From 05aed3edaf40b0760837006a71470886027abf94 Mon Sep 17 00:00:00 2001 From: Matt Townsend Date: Thu, 19 Mar 2026 10:12:15 -0400 Subject: [PATCH 1/2] Add 6 new articles for NPS recovery doc improvements New troubleshooting and reference content targeting top NPS pain points: - troubleshoot-flow-errors.md: Error resolution landing page (450+ NPS mentions) - fix-connection-failures.md: Connection troubleshooting decision tree (150+ mentions) - error-reference.md: Top 20 error codes with causes and fixes - expression-cookbook.md: 30 real-world expression patterns - copilot-in-cloud-flows-tips.md: Honest Copilot guidance (what works, what doesn't) - classic-vs-modern-designer.md: V1 vs V3 designer comparison and migration guide TOC updated with new articles in Troubleshoot, Copilot, expressions, and designer sections. Evidence: C+E Skilling PBI shows 59% of PA docs are stale, 98% are Concepts with almost no troubleshooting content. NPS verbatim analysis: debug 450+, connections 150+, copilot 400+, expressions 245+ mentions. Co-Authored-By: Claude Opus 4.6 (1M context) --- articles/TOC.yml | 12 + articles/classic-vs-modern-designer.md | 137 +++++++ articles/copilot-in-cloud-flows-tips.md | 159 ++++++++ articles/error-reference.md | 490 ++++++++++++++++++++++++ articles/expression-cookbook.md | 400 +++++++++++++++++++ articles/fix-connection-failures.md | 176 +++++++++ articles/troubleshoot-flow-errors.md | 138 +++++++ 7 files changed, 1512 insertions(+) create mode 100644 articles/classic-vs-modern-designer.md create mode 100644 articles/copilot-in-cloud-flows-tips.md create mode 100644 articles/error-reference.md create mode 100644 articles/expression-cookbook.md create mode 100644 articles/fix-connection-failures.md create mode 100644 articles/troubleshoot-flow-errors.md diff --git a/articles/TOC.yml b/articles/TOC.yml index 5abe0a490..b8feeac5e 100644 --- a/articles/TOC.yml +++ b/articles/TOC.yml @@ -29,6 +29,8 @@ items: - name: Explore the cloud flows designer href: flows-designer.md + - name: Classic designer vs. modern designer + href: classic-vs-modern-designer.md - name: Create your first cloud flow using Copilot href: create-cloud-flow-using-copilot.md - name: Create your first cloud flow without Copilot @@ -45,6 +47,8 @@ href: multi-step-logic-flow.md - name: Copilot in cloud flows FAQ href: faq-copilot-cloud-flows.yml + - name: Get the most from Copilot in the designer + href: copilot-in-cloud-flows-tips.md - name: How to items: - name: Use generative actions (preview) @@ -67,6 +71,8 @@ href: use-expressions-in-conditions.md - name: Create and edit expressions with Copilot expression assistant (preview) href: expressions-copilot.md + - name: Expression cookbook for cloud flows + href: expression-cookbook.md - name: Store and manage values in variables href: create-variable-store-values.md - name: Manage sensitive input like passwords @@ -136,6 +142,12 @@ displayName: Monitor flow activity on mobile devices - name: Troubleshoot a cloud flow href: fix-flow-failures.md + - name: Troubleshoot cloud flow errors + href: troubleshoot-flow-errors.md + - name: Fix connection failures in cloud flows + href: fix-connection-failures.md + - name: Cloud flow error code reference + href: error-reference.md - name: Find and fix errors with flow checker href: error-checker.md - name: Automated cloud flows diff --git a/articles/classic-vs-modern-designer.md b/articles/classic-vs-modern-designer.md new file mode 100644 index 000000000..7df2eef0c --- /dev/null +++ b/articles/classic-vs-modern-designer.md @@ -0,0 +1,137 @@ +--- +title: Classic designer vs. modern designer for cloud flows - Power Automate +description: Compare the V1 classic and V3 modern flow designers, learn when to use each, and find workarounds for known issues. +author: matow +ms.author: matow +ms.reviewer: +ms.topic: conceptual +ms.date: 03/19/2026 +ms.subservice: cloud-flow +--- + +# Classic designer vs. modern designer for cloud flows + +Power Automate has two flow designers. This guide explains the differences, when to use each, and what to expect going forward. + +## Which designer am I using? + +### V1 (Classic designer) + +- Horizontal left-to-right layout with actions arranged in a linear flow +- Blue header bar with the flow name +- Actions appear as compact rectangles connected by arrows +- The "New step" button is at the bottom of the flow +- Condition branches spread horizontally (left = Yes, right = No) + +### V3 (Modern designer) + +- Vertical top-to-bottom card layout +- Gray/white header with a Copilot panel on the right side +- Actions appear as larger cards with expandable sections +- The **+** button appears between actions to insert new steps +- Condition branches stack vertically +- A Copilot chat panel is visible (or can be toggled) on the right side of the canvas + +> [!TIP] +> Not sure which designer you're in? Look at the top-right corner. V3 has a toggle or link that says **Switch to classic designer**. If you see that, you're in V3. + +## What V3 does better + +**Copilot integration.** V3 includes an AI assistant panel that helps you build and modify flows using natural language. You can describe what you want ("send an approval when a new file is uploaded") and get a starting flow. For tips on getting the best results, see [Get the most from Copilot in Power Automate designer](copilot-in-cloud-flows-tips.md). + +**Modern action cards.** Actions display more information at a glance. You can see input values, dynamic content references, and configuration status without selecting each action. + +**Inline testing panel.** The test pane is integrated into the designer rather than opening a separate page. You can trigger a test run and see results without navigating away. + +**Expression editor with autocomplete.** The expression editor in V3 offers function autocomplete and parameter hints. V1's expression editor is a plain text box. + +**Better mobile and narrow-window experience.** The vertical layout adapts to smaller screens. V1's horizontal layout requires horizontal scrolling on narrow windows. + +**Future investment.** All new designer features ship to V3 only. V1 receives security and critical bug fixes but no new capabilities. + +## What V1 still does that V3 doesn't + +> [!NOTE] +> We want to be straightforward about this. V3 has gaps, and pretending otherwise doesn't help anyone. + +**Copy-paste actions across browser tabs.** In V1, you can copy an action from one flow (in one browser tab) and paste it into another flow (in another tab). V3 doesn't support cross-tab clipboard operations. You can copy-paste within the same flow in V3, but not across tabs or across flows. + +**Deep nesting without visual issues.** V1 handles deeply nested conditions (4+ levels) and for-each loops without collapsing. V3 can struggle visually with deeply nested structures. Branches may overlap or become difficult to navigate past depth 3. + +**Large flow editing performance.** Some users with large flows (50+ actions) report that V1 feels faster. V3 can consume more browser memory on complex flows. Performance improvements for V3 are in progress. + +**Certain legacy on-premises gateway configurations.** A small number of on-premises data gateway connector configurations that were set up in V1 may display differently or require reconfiguration in V3. If you use on-premises gateways configured years ago, test in V3 before fully switching. + +**Familiarity.** If you've been building flows for years in V1, your muscle memory and workflows are optimized for its layout. That's a real cost to switching, and it's okay to acknowledge it. + +## Known V3 issues and workarounds + +These are issues we hear about most frequently. We're working on fixes. + +### Complex flows collapse all branches on open + +**Issue:** When you open a flow with multiple conditions, for-each loops, or switch cases, V3 collapses all branches by default. You see a wall of collapsed blocks and have to select each one to find what you're looking for. + +**Workaround:** Look for an **Expand all** option in the toolbar or right-click menu. If it's not available, you need to select each branch to expand it. Consider using the search function (Ctrl+F in some versions) to jump to a specific action by name. + +### Save sometimes fails silently + +**Issue:** You select Save, but the changes don't persist. The next time you open the flow, your edits are gone. In some cases the browser may become unresponsive during save. + +**Workaround:** After selecting Save, wait for the explicit save confirmation message (a green banner or notification). If you don't see it, try saving again. If the browser becomes unresponsive, wait rather than closing the tab. Closing may lose your changes. + +> [!TIP] +> For critical edits, copy your expression text to a separate text file before saving. If the save fails, you can re-enter it without rewriting from memory. If saves consistently fail on a specific flow, try opening it in V1 (see [How to switch between V1 and V3](#how-to-switch-between-v1-and-v3)) and saving there, then returning to V3. + +### Expression editor can be slow on very large flows + +**Issue:** Opening the expression editor on flows with many actions (50+) or many dynamic content references can cause a noticeable delay (several seconds) before the editor is responsive. + +**Workaround:** Write complex expressions in a text editor first (Notepad, VS Code, and similar), then paste them into the expression editor. This avoids repeated typing in a slow editor. + +### Comments feature may interfere with save + +**Issue:** In some cases, adding or editing comments on flow actions can cause save errors. + +**Workaround:** If you experience save failures after adding comments, try removing the comments and saving again. If the flow saves successfully without comments, the comments feature may be the issue. Re-add comments one at a time to isolate which comment causes the problem. + +## How to switch between V1 and V3 + +### From V3 to V1 (Classic) + +1. Open your flow in V3 (the default editor). +1. Look for a link or toggle labeled **Switch to classic designer** in the top-right area of the designer. +1. Select it. The page reloads in V1. + +Alternatively, in the flow URL, look for the `v3` parameter and remove it, or append `&useClassicDesigner=true` to the URL. + +### From V1 to V3 (Modern) + +1. Open your flow in V1. +1. Look for a banner at the top of the designer that says **Try the new designer** or a toggle for the modern designer. +1. Select it. The page reloads in V3. + +### Availability notes + +- **New flows** created from the portal default to V3 in most environments. +- **Existing flows** may open in V1 or V3 depending on your environment settings and when the flow was last edited. +- **Admin controls:** Tenant administrators can set the default designer version for their environment through Power Platform admin center settings. +- Both designers work on the same underlying flow definition. Switching between V1 and V3 doesn't change your flow logic or break anything. It's purely a UI change. + +## When will V1 be retired? + +V1 (Classic Designer) is in **maintenance mode**. It receives security updates and critical bug fixes, but no new features are being developed for it. + +V3 (Modern Designer) is where all future investment goes. The specific parity gaps listed earlier in this article are being addressed. + +> [!IMPORTANT] +> There's no announced retirement date for V1. When a timeline is set, it will be communicated well in advance so you can prepare. Your existing flows built in V1 continue to work regardless of which designer you use to edit them. The flow runtime doesn't depend on the designer version. + +If V1 works for you today, you don't need to switch immediately. When the remaining V3 gaps are closed, we'll share migration guidance and a timeline. + +## See also + +- [Get the most from Copilot in Power Automate designer](copilot-in-cloud-flows-tips.md) +- [Troubleshoot cloud flow errors](troubleshoot-flow-errors.md) +- [Expression cookbook for cloud flows](expression-cookbook.md) +- [Cloud flow designer overview](/power-automate/flows-designer) diff --git a/articles/copilot-in-cloud-flows-tips.md b/articles/copilot-in-cloud-flows-tips.md new file mode 100644 index 000000000..701cde650 --- /dev/null +++ b/articles/copilot-in-cloud-flows-tips.md @@ -0,0 +1,159 @@ +--- +title: Get the most from Copilot in Power Automate designer - Power Automate +description: Learn what Copilot can and can't do in the flow designer, with prompt patterns that work and tips for better results. +author: matow +ms.author: matow +ms.reviewer: +ms.topic: how-to +ms.date: 03/19/2026 +ms.subservice: cloud-flow +--- + +# Get the most from Copilot in Power Automate designer + +Copilot in Power Automate designer helps you build and modify flows using natural language. This guide covers what works well today, what doesn't, and how to get the best results. + +## What Copilot can do today + +Copilot works best when you give it clear, scoped instructions for modifying your flow. It can: + +- **Add actions to your flow.** Ask Copilot to insert a specific action at a specific point. It understands the action catalog and can configure common parameters. +- **Modify existing actions.** Change trigger schedules, update conditions, swap out connectors, or adjust action settings. +- **Explain what a flow does.** Select a flow and ask Copilot to walk through the logic step by step. This is especially useful for flows you inherited from someone else. +- **Suggest next steps.** After adding a trigger, Copilot can recommend a logical next action based on common patterns. +- **Help with simple expressions.** Copilot can write basic expressions like `formatDateTime()`, `concat()`, string manipulation, and simple conditionals. It handles one-liners well. +- **Add parallel branches and error handling.** Ask Copilot to add a parallel branch with "Configure run after" settings for failure notification patterns. +- **Generate scope blocks.** Copilot can wrap actions in a Try/Catch pattern using Scope actions with run-after configuration. + +## What Copilot can't do yet + +Being upfront about limitations saves you time. Copilot currently can't: + +- **Debug runtime errors.** Copilot doesn't have access to your flow's run history, error logs, or execution context. It can't see why a specific run failed. +- **Read your data.** Copilot doesn't query your SharePoint lists, Dataverse tables, SQL databases, or any live data source. It can't validate that a column name exists or a value is correct. +- **Fix connection issues.** Expired tokens, permission errors, and gateway problems are outside Copilot's scope. These require manual re-authentication or admin action. +- **Reliably modify complex nested logic.** Deeply nested conditions, multiple levels of Apply to Each, or Switch statements with many branches can produce unexpected results. Break these into smaller requests. +- **Understand cross-flow dependencies.** If your flow calls a child flow or depends on another flow's output, Copilot treats each flow in isolation. +- **Generate complex expressions.