps 3&4 data in my transaction search timeline.

All 5 pieces are still captured but the timeline has to be pieced together for tracing.

I would also enable the preview feature for logging as well as the experimental if the clients governance allows experimental features to be turned on.

Summary: Always add as many logging features as possible in Canvas Apps, think about where your logs go and also setup logging on Azure services to transaction can be traced.

App Insights for Power Platform - Part 1 - Series Overview 

App Insights for Power Platform - Part 2 - App Insights and Azure Log Analytics 

App Insights for Power Platform - Part 3 - Canvas App Logging (Instrumentation key) (this post)

App Insights for Power Platform - Part 4 - Model App Logging

App Insights for Power Platform - Part 5 - Logging for APIM 

App Insights for Power Platform - Part 6 - Power Automate Logging

App Insights for Power Platform - Part 7 - Monitoring Azure Dashboards 

App Insights for Power Platform - Part 8 - Verify logging is going to the correct Log analytics

App Insights for Power Platform - Part 9 - Power Automate Licencing

App Insights for Power Platform - Part 10 - Custom Connector enable logging (this post)

App Insights for Power Platform - Part 11 - Custom Connector Behaviour from Canvas Apps Concern

Microsoft Purview DLP Policies

Overview: Microsoft Purview allows a company to create end device DLP policies and push out to all client devices.

Create policies, and takes up to 2 hours to update end client devices and show on the "Device Monitoring" dashboard.  Client Analyser tool - check endpoint client devices are getting the latest policies, and can speed it up.  Device obviously has to be online to get the latest update.

WIP

Visual Studio App Center

Visual Studio App Center is an Azure/Microsoft Service for packaging and deploying mobile apps. "Visual Studio App Center lets you automate and manage the lifecycle of your iOS, Android, Windows, and macOS apps. Ship apps more frequently, at higher-quality, and with greater confidence." Microsoft Learning

Useful for Canvas apps that will be deployed via the stores or InTune to mobile user devices.

To login to the App Center go to https://appcentee.ms/apps (I logged in with an Azure Tenant admin account)

First create an Organisation, in the organisation you can create your mobile Apps for the Organisation.

Note: Max 2 new orgs per day.  I delete all my Orgs and was messing around to find i could not add anymore organisations.

Problem: I cannot create new organisation in the App Center and i get the error "You can not create more organizations at this time. Please try again later."

Hypothesis: I thought I had broken my tenant and tried repairing it with the AppCentre Cli, no joy.  Went to ms support and they immediately told me that a max of 2 new orgsanizations can be created per day.

"The limit for creating organizations is indeed 2 organization's per day, to prevent abuse by malicious actors. Now you have to wait 24 hours to create other 2 more organizations."

The error message could provide a clearer expalination.

Resolution: I'll wait until tonight as my 24 hour 2 org limit should be available in a few hours.

Wrap Feature of Canvas Apps for Android store deployment

Overview:  I am going to use the wrap feature for Canvas Apps to make a separate deployable package (apk) for Android devices.   Ensure you have setup the Wrap solution so the feature is available in each environment you deploy to.  

Tip: Wrap deployment has many nuances, I try take them away by have Admin on the Power Platform tenant and Azure.  Not ideal for enterprise client deployment.

Power Platform Setup:

There are a few ways to get to the wrap screens, here I click the vertical ellipses, and select "Wrap"

Walk thru the wizard as shown below, step 1, select the apps 

Step 2 - choose mobile platform

I need to disable signing to get Android/apk to build.  i.e. Under "Sign my app", turn it off.

Step 3 - Configure Branding

Step 4 Register a new app

Complete step 4 Register your app (ensure all boxes are ticked and green)

Step 5.  Manage Output - you need to get a Auth token by selecting the "Get App Center token" button and signing in (I'm a tenant admin and have AAD Admin rights)

Step 6. Build the App and wait to ensure it completes

Step 7. Verify Build

Step 8. Check you App Center

Note: On the Power Platform tenant, you may need to change configuration to allow third party apps.  I add this once per tenant i.e. not per mobile app on a tenant.  So i just need to to this once per DTAP env e.g. Production.

PS> Install-Module -Name Microsoft.PowerApps.Administration.PowerShell

PS> Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber

PS> Add-AdminAllowedThirdPartyApps -ApplicationId 84xx-xxx-xxx-xxx

Update: 1 Aug 2023: I can't get the build to work for pkgfiles and the wizard is returning multiple js errors during the process.  I delete my organisation, create new organisations and Apps.

Image. Cannot build apk package in app centre

Other: 
Deep link into Wrapped Canvas Apps Use deep links with wrapped native mobile apps - Power Apps | Microsoft Learn

Latency Metrics for API's

Overview:  More and more software is built on API's, we often need to know what are our slowest performing API's and how important are they.  Monitoring latency is how we determine performance and performance issues.  We need to know the fastest, most used, slowest, and average time to complete.  You need to look at all to get a full picture.  Latency metric let us know what percentage of monitoring metrics fall into a range.  

For instance, if you API end averages 1 seconds for all requests (10k) over an hour that sound okay, but if the majority of requests don't have data say 90%, and the slowest 10% of requests could be averaging 5 seconds.  Monitoring metric percentage take out the slowest % of performance requests and show the  faster performers, so in this scenario the slowest 10% of requests are excluded .  Often referrer to by the percentage as P90 i.e. 90%.  I use 95%/P95 normally but it's becoming more common to us 99%/P99 or even P99.9.

Use Postman to get your MFA Bearer token

Short recording to show how to get my Bearer token using my Microsoft AAP account.

Get MFA bearer token using postman

I used this post to help me: Authorizing requests overview | Postman Learning Center

Setup access for the Power Platform API using a Service Principal (secret)

 Overview: I had a hard time setting up my tenant to use the Power Platform API, so here are my notes.

1. Register a new App that will be the Service Principal (SP)

Open https://portal.azure.com and login, and open your Azure Active Directory (mine is Radimaging Ltd) > Click "App Registrations" > "New registration" > add the registration as shown below:

Click the "All applications" tab and verify that the SP has been created.  Click the application to go into it.  Mine is called "Power Platform SP".

2. Give the SP permissions to use the Power Platform API's

Click "API permissions" > "Add a permission" > select the tab "API's my organization uses", search for the "Power Platform API" ensure it has the Application(Client Id) of "8578...".  

    Optional: If the API does not show up, use Power Shell to add it. 

Add permissions.  These are the permissions I added:

Click the "Grant Admin consent for ..." I did this but not sure if it is needed.

I also change the authentication setting on the SP to "Allow public client flows"

3. Use postman to check you are generating the Access token