** Multi-function nested expressions, XPath queries, or expressions referencing dynamic content from several steps back are often incorrect or incomplete. + +> [!NOTE] +> These limitations are temporary. The product team is actively working on giving Copilot access to run history and error context. + +## Prompt patterns that work + +Specific, single-purpose prompts get the best results. Here are patterns that consistently work well. + +### Adding actions + +> "Add a condition after the Get Items action that checks if the Status column equals 'Approved'." + +> "Add a Send Email (V2) action after the approval step. Set the To field to the RequestorEmail variable and the subject to 'Your request was approved'." + +### Modifying existing steps + +> "Change the trigger to run every Monday at 9:00 AM Pacific Time." + +> "Update the condition to also check if the Priority field is 'High' using an OR operator." + +### Explaining flows + +> "Explain what this flow does step by step." + +> "What happens when the condition on the Apply to Each is false?" + +### Error handling + +> "Add error handling to the HTTP action. If it fails, send me an email with the error details and then terminate the flow as failed." + +> "Wrap the SharePoint actions in a Scope with a parallel Scope that runs on failure and posts to our Teams channel." + +### Expressions + +> "Write an expression that formats today's date as YYYY-MM-DD." + +> "Create an expression that gets the file extension from the FileName field." + +## Prompt patterns that don't work well + +These prompt styles produce poor results. Avoid them. + +### Too vague + +> "Fix my flow." + +Copilot doesn't know what is wrong. It can't see errors, and "fix" could mean anything. Instead, tell Copilot exactly what you want changed. + +### Asking to debug runtime errors + +> "Why did my flow fail at 3pm yesterday?" + +> "Debug this error: 'The requested operation is invalid.'" + +Copilot has no access to run history or error logs. For debugging, see [When to use external AI](#when-to-use-external-ai-chatgpt-claude-gemini) later in this article. + +### Multi-step instructions in one message + +> "Add a trigger for when a SharePoint item is created, then get the item details, check if the status is approved, send an email to the manager, wait for approval, update the item, and post to Teams." + +Break this into individual requests. Give one instruction, confirm the result, then give the next. Copilot handles single steps reliably but loses accuracy across long chains. + +### Asking about your specific data + +> "What columns does my SharePoint list have?" + +> "Is the email address in my Dataverse contact table valid?" + +Copilot can't query your data sources. Check your data directly, then tell Copilot the exact field names to use. + +## When to use external AI (ChatGPT, Claude, Gemini) + +For some tasks, general-purpose AI tools are more effective today. This will change as Copilot gains more context, but for now: + +**Use external AI for debugging error messages.** Copy the full error message from your failed run and paste it into ChatGPT, Claude, or Gemini. Include: + +- The error message and status code +- The action type that failed (HTTP, SharePoint, SQL, and similar) +- What you expected to happen + +External AI tools have broad knowledge of API error codes and can often identify the root cause immediately. + +**Use external AI for complex expressions.** If you need a nested expression combining multiple functions, external AI tools often produce more accurate results. Paste the fields you're working with and describe the desired output. Then paste the generated expression back into Power Automate. + +> [!TIP] +> For a library of ready-to-use expressions, see [Expression cookbook for cloud flows](expression-cookbook.md). Many common patterns are covered there without needing any AI tool. + +**Use external AI for flow design advice.** Describe your business process and ask for an architecture recommendation. External tools can suggest patterns like parent/child flows, error handling strategies, and retry logic. + +**Use external AI for connector-specific questions.** If you need to know the exact JSON format for an HTTP request body, or the OData filter syntax for SharePoint, external AI tools have deep reference knowledge. + +> [!NOTE] +> This isn't a reflection of Copilot's quality. It's a reflection of scope. Copilot is optimized for in-context flow editing. External tools are optimized for broad knowledge retrieval. Use both. + +## Tips for better results + +1. **Be specific.** Name the action, the field, and the value. "Add a Condition that checks if `Status` equals `Approved`" beats "add a check for approval." + +1. **One request per message.** Copilot performs best with focused, single-purpose instructions. Add the action, confirm it looks right, then move on. + +1. **Use action verbs.** Start your prompt with "Add," "Change," "Remove," "Explain," or "Move." These map directly to operations Copilot can perform. + +1. **Include field names and values.** Don't make Copilot guess. If you know the column is called `EmployeeEmail`, say so. + +1. **Review before you save.** Always check what Copilot generated before saving. Open the action it created and verify the parameters, especially dynamic content references. + +1. **Iterate in small steps.** Build your flow incrementally. Add the trigger, verify it. Add the first action, verify it. This catches issues early and keeps Copilot's context clean. + +1. **Use Copilot's explain feature to validate.** After Copilot modifies your flow, ask it to explain what the flow does. Compare its description to your intent. This catches misunderstandings before they become runtime errors. + +1. **Save your flow before major Copilot edits.** If Copilot produces an undesirable change, you can revert to your last saved version. Treat saves as checkpoints. + +> [!TIP] +> If Copilot produces an unexpected result, undo it and try rephrasing your request with more specific details. Shorter, more focused prompts almost always work better than long, multi-part instructions. + +## See also + +- [Get started with Copilot in cloud flows](/power-automate/get-started-with-copilot) +- [Expression cookbook for cloud flows](expression-cookbook.md) +- [Troubleshoot cloud flow errors](troubleshoot-flow-errors.md) +- [Cloud flow error code reference](error-reference.md) +- [Classic designer vs. modern designer](classic-vs-modern-designer.md) diff --git a/articles/error-reference.md b/articles/error-reference.md new file mode 100644 index 000000000..1fc9c5384 --- /dev/null +++ b/articles/error-reference.md @@ -0,0 +1,490 @@ +--- +title: Cloud flow error code reference - Power Automate +description: Troubleshoot the top 20 Power Automate cloud flow errors with causes, fixes, and quick reference table. +author: matow +ms.author: matow +ms.reviewer: +ms.topic: reference +ms.date: 03/19/2026 +ms.subservice: cloud-flow +--- + +# Cloud flow error code reference + +Troubleshoot the most common errors in Power Automate cloud flows. Each entry explains what the error means, why it happens, and how to fix it. + +> [!NOTE] +> This reference applies to all Power Automate cloud flow license tiers. For errors specific to desktop flows, see [Troubleshoot desktop flow errors](/power-automate/desktop-flows/troubleshoot). + +## Design-time errors + +These errors occur when you save, validate, or publish a flow. + +### InvalidTemplate + +**What it means**: The flow definition contains a syntax error in an expression or action configuration. + +**Common causes**: + +- Unmatched parentheses or quotes in an expression +- Referencing an action output that doesn't exist (typo in action name) +- Using a function with the wrong number of arguments +- Copy-pasting expressions from documentation that includes invisible Unicode characters + +**How to fix**: + +1. Open the action highlighted in red in the designer. +1. Check the expression in the formula bar. Look for unmatched `(` `)` or `'` characters. +1. Verify action names in expressions match exactly (case-sensitive): `outputs('Get_item')` not `outputs('Get Item')`. +1. If the expression looks correct, delete it and retype it manually to remove hidden characters. + +> [!TIP] +> Action names in expressions use underscores instead of spaces. If your action is named "Get item", the expression reference is `outputs('Get_item')`. + +**Related**: [ExpressionEvaluationFailed](#expressionevaluationfailed), [FlowCheckerError](#flowcheckererror) + +### FlowCheckerError + +**What it means**: The flow checker found one or more validation issues that prevent saving. + +**Common causes**: + +- A required field is empty in one or more actions +- A connection isn't selected for a connector action +- An expression references a dynamic content value from a parallel branch (not guaranteed to exist) +- Trigger inputs are incomplete + +**How to fix**: + +1. Select the error banner at the top of the designer to see the full list of issues. +1. Select each error to navigate to the affected action. +1. Fill in required fields, fix broken expressions, and select connections. +1. Save again. The checker runs automatically on save. + +**Related**: [InvalidTemplate](#invalidtemplate), [MissingRequiredProperty](#missingrequiredproperty) + +### DuplicateActionName + +**What it means**: Two or more actions in the flow have the same internal name. + +**Common causes**: + +- Copy-pasting an action without renaming it +- Importing a flow definition that was manually edited with duplicate keys +- Renaming an action to a name already used by another action in the same scope + +**How to fix**: + +1. Search the flow for actions with identical names (check inside Apply to Each and Scope containers too). +1. Rename one of the duplicates. Select the **...** menu on the action, then select **Rename**. +1. Update any expressions that reference the renamed action: `outputs('Old_Name')` to `outputs('New_Name')`. + +**Related**: [InvalidTemplate](#invalidtemplate) + +### MissingRequiredProperty + +**What it means**: A required input field on an action or trigger is empty. + +**Common causes**: + +- Adding a connector action but not completing the configuration +- Dynamic content token that resolved to empty was used in a required field +- Flow imported from a solution where environment variables aren't set + +**How to fix**: + +1. Open the action flagged with the error. +1. Look for fields marked with a red asterisk (*) that are blank. +1. Fill in the required value, either with static text or a dynamic content token. +1. For solution flows, check that all environment variables have values in the target environment. + +**Related**: [FlowCheckerError](#flowcheckererror) + +## Runtime expression errors + +These errors occur when a flow runs and an expression can't be evaluated. + +### ExpressionEvaluationFailed + +**What it means**: An expression failed to evaluate at runtime, usually due to unexpected data types or null values. + +**Common causes**: + +- Calling `int()` on a string that isn't a number (for example, `int('abc')`) +- Accessing a property on a null object (`outputs('Get_item')?['body/title']` when Get_item returned nothing) +- Date format mismatch in `formatDateTime()` or `parseDateTime()` +- Division by zero + +**How to fix**: + +1. Open the failed run and select the failed action to see the expression and input values. +1. Wrap risky expressions with null checks: `if(empty(triggerBody()?['value']), 'default', triggerBody()?['value'])`. +1. Use `coalesce()` to provide fallback values: `coalesce(outputs('Get_item')?['body/title'], 'Untitled')`. +1. Validate data types before conversion: `if(isInt(variables('input')), int(variables('input')), 0)`. + +> [!TIP] +> For a library of ready-to-use expression patterns with null-safe handling, see [Expression cookbook for cloud flows](expression-cookbook.md). + +**Related**: [InvalidTemplate](#invalidtemplate), [ContentConversionFailed](#contentconversionfailed) + +### ContentConversionFailed + +**What it means**: The flow couldn't convert data from one type to another between actions. + +**Common causes**: + +- Passing a string where an integer or boolean is expected +- Sending an array to an action that expects a single object +- Date string in an unexpected format (for example, `DD/MM/YYYY` when `MM/DD/YYYY` is expected) +- Binary content (file) passed to a text input + +**How to fix**: + +1. Check the failed action's inputs in the run history. Compare the actual value type to what the action expects. +1. Use explicit conversion functions: `int()`, `float()`, `string()`, `bool()`, `json()`. +1. For dates, use `parseDateTime()` with an explicit locale or `formatDateTime()` to normalize before passing. +1. For arrays, use `first()` to extract a single item if the downstream action expects one value. + +**Related**: [ExpressionEvaluationFailed](#expressionevaluationfailed) + +## Connection and authentication errors + +These errors occur when the flow can't authenticate to a connected service. + +### InvalidConnection + +**What it means**: A connection reference in the flow points to a connection that is broken, deleted, or expired. + +**Common causes**: + +- The user who created the connection changed their password or had MFA reset +- The connection was deleted from the Connections page +- An admin removed the connection via Power Platform admin center +- The flow was imported into an environment where the connection doesn't exist + +**How to fix**: + +1. Open the flow in edit mode. Actions with broken connections show a warning icon. +1. Select the action and select **Change connection** or **Add new connection**. +1. Sign in with the appropriate credentials to create a fresh connection. +1. Save and test the flow. + +> [!IMPORTANT] +> For production flows, consider using service principal connections instead of personal user connections. Service principal connections don't expire when a user changes their password or leaves the organization. + +**Related**: [ConnectionNotConfigured](#connectionnotconfigured), [ConnectionAuthorizationFailed](#connectionauthorizationfailed) + +### ConnectionNotConfigured + +**What it means**: An action requires a connection but none has been selected. + +**Common causes**: + +- Flow was imported from a solution and connection references weren't mapped +- A new action was added but the connection step was skipped +- The connection reference points to an environment variable with no value + +**How to fix**: + +1. Open the flow in edit mode and find the action with the connection warning. +1. Select an existing connection from the dropdown, or create a new one. +1. For solution flows, go to **Solutions** > **Default Solution** > **Connection References** and set the connection for each reference. + +**Related**: [InvalidConnection](#invalidconnection) + +### Unauthorized (401) + +**What it means**: The API rejected the request because the authentication token is invalid or expired. + +**Common causes**: + +- OAuth token expired and the connection couldn't auto-refresh +- The user's account was disabled or password changed +- Service principal secret or certificate expired +- Conditional Access policy blocked the sign-in (geo, device compliance) + +**How to fix**: + +1. Go to **Power Automate** > **Connections** and find the connection used by the failed action. +1. If the connection shows a warning, select **Fix connection** and re-authenticate. +1. For service principal connections, rotate the secret in Microsoft Entra ID and update the connection. +1. Check Microsoft Entra ID sign-in logs for Conditional Access blocks: **Azure portal** > **Microsoft Entra ID** > **Sign-in logs**, filter by the app name. + +**Related**: [Forbidden (403)](#forbidden-403), [ConnectionAuthorizationFailed](#connectionauthorizationfailed) + +### Forbidden (403) + +**What it means**: The authenticated user or app doesn't have permission to perform the requested operation. + +**Common causes**: + +- A DLP (Data Loss Prevention) policy blocks the connector or connector action in this environment +- The user lacks permissions on the target resource (for example, no write access to a SharePoint list) +- An admin restricted the connector via tenant-level settings +- The connector requires a premium license and the user is on a seeded plan + +**How to fix**: + +1. Check DLP policies: **Power Platform admin center** > **Data policies**. Look for policies that block the connector in your environment's group. +1. Verify the connection user has the right permissions on the target service (SharePoint site permissions, Dataverse security roles, and similar). +1. If it's a premium connector issue, verify the flow owner or caller has a Power Automate Premium license. For more information, see [What's free vs. what's premium](../power-platform/admin/power-automate-licensing/free-vs-premium.md). +1. Contact your admin if a DLP policy needs to be modified. + +**Related**: [Unauthorized (401)](#unauthorized-401), [DirectApiAuthorizationRequired](#directapiauthorizationrequired) + +### ConnectionAuthorizationFailed + +**What it means**: The connection exists but its stored credentials are no longer valid. + +**Common causes**: + +- User's password changed or MFA method was reset +- OAuth refresh token expired (common with connections unused for 90+ days) +- Admin revoked consent for the app in Microsoft Entra ID +- Shared connection was unshared by the owner + +**How to fix**: + +1. Open **Power Automate** > **Connections**, find the affected connection. +1. Select the connection, then select **Fix connection** to re-authenticate. +1. If using a shared connection, ask the connection owner to re-share it. +1. For service accounts, set a calendar reminder to rotate credentials before they expire. + +> [!TIP] +> For a detailed walkthrough of connection issues by connector (SharePoint, Outlook, SQL Server, Dataverse, HTTP), see [Fix connection failures in cloud flows](fix-connection-failures.md). + +**Related**: [InvalidConnection](#invalidconnection), [Unauthorized (401)](#unauthorized-401) + +## Connector and API errors + +These errors come from the downstream service the flow is calling. + +### ActionFailed + +**What it means**: An action returned a failure status. This is a generic wrapper. The actual error details are in the action's output body. + +**Common causes**: + +- The downstream API returned a 4xx or 5xx error +- A child flow (called via "Run a Child Flow") failed +- A custom connector returned an unexpected response format +- The action's configure-run-after settings caused it to execute after a prior failure + +**How to fix**: + +1. Open the failed run and select the failed action. +1. Expand **Outputs** to see the actual error message and status code from the API. +1. Fix the underlying issue based on the specific API error (see the 400, 401, 403, and 404 entries in this reference). +1. If the action should run even when prior actions fail, check its **Configure run after** settings. + +**Related**: [BadRequest (400)](#badrequest-400), [NotFound (404)](#notfound-404) + +### BadRequest (400) + +**What it means**: The connector API rejected the request because the input data is malformed or invalid. + +**Common causes**: + +- Sending a field with the wrong data type (string instead of number, or vice versa) +- Required fields missing from the request body +- Invalid characters in file names or list item titles +- Exceeding a field length limit (for example, SharePoint single-line text = 255 chars) + +**How to fix**: + +1. Open the failed action in run history and look at the **Inputs** section to see exactly what was sent. +1. Compare the inputs to the API's expected schema (check the connector documentation). +1. Sanitize user input with `replace()` to strip invalid characters before passing to the action. +1. Use `substring()` or `take()` to truncate long values to the field's max length. + +**Related**: [ActionFailed](#actionfailed), [ContentConversionFailed](#contentconversionfailed) + +### NotFound (404) + +**What it means**: The resource the action is trying to access doesn't exist. + +**Common causes**: + +- A SharePoint list, library, or site was renamed or deleted +- An Outlook folder or Teams channel was removed +- The flow references a hardcoded ID for a resource that no longer exists +- The Dataverse table or row was deleted by another process + +**How to fix**: + +1. Check that the resource still exists in the target service. +1. If it was renamed, update the action to use the new name or ID. +1. Replace hardcoded IDs with dynamic lookups where possible (for example, "Get items" with a filter instead of "Get item" with a static ID). +1. Add error handling: configure the next action to **Run after** > **has failed** and handle the 404 gracefully. + +**Related**: [ActionFailed](#actionfailed) + +## Trigger errors + +These errors relate to flow triggers not firing or failing. + +### TriggerConditionNotMet + +**What it means**: The trigger evaluated its condition and determined the event shouldn't start a flow run. + +**Common causes**: + +- A trigger condition expression always evaluates to false (logic error) +- The trigger condition references a field that doesn't exist in the trigger payload +- The event occurred but the data didn't match the filter (for example, "When an item is created" with a condition on Status, but Status was blank) + +**How to fix**: + +1. Go to the trigger's **Settings** and review the trigger condition expression. +1. Test the condition against a known event payload. Use **Peek code** on the trigger to see the raw schema. +1. Temporarily remove the condition, trigger the flow manually, and inspect the trigger output to verify field names and values. +1. Fix the expression and re-enable the condition. + +**Related**: [ExpressionEvaluationFailed](#expressionevaluationfailed) + +## Timeout and throttling errors + +These errors occur when the flow or an action exceeds time or rate limits. + +### ActionTimedOut + +**What it means**: A single action exceeded its configured timeout and was cancelled. + +**Common causes**: + +- HTTP action calling a slow external API with default 100-second timeout +- "Wait for an approval" with an expiration that passed +- Large file upload or download over a slow connection +- Dataverse query returning too many rows without pagination + +**How to fix**: + +1. Open the action's **Settings** and increase the **Timeout** value (ISO 8601 duration, for example, `PT5M` for 5 minutes). +1. For HTTP actions, check if the external API has a long-running operation pattern (poll with retry-after). +1. For Dataverse, add `$filter` and `$top` to reduce the result set. +1. For approvals, set a reasonable expiration and add a timeout branch to handle non-responses. + +**Related**: [OperationTimedOut](#operationtimedout) + +### OperationTimedOut + +**What it means**: A long-running operation (webhook wait, approval, HTTP polling) exceeded the maximum wait time. + +**Common causes**: + +- HTTP webhook action waiting for a callback that never came +- Approval action without an expiration, hitting the 30-day flow run limit +- "Delay until" action set to a date beyond the 30-day run duration limit +- External service went down and never sent the expected response + +**How to fix**: + +1. Always set explicit timeouts on webhook and approval actions. +1. For HTTP webhook actions, implement a timeout branch with **Configure run after** > **has timed out**. +1. Break long waits into shorter segments using a loop with daily checks. +1. For the 30-day run limit, redesign long-running processes to use a "relay" pattern: end the current run and start a new one with state passed via Dataverse or a file. + +> [!IMPORTANT] +> Cloud flows have a maximum run duration of 30 days. For processes that take longer, split them into multiple flow runs with shared state. + +**Related**: [ActionTimedOut](#actiontimedout) + +### WorkflowRunActionRepetitionQuotaExceeded + +**What it means**: An Apply to Each loop exceeded the maximum number of iterations (default: 100,000 for premium, 5,000 for performance profiles). + +**Common causes**: + +- Processing a large SharePoint list or Dataverse table without filtering first +- Nested Apply to Each loops multiplying iteration counts (100 x 100 = 10,000) +- A "Get items" action returning all rows instead of a filtered subset + +**How to fix**: + +1. Add filters to the data source action to reduce the number of items before the loop. +1. Use OData `$filter` and `$top` on "Get items" actions instead of filtering inside the loop. +1. For large datasets, batch the work across multiple flow runs using pagination tokens or date ranges. +1. Consider using "Select" or "Filter array" actions instead of Apply to Each when you only need to transform or filter data. + +**Related**: [FlowRunQuotaExceeded](#flowrunquotaexceeded) + +### FlowRunQuotaExceeded + +**What it means**: The flow or tenant exceeded its daily action execution limit. + +**Common causes**: + +- Seeded/free license: 6,000 actions per day per user +- Premium license: 40,000 actions per day per user +- Process license: 250,000 actions per day per flow +- A loop-heavy flow consuming thousands of actions per run + +**How to fix**: + +1. Check current usage in **Power Platform admin center** > **Analytics** > **Power Automate**. +1. Optimize flows to use fewer actions: replace Apply to Each with Select/Filter, batch operations, reduce polling frequency. +1. Upgrade license tier if the workload legitimately needs more capacity. +1. Spread workloads across multiple flows or schedule high-volume runs during off-peak hours. + +> [!NOTE] +> For details on daily action limits by license tier, see [Power Automate limits and configuration](/power-automate/limits-and-config). + +**Related**: [WorkflowRunActionRepetitionQuotaExceeded](#workflowrunactionrepetitionquotaexceeded), [DirectApiAuthorizationRequired](#directapiauthorizationrequired) + +## Licensing errors + +### DirectApiAuthorizationRequired + +**What it means**: The flow uses a premium connector but the caller doesn't have a premium license. + +**Common causes**: + +- A flow with premium connectors (HTTP, SQL Server, Dataverse, custom connectors) is run by a user on a seeded M365 license +- The flow owner has premium but the triggering user doesn't (the caller's license matters, not the owner's) +- A scheduled flow's owner lost their premium license +- An in-context flow was disassociated from its Power App, making it out-of-context + +**How to fix**: + +1. Identify which connector requires premium. The error message usually names it. +1. Assign a Power Automate Premium license to the user who triggers or runs the flow. +1. For scheduled or automated flows, ensure the flow owner has a premium license. +1. Consider whether a Process license (per-flow) is more cost-effective for high-volume shared flows. + +> [!TIP] +> For a complete breakdown of what's included in each license tier, see [What's free vs. what's premium in Power Automate](../power-platform/admin/power-automate-licensing/free-vs-premium.md). + +**Related**: [Forbidden (403)](#forbidden-403), [FlowRunQuotaExceeded](#flowrunquotaexceeded) + +## Quick reference table + +| Error | Category | Most likely fix | +|---|---|---| +| InvalidTemplate | Design-time | Fix expression syntax | +| ExpressionEvaluationFailed | Runtime | Add null checks, validate types | +| ActionFailed | Runtime | Check action outputs for API error | +| FlowCheckerError | Design-time | Fill required fields, fix connections | +| InvalidConnection | Connection | Re-authenticate the connection | +| ConnectionNotConfigured | Connection | Select or create a connection | +| Unauthorized (401) | Auth | Fix connection, rotate credentials | +| Forbidden (403) | Auth | Check DLP policies, permissions | +| BadRequest (400) | API | Validate input data format | +| NotFound (404) | API | Verify resource exists, update references | +| TriggerConditionNotMet | Trigger | Review trigger condition expression | +| ActionTimedOut | Timeout | Increase timeout in action settings | +| DuplicateActionName | Design-time | Rename one of the duplicate actions | +| MissingRequiredProperty | Design-time | Fill in required fields | +| ContentConversionFailed | Runtime | Use explicit type conversions | +| WorkflowRunActionRepetitionQuotaExceeded | Throttling | Filter data before looping | +| DirectApiAuthorizationRequired | Licensing | Assign premium license to caller | +| FlowRunQuotaExceeded | Throttling | Optimize action count, upgrade license | +| ConnectionAuthorizationFailed | Connection | Fix connection, re-authenticate | +| OperationTimedOut | Timeout | Set explicit timeouts, use relay pattern | + +## See also + +- [Expression cookbook for cloud flows](expression-cookbook.md) +- [Fix connection failures in cloud flows](fix-connection-failures.md) +- [Troubleshoot cloud flow errors](troubleshoot-flow-errors.md) +- [Power Automate limits and configuration](/power-automate/limits-and-config) +- [Power Automate licensing guide](/power-platform/admin/power-automate-licensing/types) diff --git a/articles/expression-cookbook.md b/articles/expression-cookbook.md new file mode 100644 index 000000000..979a9d1db --- /dev/null +++ b/articles/expression-cookbook.md @@ -0,0 +1,400 @@ +--- +title: Expression cookbook for cloud flows - Power Automate +description: 30 ready-to-use expression patterns for text, dates, arrays, JSON, math, and logic in Power Automate cloud flows. +author: matow +ms.author: matow +ms.reviewer: +ms.topic: reference +ms.date: 03/19/2026 +ms.subservice: cloud-flow +--- + +# Expression cookbook for cloud flows + +30 ready-to-use expression patterns for common scenarios in Power Automate cloud flows. Copy, adapt, and use these patterns in your flows. + +> [!NOTE] +> These expressions work in all Power Automate cloud flow license tiers. For the full function reference, see [Workflow expression functions](/azure/logic-apps/workflow-definition-language-functions-reference). + +## Text operations + +### 1. Convert to uppercase or lowercase + +**Scenario**: Normalize user input before comparison or storage. + +**Expression**: `toUpper(variables('input'))` or `toLower(variables('input'))` + +**Example**: `toLower('John.Smith@Contoso.COM')` returns `john.smith@contoso.com` + +> [!IMPORTANT] +> `toUpper()` is case-sensitive when used in comparisons. If you use `toUpper(A) = B`, make sure you apply it to both sides. `toUpper(A) = B` fails if B is mixed case. + +### 2. Extract substring (left, right, mid) + +**Scenario**: Pull a specific portion out of a text value. Get the first N characters, last N, or a range from the middle. + +**Expression**: + +- Left: `substring(variables('text'), 0, 5)` +- Right: `substring(variables('text'), sub(length(variables('text')), 5), 5)` +- Mid: `substring(variables('text'), 3, 4)` + +**Example**: `substring('Invoice-2026-0042', 8, 4)` returns `2026` + +> [!TIP] +> The second parameter is the start index (0-based), the third is the **length**, not the end index. `substring('ABCDE', 1, 3)` returns `BCD`, not `BC`. + +### 3. Replace text + +**Scenario**: Clean up or transform text values. Remove characters, swap delimiters, fix formatting. + +**Expression**: `replace(variables('input'), 'old', 'new')` + +**Example**: `replace('2026/03/18', '/', '-')` returns `2026-03-18` + +> [!NOTE] +> `replace()` is case-sensitive. `replace('Hello', 'hello', 'Hi')` returns `Hello` unchanged. Convert to a common case first if needed. + +### 4. Split string into array + +**Scenario**: Break a delimited value (CSV, semicolon-separated emails) into individual items for looping. + +**Expression**: `split(variables('input'), ',')` + +**Example**: `split('alice@contoso.com,bob@contoso.com,carol@contoso.com', ',')` returns `["alice@contoso.com","bob@contoso.com","carol@contoso.com"]` + +> [!TIP] +> Spaces after the delimiter are preserved. `split('a, b, c', ',')` returns `["a"," b"," c"]` with leading spaces. Use `trim()` on each item in a Select action afterward. + +### 5. Concatenate with line breaks (for emails) + +**Scenario**: Build a multi-line message body for email or Teams notifications. + +**Expression**: `concat('Line 1', decodeUriComponent('%0A'), 'Line 2')` + +**Example**: Use `decodeUriComponent('%0A')` for a newline or `decodeUriComponent('%0D%0A')` for Windows-style line breaks. + +> [!IMPORTANT] +> Using `\n` directly in expressions doesn't produce a line break. It outputs the literal characters `\n`. Always use the `decodeUriComponent` approach, or use `
` if the output is HTML. + +### 6. Check if string contains text + +**Scenario**: Route a flow based on whether a subject line, email body, or field contains a keyword. + +**Expression**: `contains(toLower(triggerBody()?['subject']), 'urgent')` + +**Example**: `contains('Project Alpha Review', 'Alpha')` returns `true` + +> [!NOTE] +> `contains()` is case-sensitive. Always wrap both the haystack and needle in `toLower()` for case-insensitive matching: `contains(toLower(value), toLower(search))`. + +## Date and time + +### 7. Get current date/time in a specific format + +**Scenario**: Stamp a file name, log entry, or email with the current date and time. + +**Expression**: `formatDateTime(utcNow(), 'yyyy-MM-dd HH:mm')` + +**Example**: Returns `2026-03-18 14:30` (UTC). Use `convertTimeZone()` for local time. + +> [!TIP] +> `utcNow()` is always UTC. For local time, chain with `convertTimeZone(utcNow(), 'UTC', 'Eastern Standard Time', 'yyyy-MM-dd HH:mm')`. + +### 8. Add or subtract days from a date + +**Scenario**: Calculate a due date, expiration, or reminder date relative to today. + +**Expression**: `addDays(utcNow(), 7)` or `addDays(utcNow(), -30)` + +**Example**: If today is `2026-03-18`, `addDays(utcNow(), 7)` returns `2026-03-25T...Z` + +> [!NOTE] +> `addDays()` also accepts fractional values, but `addHours()` or `addMinutes()` are clearer for sub-day offsets. Don't use `addDays(utcNow(), 0.5)` when you mean `addHours(utcNow(), 12)`. + +### 9. Convert string to date (parse) + +**Scenario**: A text field contains a date like `03/18/2026` and you need to use it in date functions. + +**Expression**: `parseDateTime(variables('dateString'), 'en-US')` + +**Example**: `parseDateTime('03/18/2026', 'en-US')` returns a proper datetime value. + +> [!IMPORTANT] +> Without the locale parameter, parsing depends on the flow's regional settings and can swap month/day. Always specify the locale explicitly to avoid `03/04/2026` being interpreted as April 3rd vs. March 4th. + +### 10. Get day of week + +**Scenario**: Run different logic on weekdays vs. weekends, or generate a "Monday report." + +**Expression**: `dayOfWeek(utcNow())` + +**Example**: Returns `0` for Sunday, `1` for Monday, ..., `6` for Saturday. + +> [!TIP] +> Sunday is `0`, not `7`. Use `or(equals(dayOfWeek(...), 0), equals(dayOfWeek(...), 6))` for weekend checks. A condition like `dayOfWeek(utcNow()) > 5` catches Saturday but misses Sunday. + +### 11. Calculate difference between two dates + +**Scenario**: Determine how many days elapsed between a request date and a completion date. + +**Expression**: `div(sub(ticks(variables('endDate')), ticks(variables('startDate'))), 864000000000)` + +**Example**: If start is `2026-03-01` and end is `2026-03-18`, returns `17`. + +> [!NOTE] +> There's no built-in `dateDiff()` function. You must use the ticks approach. The divisor `864000000000` converts ticks to days. For hours, use `36000000000`; for minutes, use `600000000`. + +### 12. Format date for display + +**Scenario**: Convert a datetime value to a human-readable format for emails or reports. + +**Expression**: `formatDateTime(variables('myDate'), 'MMMM dd, yyyy')` or `formatDateTime(variables('myDate'), 'MM/dd/yyyy')` + +**Example**: `formatDateTime('2026-03-18T14:30:00Z', 'MMMM dd, yyyy')` returns `March 18, 2026` + +> [!IMPORTANT] +> `MM` is months, `mm` is minutes. `formatDateTime(value, 'mm/DD/yyyy')` produces `30/18/2026` (minutes and day) instead of `03/18/2026`. Use `dd` (lowercase) for day of month. + +## Arrays and collections + +### 13. Filter an array by condition + +**Scenario**: Get only the items from an array that match a specific criterion. + +**Expression**: Use the **Filter array** action with: `@item()?['Status']` is equal to `'Active'` + +**Example**: Input `[{Name:'A', Status:'Active'}, {Name:'B', Status:'Closed'}]` returns `[{Name:'A', Status:'Active'}]` + +> [!NOTE] +> You can't use a `where`-style filter expression inline. Use the Filter array action (not an expression). For expression-based filtering, use `@equals(item()?['Status'], 'Active')` in the Filter array's advanced mode. + +### 14. Get first or last item from array + +**Scenario**: Retrieve the most recent record or the first match from a list. + +**Expression**: `first(variables('myArray'))` or `last(variables('myArray'))` + +**Example**: `first(body('Get_items')?['value'])` returns the first item from a SharePoint query. + +> [!TIP] +> `first()` on an empty array returns `null`, not an error. Always follow with a null check: `if(empty(variables('myArray')), null, first(variables('myArray')))`. + +### 15. Count items in array + +**Scenario**: Check how many results a query returned, or validate that a list has enough items. + +**Expression**: `length(variables('myArray'))` + +**Example**: `length(body('Get_items')?['value'])` returns the number of items from a SharePoint list query. + +> [!NOTE] +> `length()` works on both arrays and strings. `length('hello')` returns `5` (character count). Make sure you're passing an array, not a string that looks like an array. + +### 16. Create comma-separated string from array (join) + +**Scenario**: Convert a list of names, emails, or IDs into a single delimited string for display or an API call. + +**Expression**: `join(variables('myArray'), ', ')` + +**Example**: `join(createArray('Alice', 'Bob', 'Carol'), '; ')` returns `Alice; Bob; Carol` + +> [!TIP] +> `join()` works on arrays of strings. If your array contains objects, use a **Select** action first to extract the field you want, then join the result. + +### 17. Check if array contains a value + +**Scenario**: Determine if a specific item exists in a list before proceeding. + +**Expression**: `contains(variables('myArray'), 'searchValue')` + +**Example**: `contains(createArray('North', 'South', 'East', 'West'), 'East')` returns `true` + +> [!NOTE] +> For arrays of objects, `contains()` checks for the entire object, not a property value. To check if any object has a matching property, use a Filter array action and then check `length()` of the result. + +## JSON and objects + +### 18. Parse JSON string + +**Scenario**: An HTTP action or custom connector returns a JSON string that you need to work with as structured data. + +**Expression**: `json(body('HTTP'))` + +**Example**: `json('{"name":"Alice","age":30}')` returns an object you can access with `?['name']`. + +> [!IMPORTANT] +> Don't double-parse. If the action already returns parsed JSON (most connector actions do), wrapping it in `json()` again causes an error. Use `json()` only on raw string responses, not on action outputs that are already objects. + +### 19. Get nested property from JSON + +**Scenario**: Access a value deep inside a JSON response, for example, `response.data.items[0].name`. + +**Expression**: `body('HTTP')?['data']?['items']?[0]?['name']` + +**Example**: For `{"data":{"items":[{"name":"Widget"}]}}`, returns `Widget`. + +> [!IMPORTANT] +> Don't forget the `?` (safe navigation). `body('HTTP')['data']['items']` throws an error if any level is null. Always use `?['key']` to safely traverse: each `?` returns null instead of failing if the parent is missing. + +### 20. Create JSON object from values + +**Scenario**: Build a request body for an HTTP action from flow variables and dynamic content. + +**Expression**: `json(concat('{"name":"', variables('name'), '","status":"', variables('status'), '"}'))` + +**Example**: With name=`Alice` and status=`Active`, returns `{"name":"Alice","status":"Active"}`. + +> [!TIP] +> If any variable contains quotes or special characters, the JSON will be malformed. For robust construction, use a **Compose** action with `createObject('name', variables('name'), 'status', variables('status'))` or build it in a Compose action directly. + +### 21. Convert object to string + +**Scenario**: Log a JSON object to a text field, or pass structured data as a string parameter. + +**Expression**: `string(variables('myObject'))` + +**Example**: `string(json('{"a":1}'))` returns `{"a":1}` as a string. + +> [!NOTE] +> `string()` on an array or object produces compact JSON (no pretty-printing). There's no built-in `prettyPrint()`. Accept compact JSON or build formatted text manually. + +### 22. Handle null or empty values safely + +**Scenario**: Prevent errors when a field might be null, empty, or missing entirely. + +**Expression**: `coalesce(triggerBody()?['optionalField'], 'default value')` + +**Example**: If `optionalField` is null, returns `'default value'`. If it has a value, returns that value. + +> [!IMPORTANT] +> `coalesce()` only handles `null`, not empty strings. For empty strings, combine with a condition: `if(empty(triggerBody()?['field']), 'default', triggerBody()?['field'])`. The `empty()` function returns true for both null and empty string `''`. + +## Numbers and math + +### 23. Round a number + +**Scenario**: Display a percentage or currency value with a fixed number of decimal places. + +**Expression**: `formatNumber(variables('value'), 'N2')` (for display) or `div(mul(variables('value'), 100), 100)` (for truncation) + +**Example**: `formatNumber(3.14159, 'N2')` returns `3.14` as a string. + +> [!NOTE] +> `formatNumber()` returns a string, not a number. If you need to do further math on the rounded value, parse it back: `float(formatNumber(variables('value'), 'N2'))`. + +### 24. Convert string to number (and back) + +**Scenario**: A form or email gives you a number as text, and you need to do math with it. + +**Expression**: `int(variables('textNumber'))` or `float(variables('textNumber'))` and `string(variables('numericValue'))` + +**Example**: `int('42')` returns `42`. `float('3.14')` returns `3.14`. `string(42)` returns `'42'`. + +> [!IMPORTANT] +> `int('3.14')` throws an error. It won't truncate a decimal string. Use `float()` first, then convert: `int(float('3.14'))` if you need an integer from a decimal string. + +### 25. Calculate percentage + +**Scenario**: Show what fraction one value is of another (for example, completion rate, utilization). + +**Expression**: `mul(div(float(variables('part')), float(variables('total'))), 100)` + +**Example**: With part=`75` and total=`200`, returns `37.5`. + +> [!IMPORTANT] +> Integer division truncates. `div(75, 200)` returns `0` because both are integers. Always convert to float first: `div(float(75), float(200))` returns `0.375`. + +## Conditionals and logic + +### 26. If/then/else in an expression + +**Scenario**: Return different values based on a condition, without adding a Condition action to the flow. + +**Expression**: `if(equals(variables('status'), 'Approved'), 'Proceed', 'Wait')` + +**Example**: If status is `Approved`, returns `Proceed`. Otherwise returns `Wait`. + +> [!NOTE] +> The `if()` function doesn't support `>`, `<` operators directly. Use helper functions: `if(greater(variables('count'), 10), 'Over', 'Under')`. Available comparisons: `equals()`, `greater()`, `less()`, `greaterOrEquals()`, `lessOrEquals()`. + +### 27. Coalesce (first non-null value) + +**Scenario**: Try multiple fields and use the first one that has a value, for example, preferred name, display name, email. + +**Expression**: `coalesce(triggerBody()?['preferredName'], triggerBody()?['displayName'], triggerBody()?['email'], 'Unknown')` + +**Example**: If preferredName is null and displayName is `'Alice'`, returns `Alice`. + +> [!TIP] +> `coalesce()` skips `null` but not empty strings `''`. An empty string is a valid non-null value. Combine with a helper if empty strings should also be skipped: `coalesce(if(empty(A), null, A), if(empty(B), null, B), 'default')`. + +### 28. Check if value is null or empty + +**Scenario**: Validate that a required field has a usable value before processing. + +**Expression**: `empty(variables('input'))` + +**Example**: `empty('')` returns `true`. `empty(null)` returns `true`. `empty('hello')` returns `false`. `empty(createArray())` returns `true`. + +> [!IMPORTANT] +> `empty()` doesn't work on numbers. `empty(0)` throws an error. For numbers, use `equals(variables('num'), null)` or check the type first. + +### 29. Compare dates (is date A after date B?) + +**Scenario**: Check if a deadline has passed, or if one event happened before another. + +**Expression**: `greater(ticks(variables('dateA')), ticks(variables('dateB')))` + +**Example**: `greater(ticks('2026-03-18'), ticks('2026-03-15'))` returns `true` (March 18 is after March 15). + +> [!IMPORTANT] +> Comparing date strings directly with `greater('2026-03-18', '2026-03-15')` happens to work for ISO format (YYYY-MM-DD) because it sorts lexicographically. But it fails for other formats. `greater('03/18/2026', '12/01/2025')` returns `false` because `0` < `1`. Always use `ticks()` for reliable date comparison. + +### 30. Boolean logic (AND/OR in conditions) + +**Scenario**: Combine multiple conditions in a single expression, for example, approved AND amount > 1000. + +**Expression**: `and(equals(variables('status'), 'Approved'), greater(variables('amount'), 1000))` + +**Example**: Returns `true` only if status equals `Approved` and amount is greater than 1000. + +> [!NOTE] +> You can't chain `and`/`or` with `&&`/`||` syntax. Always use the function form. For complex logic, nest them: `or(and(A, B), and(C, D))`. Readability degrades with deep nesting. Consider using a Condition action with multiple rows instead. + +## Quick reference card + +| Task | Expression | +|---|---| +| Uppercase | `toUpper(value)` | +| Lowercase | `toLower(value)` | +| Substring | `substring(value, start, length)` | +| Replace | `replace(value, old, new)` | +| Split | `split(value, delimiter)` | +| Contains (text) | `contains(toLower(value), toLower(search))` | +| Now (formatted) | `formatDateTime(utcNow(), 'yyyy-MM-dd')` | +| Add days | `addDays(date, count)` | +| Day of week | `dayOfWeek(date)` (0=Sun) | +| Days between | `div(sub(ticks(end), ticks(start)), 864000000000)` | +| First item | `first(array)` | +| Last item | `last(array)` | +| Count | `length(array)` | +| Join | `join(array, delimiter)` | +| Parse JSON | `json(stringValue)` | +| Safe property | `object?['key']` | +| Null fallback | `coalesce(value, default)` | +| Is empty | `empty(value)` | +| If/else | `if(condition, trueVal, falseVal)` | +| Compare dates | `greater(ticks(dateA), ticks(dateB))` | +| Int from string | `int(stringValue)` | +| Float from string | `float(stringValue)` | +| AND | `and(condA, condB)` | +| OR | `or(condA, condB)` | + +## See also + +- [Cloud flow error code reference](error-reference.md) +- [Troubleshoot cloud flow errors](troubleshoot-flow-errors.md) +- [Use expressions in conditions](/power-automate/use-expressions-in-conditions) +- [Workflow expression functions reference](/azure/logic-apps/workflow-definition-language-functions-reference) +- [Power Automate limits and configuration](/power-automate/limits-and-config) diff --git a/articles/fix-connection-failures.md b/articles/fix-connection-failures.md new file mode 100644 index 000000000..ef1a83fcf --- /dev/null +++ b/articles/fix-connection-failures.md @@ -0,0 +1,176 @@ +--- +title: Fix connection failures in cloud flows - Power Automate +description: Diagnose and fix broken connections, expired tokens, and authentication errors in Power Automate cloud flows. +author: matow +ms.author: matow +ms.reviewer: +ms.topic: troubleshooting +ms.date: 03/19/2026 +ms.subservice: cloud-flow +--- + +# Fix connection failures in cloud flows + +Your flow was running fine, and now it isn't. This guide walks you through the most common causes in order of likelihood, so you can find the problem fast. + +## Step 1: Is your flow turned on? + +Open the flow details page. Check the status in the top-right corner. + +- **On**: The flow is active. Move to Step 2. +- **Off**: Someone manually turned it off. Turn it back on. If it turns off again immediately, check for DLP policy violations ([Step 3b](#step-3b-dlp-policy-violations) later in this article). +- **Suspended**: Power Automate automatically suspended the flow due to repeated failures. Open the run history to find the failing action, fix the root cause, then turn the flow back on. + +> [!TIP] +> If the flow is missing entirely, check that you're in the correct environment. Use the environment picker in the top-right of the Power Automate portal. + +## Step 2: Did the trigger fire? + +Open the flow's run history. Look at the list of runs. + +### If there are no recent runs + +- **Scheduled trigger**: Verify the recurrence settings. Check the timezone. A flow set to "9:00 AM" uses the timezone configured in the trigger, which may differ from your local time. +- **Automated trigger (When an item is created, When an email arrives, and similar)**: Confirm the triggering event actually occurred. Create a test item or send a test email and wait 5-10 minutes. +- **Trigger condition**: If your trigger has a condition expression, verify it evaluates to `true` for your test event. A common mistake is a condition that filters out every event. +- **Instant (manual) trigger**: These only run when you or another user explicitly starts the flow. Check if the button or app that triggers it is still configured. + +### If runs appear but all are marked "Cancelled" + +The trigger fired but the run was cancelled before actions executed. This usually means a concurrency setting is rejecting new runs while another is in progress. Check the trigger's concurrency control settings. + +## Step 3: Did a specific action fail? + +Open a failed run. Scroll through the actions until you find the one highlighted in red. Expand it to see the error. + +### Step 3a: Read the error code + +| Error code | Meaning | Most likely fix | +|---|---|---| +| **401 Unauthorized** | Your connection token expired, or your password changed. | Go to the Connections page, find the connection, and re-authenticate. See [Step 4: Connection health checks](#step-4-connection-health-checks). | +| **403 Forbidden** | You don't have permission to access the resource, or a DLP policy is blocking the connector. | Check your permissions on the target resource (SharePoint site, mailbox, database). If permissions are correct, ask your admin if a DLP policy was recently changed. | +| **404 Not Found** | The resource was deleted, renamed, or moved. | A SharePoint list was renamed, a file was moved, a mailbox was deprovisioned, or a Teams channel was deleted. Update the action to point to the new location. | +| **429 Too Many Requests** | You hit the API rate limit for this connector. | Add a Delay action before the failing action, or enable retry policy with exponential backoff on the action's settings. For flows processing many items, add a delay inside Apply to Each. | +| **500 Internal Server Error** | The target service is experiencing issues. | Wait 15-30 minutes and retry. If it persists, check the [Microsoft 365 Service Health dashboard](https://admin.microsoft.com/Adminportal/Home#/servicehealth) or the third-party service's status page. | +| **502 Bad Gateway** | The connection between Power Automate and the target service failed. | Usually transient. Enable retry on the action. If it happens consistently, check network/firewall settings (especially for on-premises gateways). | + +### Step 3b: DLP policy violations + +If your flow was recently blocked or suspended and you didn't change anything: + +1. Your admin may have updated a Data Loss Prevention (DLP) policy. +1. Go to **flow details** > **Properties**. If you see a DLP violation message, the flow uses connectors that are now in different policy groups. +1. Contact your Power Platform admin. They can tell you which policy changed and which connectors are affected. + +> [!IMPORTANT] +> DLP policy changes take effect immediately and can block flows without warning. If multiple flows broke at the same time, a DLP change is the most likely cause. + +## Step 4: Connection health checks + +Connections are the most common reason a previously working flow breaks. + +### Check connection status + +1. Open your flow in edit mode. +1. Look at the connections panel (or check each action's connection reference). +1. Each connection should show a green checkmark or "Connected" status. +1. If any connection shows a warning or error icon, select it and select **Fix connection** or **Re-authenticate**. + +### Why connections break + +- **Password change**: You changed your password, or your organization enforces periodic password rotation. The stored OAuth token is now invalid. +- **MFA policy change**: Your admin enabled or changed Multi-Factor Authentication requirements. The existing token no longer satisfies the new policy. +- **Admin consent revoked**: An admin revoked the app consent that Power Automate uses to access a service on your behalf. +- **Token expiry**: OAuth refresh tokens expire after approximately 90 days of inactivity. If a flow hasn't run in 90 days, the connection may need re-authentication. +- **Service principal secret expiry**: If the connection uses a service principal, the client secret may have expired. Generate a new secret in Microsoft Entra ID and update the connection. + +### Re-authenticate a connection + +1. Go to **Power Automate** > **Connections** (left navigation). +1. Find the connection with the error. +1. Select the three dots (**...**) > **Fix connection** or **Edit**. +1. Sign in again with your credentials. +1. Return to your flow and verify the action now shows a green checkmark. + +> [!NOTE] +> If the flow uses a shared connection (owned by someone else), you need that person to re-authenticate, or you can create your own connection and update the flow to use it. + +## Step 5: Preventing silent failures + +Flows can fail without anyone noticing. Set up these safeguards for any flow that matters. + +### Add a failure notification + +1. In the designer, add a parallel branch after the action most likely to fail. +1. Select the three dots on the new branch's first action > **Configure run after** > check only **has failed**. +1. Add a **Send an email** action (or post to Teams) with the subject "Flow failed: [flow name]" and include the error details from the failed action using dynamic content. + +> [!TIP] +> This guarantees you get an alert within minutes of a failure, not days. For critical production flows, send failure notifications to a shared mailbox or Teams channel so the alert isn't missed. + +### Weekly run history check + +For production flows, check the run history page once a week. Look for: + +- Runs with "Failed" status that your failure notification might have missed. +- Runs with "Cancelled" status, which can indicate concurrency or trigger issues. +- A sudden drop in run count, which may mean the trigger stopped firing. + +### Use service principal connections + +Service principal connections don't rely on a user's OAuth token. They don't expire when someone changes their password or leaves the organization. For production flows, ask your admin about setting up service principal connections for your key connectors. + +## Top 5 connection issues by connector + +### SharePoint + +| Issue | Symptom | Fix | +|---|---|---| +| Admin consent required | 403 on first use or after policy change | Admin must grant consent in Microsoft Entra ID > Enterprise Applications > Power Automate | +| Site permissions changed | 403 on actions targeting a specific site | Verify your account has at least Contribute access to the site | +| List view threshold | "The attempted operation is prohibited because it exceeds the list view threshold" | Add a filter query or OData filter to the Get Items action to return fewer than 5,000 items. Use `$top` and indexed column filters. | +| List or library renamed | 404 on all actions targeting that list | Update the action to reference the new list name or ID | +| Column name mismatch | Actions succeed but return empty or wrong data | SharePoint internal names differ from display names. Use the internal name (visible in the URL when you sort by that column). | + +### Outlook / Office 365 + +| Issue | Symptom | Fix | +|---|---|---| +| Shared mailbox permissions | 403 when sending from or reading a shared mailbox | The connection owner needs Send As or Full Access permission on the shared mailbox in Exchange Admin Center | +| Delegate access removed | 401 on actions involving another user's mailbox | Re-grant delegate permissions or switch to a shared mailbox | +| MFA enforcement | 401 after admin enables MFA | Re-authenticate the connection. The new token will include the MFA claim. | +| Attachment size limit | 413 or action failure on large attachments | Outlook connector has a 25 MB attachment limit. For larger files, upload to SharePoint/OneDrive and share a link. | + +### SQL Server + +| Issue | Symptom | Fix | +|---|---|---| +| On-premises gateway offline | Connection timeout or "gateway unreachable" | Check the gateway machine. Restart the On-premises Data Gateway service. Verify the machine has internet access. | +| Firewall rules | Connection timeout to Azure SQL | Add Power Automate IP ranges to your Azure SQL firewall rules, or enable "Allow Azure services" in the SQL server's networking settings. | +| Connection string changed | 404 or connection failure | Server renamed, database moved, or port changed. Update the connection with the new server/database details. | +| SQL login disabled | 401 on all queries | The SQL login may have been disabled or the password expired. Re-enable in SQL Server Management Studio. | + +### Dataverse + +| Issue | Symptom | Fix | +|---|---|---| +| Environment permissions | 403 on Dataverse actions | Your user needs a security role in the target Dataverse environment. Ask your admin to assign one (for example, Basic User + custom table permissions). | +| Security role missing table access | 403 on specific tables | Your security role doesn't include read/write access to the table. Admin must update the security role. | +| Environment switched | Actions reference wrong environment | If the flow was imported or the environment changed, update the Dataverse connection to point to the correct environment. | + +### HTTP / Custom connectors + +| Issue | Symptom | Fix | +|---|---|---| +| API key rotated | 401 on all HTTP requests | Update the API key in the connection or action headers. | +| Certificate expired | SSL/TLS error | The target server's SSL certificate expired. Contact the API provider or update the certificate. | +| URL changed | 404 on all requests | The API endpoint URL was updated. Check the API provider's documentation for the new URL. | +| IP allowlisting | 403 or connection timeout | The target API only allows specific IP addresses. Add Power Automate's IP ranges for your region. For more information, see [IP address configuration](/power-automate/ip-address-configuration). | + +## See also + +- [Troubleshoot cloud flow errors](troubleshoot-flow-errors.md) +- [Cloud flow error code reference](error-reference.md) +- [Get the most from Copilot in Power Automate designer](copilot-in-cloud-flows-tips.md) +- [Power Automate IP address configuration](/power-automate/ip-address-configuration) +- [Set up service principal connections](/power-automate/service-principal) diff --git a/articles/troubleshoot-flow-errors.md b/articles/troubleshoot-flow-errors.md new file mode 100644 index 000000000..c7fa75afe --- /dev/null +++ b/articles/troubleshoot-flow-errors.md @@ -0,0 +1,138 @@ +--- +title: Troubleshoot cloud flow errors - Power Automate +description: Diagnose why your flow won't save, won't run, or produces wrong results with this step-by-step troubleshooting guide. +author: matow +ms.author: matow +ms.reviewer: +ms.topic: troubleshooting +ms.date: 03/19/2026 +ms.subservice: cloud-flow +--- + +# Troubleshoot cloud flow errors + +Something went wrong with your flow. Start here to find the fix fast. + +## Start here: What happened? + +| Symptom | Go to | +|---|---| +| My flow won't save | [Save errors](#save-errors) | +| My flow saved but won't run | [Trigger issues](#trigger-issues) | +| My flow ran but an action failed | [Action errors](#action-errors) | +| My flow runs but produces wrong results | [Logic issues](#logic-issues) | +| I don't understand the error message | [Common error messages](#common-error-messages) | + +## Save errors + +Your flow won't save in the designer. + +**Most common cause:** An expression has a syntax error, or a required field is empty. + +**Quick check:** Look for red outlines on actions in the designer. Expand any action with a warning icon and read the validation message. + +**Fix:** + +1. Check every action for red-highlighted fields. Fill in any required fields that are blank. +1. If you recently edited an expression, open it and look for mismatched parentheses, missing quotes, or incorrect function names. +1. If the save button shows "Saving..." indefinitely, refresh the page and try again. Your unsaved changes may be lost. Use Ctrl+S frequently. + +> [!TIP] +> Copy complex expression text to a separate text file before saving. If the save fails, you can paste it back instead of rewriting from memory. + +**Still stuck?** Copy the exact validation error text and search it on [Power Automate Community Forums](https://powerusers.microsoft.com/t5/Building-Flows/bd-p/BuildingFlows) or paste it into an AI assistant for interpretation. + +## Trigger issues + +Your flow saved successfully, but no runs appear in run history. + +**Most common cause:** The trigger event hasn't occurred, or the trigger has a filter condition that excludes your test events. + +**Quick check:** Open run history. If it's completely empty (no runs at all), the trigger never fired. + +**Fix:** + +1. **Scheduled triggers:** Verify the start date is in the past, the recurrence is correct, and the timezone matches your expectation. A flow set to "Every 1 day" starting "tomorrow" won't run until tomorrow. +1. **Event-based triggers (When an item is created, When a file is modified, and similar):** Create a new test item or file. Wait 5-10 minutes. Triggers aren't instant. There's a polling interval. +1. **Trigger conditions:** If your trigger has a condition expression, temporarily remove it and test. If the flow runs without the condition, the condition is filtering out your events. +1. **Flow is off or suspended:** Check the flow status on the details page. Suspended flows stop triggering until you fix the underlying issue and turn them back on. + +> [!NOTE] +> Event-based triggers in Power Automate use polling intervals, not real-time push notifications. The default polling interval varies by connector (typically 1-5 minutes). You can configure the interval in the trigger's settings. + +**Still stuck?** See [Fix connection failures in cloud flows](fix-connection-failures.md) for a detailed walkthrough. + +## Action errors + +Your flow runs, but one or more actions fail (red in run history). + +**Most common cause:** A connection expired, or the target resource changed (renamed, deleted, permissions removed). + +**Quick check:** Open the failed run. Find the red action. Expand it and read the status code and error message. + +### Fix by error code + +| Code | Meaning | What to do | +|---|---|---| +| 401 | Authentication failed | Re-authenticate the connection. Go to **Connections** in the left nav, find the broken one, select **Fix connection**. | +| 403 | Permission denied | You lost access to the resource, or a DLP policy is blocking the connector. Check your permissions first; then check with your admin about DLP. | +| 404 | Resource not found | The SharePoint list, file, mailbox, or endpoint was renamed, moved, or deleted. Update the action to point to the correct resource. | +| 429 | Rate limited | Add a Delay action before this step, or enable retry with backoff in the action's settings. | +| 500 | Server error | The target service is having issues. Wait and retry. Check the service's health page. | + +### Fix for expression errors + +If the error says "Invalid template" or "Unable to process template language expressions," open the action and check each expression. The most common mistakes are: + +- Referencing dynamic content from a step that didn't run (inside a condition branch that wasn't taken). +- Using the wrong data type (passing a string where a number is expected). +- Null values. Add a `coalesce()` or `if(empty(...))` check. + +> [!TIP] +> For 30 ready-to-use expression patterns with common-mistake warnings, see [Expression cookbook for cloud flows](expression-cookbook.md). + +**Still stuck?** See [Fix connection failures in cloud flows](fix-connection-failures.md) for a detailed walkthrough by connector, or [Cloud flow error code reference](error-reference.md) for an in-depth explanation of each error code. + +## Logic issues + +Your flow runs successfully (all green checkmarks), but the output is wrong. + +**Most common cause:** A condition evaluates differently than expected, or dynamic content references the wrong field. + +**Quick check:** Open a completed run and step through each action. Expand each one and compare its **inputs** and **outputs** to what you expect. + +**Fix:** + +1. **Wrong condition result:** Expand the condition action in run history. Check the actual values that were compared. Common issues: trailing spaces in strings, case sensitivity (`"Approved"` vs `"approved"`), comparing a number to its string representation (`1` vs `"1"`). +1. **Wrong data in actions:** Select the action and check its inputs. If a field shows an unexpected value, select the expression or dynamic content token to see where it comes from. You may be referencing a field from the wrong step or the wrong item in a loop. +1. **Apply to Each processing wrong items:** Check the "Select an output from previous steps" input. If the array contains more or fewer items than expected, the upstream Get Items or List Rows action may need a filter. +1. **Timing issues:** If your flow updates a record and then immediately reads it back, the read may return stale data. Add a short Delay action (5-30 seconds) between the write and the read. + +> [!TIP] +> Add **Compose** actions at key points in your flow to inspect intermediate values. Set the Compose input to the dynamic content you want to check. Run the flow, then check each Compose output in run history to trace where the value goes wrong. + +## Common error messages + +Quick reference for error messages you may encounter. + +| Error message | Translation | Fix | +|---|---|---| +| "The requested operation is prohibited because it exceeds the list view threshold." | SharePoint Get Items is returning more than 5,000 items. | Add an OData filter or use `$top=5000` with pagination. Filter on an indexed column. | +| "Invalid type. Expected String but got Null." | A field you're referencing is empty (null) and the action expects text. | Wrap the reference in `coalesce(field, '')` or add a condition to check for null first. | +| "ActionFailed. An action failed. No dependent actions succeeded." | A Scope block failed, which cancelled all subsequent actions inside it. | Find the specific action inside the Scope that failed first. Fix that action. | +| "Flow run timed out." | The flow exceeded the 30-day maximum duration. | Long-running flows need to be redesigned. Use a child flow for the long-running part, or split into multiple flows with a status flag. | +| "ExpressionEvaluationFailed." | An expression has a syntax error or references a value that doesn't exist at runtime. | Open the action, check each expression. Look for misspelled function names, wrong parameter counts, or references to steps that may not have executed. | +| "The connection is not valid." | The connection was deleted or the credentials expired. | Go to **Connections**, find the connection, re-authenticate or create a new one. | +| "Nested flows are not supported in this context." | You're calling a child flow from inside an Apply to Each or a context that doesn't support it. | Move the child flow call outside the loop, or restructure to pass the full array to the child flow and loop inside it. | + +> [!IMPORTANT] +> When you encounter an error not listed here, copy the exact error message text. Searching for the exact message in the [Power Automate Community Forums](https://powerusers.microsoft.com/t5/Building-Flows/bd-p/BuildingFlows) or the [Cloud flow error code reference](error-reference.md) is the fastest path to a solution. + +## See also + +- [Fix connection failures in cloud flows](fix-connection-failures.md) +- [Cloud flow error code reference](error-reference.md) +- [Get the most from Copilot in Power Automate designer](copilot-in-cloud-flows-tips.md) +- [Expression cookbook for cloud flows](expression-cookbook.md) +- [Power Automate known issues](/power-automate/known-issues) +- [Power Automate Community Forums](https://powerusers.microsoft.com/t5/Building-Flows/bd-p/BuildingFlows) From 08125757491eb4b5836e5195448461ee2091aa80 Mon Sep 17 00:00:00 2001 From: Matt Townsend Date: Thu, 19 Mar 2026 10:41:51 -0400 Subject: [PATCH 2/2] Fix 6 high-traffic pages with low engagement/helpful ratings Surgical additions to existing articles targeting pages with worst engagement signals (PBI Content Engagement data: bounce rate, scroll rate, helpful rating): - index.yml: Add Common Tasks, Troubleshoot, Licensing nav sections (295K PV, 40% bounce) - limits-and-config.md: Add scenario-based limit lookup + FAQ (26K PV, 19% bounce) - ip-address-configuration.md: Add scenario lookup + troubleshooting (14K PV, 23% bounce) - create-team-flows.md: Add sharing scenarios + common issues (6K PV, 23% bounce) - add-manage-connections.md: Add troubleshooting section + prevention (5K PV, 33% helpful) - change-cloud-flow-owner.md: Add transfer walkthrough + checklist (11K PV, 25% helpful) All existing content preserved. New content uses NOTE/TIP/IMPORTANT callouts. Co-Authored-By: Claude Opus 4.6 (1M context) --- articles/add-manage-connections.md | 76 ++++++++++++++ articles/change-cloud-flow-owner.md | 143 +++++++++++++++++++++++++++ articles/create-team-flows.md | 45 +++++++++ articles/index.yml | 55 ++++++++++- articles/ip-address-configuration.md | 52 ++++++++++ articles/limits-and-config.md | 52 ++++++++++ 6 files changed, 422 insertions(+), 1 deletion(-) diff --git a/articles/add-manage-connections.md b/articles/add-manage-connections.md index 9bfed777b..5a488c6dd 100644 --- a/articles/add-manage-connections.md +++ b/articles/add-manage-connections.md @@ -22,6 +22,70 @@ ms.custom: sfi-image-nochange Power Automate uses *connections* to make it easy for you to access your data while building flows. Power Automate includes commonly used connections, including SharePoint, SQL Server, Microsoft 365, OneDrive for Business, Salesforce, Excel, Dropbox, Twitter, and more. Connections are shared with Power Apps, so when you create a connection in one service, the connection shows up in the other service. +## Fix a broken connection + +If your flow stopped working because of a connection error, start here. + +### Quick diagnosis + +| Error or symptom | Likely cause | Fix | +|---|---|---| +| **401 Unauthorized** or "invalid credentials" | Your password changed, MFA was updated, or the token expired | [Re-authenticate the connection](#re-authenticate-a-connection) | +| **403 Forbidden** | A DLP policy blocks this connector, or you lack permissions to the data source | [Check DLP policies](#check-dlp-policies) | +| **Connection not found** or "connection was deleted" | Someone removed the connection, or it was cleaned up by an admin | [Create a new connection](#add-a-connection) and update the flow | +| **Gateway offline** or "gateway unreachable" | The on-premises data gateway service is stopped or unreachable | [Troubleshoot the gateway](/data-integration/gateway/service-gateway-tshoot) | +| **The connection works in the portal but the flow still fails** | The flow uses a different connection than the one you fixed | [Verify which connection the flow uses](#verify-flow-connections) | + +### Re-authenticate a connection + +This is the most common fix. Connections use OAuth tokens that expire when your password changes, your MFA enrollment changes, or the token's lifetime expires (typically 90 days for some connectors). + +1. Go to [make.powerautomate.com](https://make.powerautomate.com) > **Connections** (left navigation, under **Data**). +2. Find the broken connection. It shows a warning icon or **Error** status. +3. Select the three dots (**...**) next to the connection, then select **Fix connection** or **Edit**. +4. Sign in again with your credentials. Complete any MFA prompts. +5. After re-authenticating, go back to your flow and select **Test** > **Manually** to verify it runs. + +> [!TIP] +> If you re-authenticated but the flow still fails, open the flow in the designer and check the **Flow checker** (top right). It highlights any steps that still reference a broken or different connection. + +### Check DLP policies + +Data Loss Prevention (DLP) policies set by your admin can block specific connectors or prevent connectors in different groups from being used together in the same flow. + +1. If you see a 403 error mentioning policy, contact your Power Platform admin. +2. Admins can check DLP policies in the [Power Platform admin center](https://admin.powerplatform.microsoft.com/) > **Policies** > **Data policies**. +3. Look for policies that classify your connector in a different group than the other connectors in your flow. + +For more information, see [Data loss prevention policies](/power-platform/admin/wp-data-loss-prevention). + +### Verify flow connections + +A flow can have multiple connections, and each step can use a different one. To check which connection a specific step uses: + +1. Open the flow in the designer. +2. Select the step that is failing. +3. In the step details, look for the **Connection** field. It shows the connection name and the account it is signed in as. +4. If the connection shows a warning, select **Fix connection** and re-authenticate. + +## Prevent connection failures + +### Use service principal connections for production flows + +Personal connections break when the user changes their password, leaves the organization, or has their account disabled. For flows that run in production, use a [service principal connection](/power-automate/connect-with-service-principal) instead. Service principals: + +- Don't depend on a specific person's credentials +- Don't expire when someone changes their password +- Can be managed centrally by IT +- Support certificate-based authentication (no passwords to rotate) + +### Monitor connection health + +Set up a scheduled flow that runs daily and checks the status of your critical connections using the [Power Automate Management connector](/connectors/connector-reference/connector-reference-powerautomate-management). If a connection enters an error state, the flow can send a notification before your production flows start failing. + +> [!TIP] +> For organizations with many flows, the [Power Platform admin center](https://admin.powerplatform.microsoft.com/) provides a **Connections** view where admins can see all connections in an environment, including their status and owner. + Here's a quick video on managing connections. > [!VIDEO https://learn-video.azurefd.net/vod/player?id=9d210b7d-5449-4da2-9ee8-62d049617cbd] @@ -155,6 +219,18 @@ If you don't know what authentication option was used on the Power Automate Mana The [default](/connectors/flowmanagement/#default-deprecated) authentication option was also deprecated in June 2020, however, it was immediately hidden so that it couldn't be used from that date. All connections with the authentication of [default](/connectors/flowmanagement/#default-deprecated) were created prior to June 2020. Those connections should also be replaced. If you use the [Get Connections as admin](/connectors/powerappsforadmins/#get-connections-as-admin) action, those connections will have id="shared_flowmanagement" and properties.connectionParametersSet.name="". +## Common connection errors reference + +| Error code or message | Connector types affected | Cause | Resolution | +|---|---|---|---| +| **401 Unauthorized** | All OAuth connectors | Token expired, password changed, MFA enrollment changed | Re-authenticate: **Connections** > select connection > **Fix connection** | +| **403 Forbidden** | All connectors | DLP policy violation, insufficient permissions on the data source, or the app registration was disabled in Entra ID | Check DLP policies; verify user has access to the underlying data source | +| **404 Connection not found** | All connectors | Connection was deleted by user or admin, or was part of a removed solution | Create a new connection and update the flow to use it | +| **409 Conflict** | SharePoint, Dataverse | Concurrent connection modifications, or connection reference mismatch after solution import | Re-import the solution and remap connection references during import | +| **Gateway unreachable** | SQL Server, File System, SAP, Oracle, and other on-premises connectors | On-premises data gateway service stopped, machine offline, or network connectivity lost | Restart the gateway service on the gateway machine; verify the machine can reach `*.servicebus.windows.net` on port 443 | +| **"Connection not configured for this service"** | Custom connectors, Dataverse | Connection reference in a solution flow points to a connection that doesn't exist in this environment | Create the required connection, then update the connection reference in **Solutions** > your solution > **Connection References** | +| **AADSTS700024 or "client assertion is not within its valid time range"** | Service principal connections | Certificate used by the service principal has expired | Upload a new certificate to the app registration in Entra ID, then update the connection | + ## Related information [Training: Streamline SharePoint processes with Power Automate (module)](/training/modules/streamline-processes/) diff --git a/articles/change-cloud-flow-owner.md b/articles/change-cloud-flow-owner.md index d9778f5d4..d0c62ced9 100644 --- a/articles/change-cloud-flow-owner.md +++ b/articles/change-cloud-flow-owner.md @@ -34,6 +34,149 @@ In cases where ownership needs to be transferred, such as when a flow owner leav If an administrator wants to make changes to a flow, they must first make themselves an owner or co-owner. [Regular users](/power-platform/admin/create-users#user-types) usually own flows, but if you need to change the owner to a Service Principal application user instead, go to [Change the owner of a cloud flow to a Service Principal application user](#change-the-owner-of-a-cloud-flow-to-a-service-principal-application-user). +## Most common scenario: Reassign flows from a departed employee + +When someone leaves your organization, their flows continue to run until their account is disabled or their connections expire. At that point, all flows owned by that person stop working. Here is the complete process to transfer those flows to a new owner and keep them running. + +### Before you start + +You need: +- **Power Platform admin** or **Environment admin** role (to transfer flows you don't own) +- The **new owner** must have an active account with a Power Automate license in the same environment +- A list of connectors used in the flow (you'll need to re-authenticate each one) + +> [!IMPORTANT] +> Transferring ownership does NOT transfer the connections. All connections in the flow are tied to the original owner's Microsoft Entra ID credentials. After transfer, every connection must be re-authenticated by the new owner or replaced with a service principal connection. **If you skip this step, the flow will fail on the next run.** + +### Step-by-step: Transfer ownership + +#### For non-solution flows (My flows) + +1. Sign in to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/) as an admin. +2. Select **Environments**, then select the environment that contains the flow. +3. Select **Resources** > **Flows**. +4. Find the flow to transfer. Use the search bar or filter by the original owner's name. +5. Select the three dots (**...**) next to the flow, then select **Manage sharing**. +6. Under **Owners**, add the new owner's name or email address and select **Save**. +7. After the new owner is added, the original owner can be removed. If the original owner's account is already disabled, the new owner can remove them after accepting ownership. + +> [!NOTE] +> Makers can also transfer flows they own from [make.powerautomate.com](https://make.powerautomate.com): select the flow > **Share** > add the new owner as a co-owner. The new owner can then remove the original owner. + +#### For solution flows + +Solution flows are owned by the system and don't have personal owners in the same way. However, the connections used by the flow still belong to specific users. + +1. In the target environment, go to **Solutions** > select the solution containing the flow. +2. Select the flow, then select **Details**. +3. Under **Run only users** or **Connections**, update the connection references to point to connections owned by an active user. +4. If the flow uses connection references, go to **Connection References** in the solution and remap each reference to a new connection. + +## What changes when you transfer ownership + +Understanding exactly what transfers (and what doesn't) is critical to keeping the flow running. + +| Aspect | Transfers to new owner? | Action needed | +|---|---|---| +| **Flow definition** (triggers, actions, logic) | Yes | None -- the flow design is preserved | +| **Run history** | Yes | None -- all previous run records are visible to the new owner | +| **Connections** (OAuth tokens, credentials) | **No** | **New owner must re-authenticate every connection** | +| **Shared users** (co-owners, run-only users) | Yes | Review and update if needed | +| **Flow state** (on/off) | Yes | Verify the flow is turned on after transfer | +| **Scheduled trigger timing** | Yes | Verify the schedule is correct (timezone may differ) | +| **Environment** | No change | Flow stays in the same environment | +| **Solution membership** | No change | Flow stays in the same solution (if applicable) | + +> [!WARNING] +> **Connections are the #1 reason flows break after transfer.** Each connection stores an OAuth token issued to a specific user. When ownership changes, those tokens don't move. The flow attempts to use the old owner's token, which fails if their account is disabled or their credentials have changed. + +## After transfer checklist + +Complete these steps immediately after transferring ownership to prevent the flow from failing. + +### 1. Re-authenticate all connections + +This is the most critical step. + +1. The new owner should open the flow at [make.powerautomate.com](https://make.powerautomate.com) > **My flows** > **Shared with me**. +2. Select **Edit** to open the flow in the designer. +3. Open the **Flow checker** (top right corner). It lists all connections with errors. +4. For each flagged connection: + - Select the step that uses the connection. + - In the connection field, select **Add new connection** or **Fix connection**. + - Sign in with the new owner's credentials. +5. **Save** the flow after updating all connections. + +> [!TIP] +> If the flow uses many connections, open the **Connections** page ([make.powerautomate.com](https://make.powerautomate.com) > **Data** > **Connections**) first and create the required connections there. Then return to the flow and select the pre-created connections from the dropdown in each step. + +### 2. Verify the trigger still works + +- **Scheduled triggers**: Confirm the time, timezone, and recurrence are correct. +- **Automated triggers** (when an item is created, when an email arrives): The trigger monitors events for the signed-in connection user. If the trigger is "When a new email arrives" and you re-authenticated with a different mailbox, the flow now monitors the new owner's mailbox, not the old owner's. +- **Instant triggers** (button flows): Test by clicking **Run** from the portal. + +### 3. Check the run-as account + +After re-authenticating, verify who the flow acts as: + +- **Send email actions**: Will now send from the new connection owner's email, unless using a shared mailbox. +- **SharePoint actions**: Will now act as the new connection owner. Ensure they have the necessary permissions on the SharePoint site. +- **Dataverse actions**: The new owner must have the required Dataverse security roles. + +### 4. Run a test + +1. Select **Test** in the upper right of the designer. +2. Choose **Manually** (for instant triggers) or **Automatically** with a recent trigger event. +3. Verify that every step completes successfully, especially the steps where you changed connections. +4. Check the output of each step to ensure data is flowing correctly. + +### 5. Update shared users + +If the flow had run-only users or other co-owners, verify that those sharing permissions are still correct. The transfer itself preserves the sharing list, but you may want to update it (for example, remove the departed employee's account). + +## Common issues after transfer + +### New owner can't see the flow + +- **Non-solution flows**: After being added as co-owner, the flow appears under **My flows** > **Shared with me**. It does NOT appear under **Cloud flows** (that tab shows only flows the user created). +- **Wrong environment**: The new owner may need to switch to the correct environment using the environment picker in the upper right of the Power Automate portal. +- **License required**: The new owner must have a Power Automate license. If the flow uses premium connectors, the new owner needs a Power Automate Premium license (or the flow needs a Power Automate Process license). + +### Flow stops working after transfer + +In almost all cases, this is a connection issue. Follow the [re-authenticate all connections](#1-re-authenticate-all-connections) steps above. + +Other causes: +- **DLP policy**: The new owner's environment may have different DLP policies than the original owner's. Check with your admin. +- **Permissions on data sources**: The new owner's account may not have access to the SharePoint sites, SQL databases, or other data sources the flow uses. Grant the required permissions in each data source. +- **Service principal connections**: If the flow used a service principal connection owned by the departed employee's app registration, the app registration itself may need to be transferred in Microsoft Entra ID. + +### Transfer succeeded but the old owner is still listed + +If the original owner's account is disabled in Microsoft Entra ID: +1. The new owner should open the flow and go to **Share** (or **Manage sharing**). +2. Remove the old owner from the owners list. +3. If the old owner can't be removed (grayed out), an admin can remove them from the Power Platform admin center. + +### I need to transfer many flows at once (bulk transfer) + +The portal only supports transferring one flow at a time. For bulk transfers (for example, when offboarding an employee with dozens of flows): + +1. Use the [Power Automate Management connector](/connectors/connector-reference/connector-reference-powerautomate-management) to list all flows owned by a user and modify sharing programmatically. +2. Alternatively, use [PowerShell for Power Platform admins](/power-platform/admin/powerapps-powershell#power-automate-commands) with the `Set-AdminFlowOwnerRole` cmdlet. + +```powershell +# Example: Add a new owner to all flows owned by the departing user +$flows = Get-AdminFlow -EnvironmentName -CreatedBy +foreach ($flow in $flows) { + Set-AdminFlowOwnerRole -EnvironmentName -FlowName $flow.FlowName -PrincipalType User -PrincipalObjectId -RoleName CanEdit +} +``` + +> [!NOTE] +> Even with bulk transfer, you must still re-authenticate connections in each flow individually. There is no bulk connection re-authentication API. + ## Change the owner of a solution-aware cloud flow An owner, co-owner, or an admin can change the owner of a solution-aware flow to another user to ensure business continuity. After the change of ownership completes, the original owner and the new owner become co-owners of the flow. diff --git a/articles/create-team-flows.md b/articles/create-team-flows.md index ea8416223..510731e8b 100644 --- a/articles/create-team-flows.md +++ b/articles/create-team-flows.md @@ -33,6 +33,19 @@ Share a cloud flow with others in your organization and guest users so they can - You must have either a [Power Automate license (except the free license)](https://make.powerautomate.com/pricing/) or a seeded license (Office 365, Dynamics 365 Enterprise plans, Dynamics 365 Professional plans, Dynamics 365 Team Member, Power Apps (Canvas and Model driven Apps)- Per App plans, Power Apps per user plan, Power Apps Plan 1 (exempted), Power Apps Plan 2 (exempted), Windows licenses) to share a cloud flow. - You must be the creator or owner to add or remove owners from a cloud flow. +## Choose your sharing scenario + +How you share a flow depends on who needs access and where the flow needs to run. + +| Scenario | Method | Who can edit | Who can run | +|---|---|---|---| +| **Share with a co-worker** (same environment) | Add as co-owner | Both of you | Both of you, plus anyone with run-only access | +| **Share with a team** (Microsoft 365 group or security group) | Add group as co-owner | All group members | All group members | +| **Share across environments** (dev to production) | Export as solution, import in target | Anyone with access in target environment | Configured at import | + +> [!IMPORTANT] +> When you share a flow, the connections in the flow **do not transfer automatically**. Connections are tied to the person who created them. Each co-owner must set up their own connections, or the flow must use a shared service account or service principal. This is the most common reason a shared flow stops working. See [Common issues after sharing](#common-issues-after-sharing). + ### About embedded and other connections Connections used in a cloud flow fall into two categories: @@ -198,6 +211,38 @@ Yes. When a connection is configured to be **Provided by run-only user**, then t ### Can a connection provided by run-only user be used by another user? No. When a connection is configured to be **Provided by run-only user** then that connection is provided by the user that runs (or "invokes") the flow. Embedded connections are used by all users of the flow, but connections provided by a run-only user are used only by the user that provides them. When the flow connects to a service via a connector, then the **Provided by run-only user** connections allow the flow to act as the run-only user and access the data that the user has access to. If the flow is exported, then the **Provided by run-only user** connections have a **RuntimeSource** value of **invoker**. +## Common issues after sharing + +### The shared user can't see the flow + +- **Check the "Shared with me" tab**: Co-owners find shared flows under **My flows** > **Shared with me**, not under **My flows** > **Cloud flows**. +- **Check permissions**: If the user was added via a group, verify they are a member of that group in Microsoft Entra ID. +- **Check the environment**: The shared user must be in the same Power Platform environment as the flow. If they have a different default environment, they need to switch environments in the Power Automate portal (environment picker in the top right). + +### The flow fails after sharing (connection errors) + +This is the most common issue. Connections in Power Automate are **personal** -- they are tied to the account that created them. + +When a flow runs, it uses the connections of the person who set them up. If the original owner's credentials expire, the connection breaks for everyone. + +**To fix this:** + +1. Each co-owner should open the flow and go to the **Connections** section (or the flow checker warnings). +2. For each connection that shows a warning, select it and sign in with their own credentials. +3. Alternatively, set up a **service principal connection** or a **shared service account** that doesn't depend on an individual's credentials. + +> [!TIP] +> For production flows, use [service principal connections](/power-automate/connect-with-service-principal) instead of personal connections. Service principals don't expire when someone leaves the organization or changes their password. + +### The flow runs under the wrong account + +Power Automate flows run differently depending on the trigger type: + +- **Automated triggers** (when an item is created, when an email arrives): The flow runs using the **connections configured in the flow**, regardless of who triggered the event. +- **Instant (manual) triggers**: The flow runs in the context of the person who clicked **Run**, but still uses the configured connections for data access. + +If the flow is performing actions as the wrong person (for example, sending emails from the original owner instead of the person who triggered the flow), check the connection configuration. You may need to set up **run-only connections** that prompt each user to authenticate with their own account. See [Share a cloud flow with run-only permissions](#share-a-cloud-flow-with-run-only-permissions). + ## Related information - [Training: Share a cloud flow with Power Automate (module)](/training/modules/share-cloud-flow/) diff --git a/articles/index.yml b/articles/index.yml index 0005923ba..912e33907 100644 --- a/articles/index.yml +++ b/articles/index.yml @@ -40,8 +40,61 @@ highlightedContent: url: /troubleshoot/power-platform/power-automate/welcome-power-automate -additionalContent: +additionalContent: sections: + # Common tasks - quick links + - title: Common tasks + linkLists: + - linkListType: how-to-guide + links: + - text: Create your first cloud flow + url: getting-started.md + - text: Create a flow from a template + url: get-started-logic-template.md + - text: Share a flow with your team + url: create-team-flows.md + - text: Monitor your flow runs + url: monitor-manage-processes.md + - text: Connect to your data + url: add-manage-connections.md + - text: Use expressions in conditions + url: use-expressions-in-conditions.md + # Troubleshoot and fix + - title: Troubleshoot and fix + linkLists: + - linkListType: how-to-guide + links: + - text: Fix flow errors and failures + url: fix-flow-failures.md + - text: Troubleshoot broken connections + url: add-manage-connections.md#fix-a-broken-connection + - text: Expression reference and examples + url: /azure/logic-apps/workflow-definition-language-functions-reference + - text: Error code reference + url: error-code-reference.md + - text: Limits and configuration + url: limits-and-config.md + - linkListType: reference + links: + - text: What's free vs. premium + url: /power-platform/admin/power-automate-licensing/types + - text: Known issues + url: /power-automate/known-issues + - text: Power Automate community forums + url: https://powerusers.microsoft.com/t5/Microsoft-Power-Automate/ct-p/MPACommunity + # Licensing and limits + - title: Licensing and limits + linkLists: + - linkListType: overview + links: + - text: Power Automate licensing overview + url: /power-platform/admin/power-automate-licensing/types + - text: Limits and configuration reference + url: limits-and-config.md + - text: Request limits and throttling + url: limits-and-config.md#request-limits + - text: Change or transfer flow ownership + url: change-cloud-flow-owner.md - title: Create and design items: - title: Try/Buy diff --git a/articles/ip-address-configuration.md b/articles/ip-address-configuration.md index 8d10e0f91..109ed7401 100644 --- a/articles/ip-address-configuration.md +++ b/articles/ip-address-configuration.md @@ -22,6 +22,33 @@ This article describes the required configuration for: - Power Automate to connect to services in your network by inbound firewall configuration, and - Your makers and users to access Power Automate to build and use experiences by outbound firewall configuration. +## Find the IP ranges for your scenario + +Use this table to find which IP ranges you need to allowlist. Select your scenario to jump to the relevant section. + +| I need to allowlist IPs for... | What to allowlist | Section | +|---|---|---| +| **Cloud flows calling my API or service** | Power Automate outbound IPs (varies by Azure region where your environment is hosted) | [Outbound IP addresses](#allow-connector-calls-to-your-services) | +| **My firewall to allow cloud flow connectors** | Connector outbound IPs (the connector makes calls from these addresses) | [Connector outbound IP addresses](#allow-connector-calls-to-your-services) | +| **Desktop flows through a proxy or firewall** | Desktop flow service endpoints | [Desktop flow services required for runtime](#allow-machines--users-on-your-network-to-access-power-automate-desktop-services) | +| **On-premises data gateway** | Gateway relay endpoints and outbound IPs | [On-premises data gateway](#other-ip-address-articles) | +| **Power Automate portal access** | Generally not needed (standard HTTPS). If required by strict firewall, allow `*.powerautomate.com` and `*.flow.microsoft.com` | N/A | + +> [!IMPORTANT] +> IP ranges can change. Always verify against the **Azure IP Ranges and Service Tags** JSON file for the most current list: [Download Azure IP Ranges](https://www.microsoft.com/download/details.aspx?id=56519). This JSON file is updated weekly. New ranges that appear in the file don't take effect in Azure for at least one week. + +## Determine your environment's Azure region + +The IP ranges you need depend on the Azure region where your Power Platform environment is hosted. To find your region: + +1. Sign in to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/). +2. Select **Environments** in the left navigation. +3. Select your environment. +4. On the environment details page, find the **Region** field (for example, "United States", "Europe", "Asia Pacific"). + +> [!TIP] +> If your organization has environments in multiple regions, you need to allowlist the IP ranges for each region where flows run. If you're unsure, start with the region of your default environment. + ## High-level recommendation for IP address configuration The simplest mechanism to configure a firewall to allow Power Automate cloud flows to call external services through [connectors](/connectors/overview) is to use [Azure service tags](/azure/virtual-network/service-tags-overview). The primary service tag for Logic Apps connectors is **AzureConnectors**, as described in [Power Platform outbound IP addresses](/connectors/common/outbound-ip-addresses#power-platform). @@ -208,6 +235,31 @@ Learn more about approvals email routing in [Power Automate approval email deliv If you need to authorize IP addresses for your Azure SQL database, use the [Power Platform outbound IP addresses](/connectors/common/outbound-ip-addresses#power-platform). +## Common issues with IP allowlisting + +### My flow fails with a connection timeout after I configured the firewall + +- Verify you allowlisted the **outbound** IPs (the IPs Power Automate calls FROM), not the inbound IPs. +- Check that you included IP ranges for the correct Azure region. If you recently migrated your environment, the region may have changed. +- Some connectors use their own IP ranges separate from the general Power Automate ranges. See [Allow connector calls to your services](#allow-connector-calls-to-your-services). + +### I allowlisted the IPs but they changed + +Azure IP ranges are updated weekly. Subscribe to the [Azure IP Ranges and Service Tags change notifications](https://www.microsoft.com/download/details.aspx?id=56519) to be notified of updates. When possible, use **Azure Service Tags** instead of individual IP addresses in your firewall rules -- service tags are updated automatically. + +Available service tags for Power Automate: +- `PowerPlatformInfra` -- Power Platform infrastructure (recommended for broad allowlisting) +- `AzureConnectors` -- Managed connector outbound IPs + +### Desktop flows fail through our proxy server + +Desktop flow agents need to reach several Microsoft endpoints over HTTPS (port 443). Ensure your proxy allows traffic to: +- `*.servicebus.windows.net` (agent communication relay) +- `*.powerautomate.com` (flow service) +- `*.microsoftonline.com` (authentication) + +If your proxy performs TLS inspection, you may need to add exceptions for these endpoints. See [Allow machines & users on your network to access Power Automate desktop services](#allow-machines--users-on-your-network-to-access-power-automate-desktop-services) for the complete list. + ## Related information - [Azure service tags](/azure/virtual-network/service-tags-overview) diff --git a/articles/limits-and-config.md b/articles/limits-and-config.md index 013fe9762..491c1c7c1 100644 --- a/articles/limits-and-config.md +++ b/articles/limits-and-config.md @@ -26,6 +26,55 @@ ms.custom: bap-template This article contains information about the limits that apply to automated, scheduled, and instant flows, depending on which [Power Automate license](https://make.powerautomate.com/pricing) you have. +## Find your limits quickly + +Use this table to find the limits that apply to your license. If you're not sure which license you have, go to [make.powerautomate.com](https://make.powerautomate.com) > **Settings** (gear icon) > **View my licenses**. + +| What you have | Daily action limit | Daily API requests | Concurrent runs | Flow duration | +|---|---|---|---|---| +| **Microsoft 365 / free** (seeded) | 6,000 actions/day | 6,000/day | 25 per flow | 30 days | +| **Power Automate Premium** (per user) | 40,000 actions/day | 40,000/day | 500 per flow | 30 days | +| **Power Automate Process** (per flow) | 250,000 actions/day | 250,000/day | 500 per flow | 30 days | +| **Pay-as-you-go** | No daily cap (billed per action) | Based on usage | 500 per flow | 30 days | + +> [!NOTE] +> These limits are per user or per flow depending on your license type. For the complete breakdown, see the detailed tables below. For licensing details, see [Power Automate licensing types](/power-platform/admin/power-automate-licensing/types). + +## Common questions about limits + +### What counts as an action? + +Each operation that runs inside your flow counts as one action. This includes triggers, conditions, loops (each iteration counts), and every connector call. A flow with a trigger, a condition, and two actions that runs once uses four actions. If that flow has a loop that iterates 10 times over one action, that single run uses 14 actions (trigger + condition + 10 loop iterations + 2 other actions). + +For more details, see [Action request limits](#action-request-limits). + +### What happens when I hit my limit? + +When you reach your daily action limit: + +- **Your flows are not deleted or disabled.** They are throttled for the remainder of the 24-hour window. +- **Queued actions resume** the next day when the limit resets (midnight UTC). +- **Critical flows keep running** but may experience delays. + +If you consistently hit limits, consider upgrading to a higher-tier license or optimizing your flows to use fewer actions. See [Optimize your flows to use fewer actions](/power-automate/guidance/planning/optimizing-flows). + +### How do I check my current usage? + +Admins can view action usage in the [Power Platform admin center](https://admin.powerplatform.microsoft.com/) under **Analytics** > **Power Automate**. Individual makers can see per-flow run history at [make.powerautomate.com](https://make.powerautomate.com) by selecting a flow and viewing **Run history**. + +> [!TIP] +> If you see "Request was throttled" errors in your flow run history, you've hit a request limit. Check which limit applies to your license in the table above. + +### Does each flow get its own limit, or is it shared? + +For **per-user licenses** (Microsoft 365, Power Automate Premium): The limit is shared across all flows that run under your account in a 24-hour period. + +For **per-flow licenses** (Power Automate Process): Each licensed flow gets its own dedicated limit of 250,000 actions/day, independent of other flows. + +### What is the difference between actions and API requests? + +In most cases, one action equals one API request. However, some actions (like composing a variable or using a condition) are internal and don't make an API call but still count toward your action limit. Connector-specific throttling (for example, SharePoint limiting 600 requests per minute) is separate from your license limit. + ## Performance profiles A flow's *performance profile* determines its Power Platform request limits. The following table describes the plans that are associated with each of the four performance profiles. @@ -232,6 +281,9 @@ When you turn off a cloud flow, no new runs are started. All in-progress and pen When you delete a cloud flow, no new runs are started. All in-progress and pending runs are canceled. If you have thousands of runs, cancellation might take significant time to complete. +> [!TIP] +> **Is my connector standard or premium?** Go to [Power Automate connectors](https://make.powerautomate.com/connectors) and search for your connector. Premium connectors show a diamond icon. Common premium connectors include: SQL Server, HTTP (with Microsoft Entra ID), Dataverse, SAP, Salesforce, and Adobe. Common standard connectors include: SharePoint, Outlook, Teams, OneDrive, Excel, and Approvals. + ## Custom connector limits The following table describes the limits on custom connectors that you can create from web APIs.