From 4e814c0b713290f9dba79090db273294b448bc76 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 24 Dec 2025 04:15:53 +0000 Subject: [PATCH 1/4] Initial plan From a629546d30e1fbd3faa1651677a376b357e9b009 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 24 Dec 2025 04:21:30 +0000 Subject: [PATCH 2/4] Add comprehensive troubleshooting documentation for Office 365 Management API Subscription flow errors Co-authored-by: harini-2-y <235104376+harini-2-y@users.noreply.github.com> --- ...K-FIX-audit-logs-get-azure-secret-error.md | 56 ++++ docs/troubleshooting/README.md | 40 +++ ...management-api-subscription-flow-errors.md | 246 ++++++++++++++++++ 3 files changed, 342 insertions(+) create mode 100644 docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md create mode 100644 docs/troubleshooting/README.md create mode 100644 docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md diff --git a/docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md b/docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md new file mode 100644 index 000000000..4f0f12d18 --- /dev/null +++ b/docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md @@ -0,0 +1,56 @@ +# Quick Fix: Office 365 Management API Subscription Flow - "Get_Azure_Secret" Error + +## Problem +Flow fails with: `Action 'Get_Azure_Secret' failed. Error occurred while reading secret: Value cannot be null. Parameter name: input` + +## Quick Checklist + +- [ ] **Check environment variables exist** (Solutions > Center of Excellence - Core Components > Environment variables): + - [ ] `admin_auditlogsclientid` + - [ ] `admin_auditlogsclientazuresecret` OR `admin_auditlogsclientsecret` + - [ ] `admin_TenantID` + - [ ] `admin_AuditLogsAudience` + - [ ] `admin_AuditLogsAuthority` + +- [ ] **Verify environment variables have values** (not empty) + +- [ ] **Azure AD App Registration** is configured: + - [ ] App is registered in Azure AD + - [ ] API Permissions added: `ActivityFeed.Read`, `ActivityFeed.ReadDlp`, `ServiceHealth.Read` + - [ ] Admin consent granted + - [ ] Client secret created and not expired + +- [ ] **Environment variables configured** with correct values: + - [ ] `admin_auditlogsclientid` = Application (Client) ID from Azure AD + - [ ] `admin_auditlogsclientsecret` = Client Secret value (for text-based) OR + - [ ] `admin_auditlogsclientazuresecret` = Azure Key Vault secret reference (for Key Vault-based) + - [ ] `admin_TenantID` = Your Azure Tenant ID + +- [ ] **Cloud-specific endpoints** are correct: + - Commercial: `https://manage.office.com` / `https://login.windows.net` + - GCC: `https://manage.office365.us` / `https://login.microsoftonline.us` + +- [ ] **Prerequisites met**: + - [ ] Unified Audit Log enabled in Microsoft Purview + - [ ] Appropriate licenses (O365/M365 E3 or E5) + - [ ] Required admin permissions + +## Fastest Fix + +If you need the flow working immediately: + +1. Create a **client secret** in your Azure AD app (Azure Portal > App registrations > Your App > Certificates & secrets) +2. Set environment variable `admin_auditlogsclientsecret` to the secret value (text-based, simpler setup) +3. Set environment variable `admin_auditlogsclientid` to your Application (Client) ID +4. Set environment variable `admin_TenantID` to your Tenant ID +5. Rerun the flow + +**Note**: For production, migrate to Azure Key Vault (`admin_auditlogsclientazuresecret`) for better security. + +## Detailed Guide + +For complete troubleshooting steps, see: [Full Troubleshooting Guide](audit-logs-office365-management-api-subscription-flow-errors.md) + +## Common Mistake + +The error "Value cannot be null" typically means the environment variable itself doesn't exist or is empty, not that the secret retrieval failed. Check the environment variable exists first before troubleshooting other areas. diff --git a/docs/troubleshooting/README.md b/docs/troubleshooting/README.md new file mode 100644 index 000000000..dce289fba --- /dev/null +++ b/docs/troubleshooting/README.md @@ -0,0 +1,40 @@ +# CoE Starter Kit Troubleshooting Guides + +This directory contains troubleshooting guides for common issues encountered when setting up and using the Microsoft Power Platform Center of Excellence (CoE) Starter Kit. + +## Available Guides + +### Audit Logs + +- **[QUICK FIX: Office 365 Management API Get_Azure_Secret Error](QUICK-FIX-audit-logs-get-azure-secret-error.md)** ⚡ + - Quick checklist and fastest fix for "Get_Azure_Secret" errors + - Use this if you need a fast resolution + +- **[Office 365 Management API Subscription Flow Errors (Detailed)](audit-logs-office365-management-api-subscription-flow-errors.md)** + - Comprehensive troubleshooting guide for the "Admin | Audit Logs | Office 365 Management API Subscription" flow + - Covers "Get_Azure_Secret" failures and "Value cannot be null" errors + - Includes detailed setup instructions for Azure AD app registration and environment variables + - Explains the flow logic and fallback mechanisms + +## General Troubleshooting Resources + +For additional help and support: + +- **Official Documentation**: [CoE Starter Kit Documentation](https://learn.microsoft.com/power-platform/guidance/coe/starter-kit) +- **GitHub Issues**: [Report bugs or search existing issues](https://github.com/microsoft/coe-starter-kit/issues) +- **Setup Guides**: [CoE Starter Kit Setup Instructions](https://learn.microsoft.com/power-platform/guidance/coe/setup) +- **Community Forum**: [Power Platform Community](https://powerusers.microsoft.com/t5/Power-Apps-Community/ct-p/PowerApps1) + +## Contributing + +If you've encountered and resolved an issue that's not covered here, consider contributing a troubleshooting guide: + +1. Follow the format of existing guides +2. Include clear problem descriptions, root causes, and step-by-step solutions +3. Add screenshots where helpful +4. Link to relevant official documentation +5. Submit a pull request + +## Disclaimer + +The CoE Starter Kit represents sample implementations of Power Platform features. While the underlying platform features are fully supported by Microsoft, the kit itself is community-supported. For platform issues, contact Microsoft Support through your standard support channels. diff --git a/docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md b/docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md new file mode 100644 index 000000000..718d5c476 --- /dev/null +++ b/docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md @@ -0,0 +1,246 @@ +# Troubleshooting: Admin | Audit Logs | Office 365 Management API Subscription Flow Errors + +## Issue Description + +The **Admin | Audit Logs | Office 365 Management API Subscription** flow fails with the following error: + +``` +Action 'Get_Azure_Secret' failed. +Error occurred while reading secret: Value cannot be null. Parameter name: input +``` + +## Root Causes + +This error occurs when the flow attempts to retrieve the Azure Key Vault secret for the Office 365 Management API authentication but encounters one of the following issues: + +1. **Missing Environment Variable**: The environment variable `admin_auditlogsclientazuresecret` does not exist in your environment +2. **Empty Environment Variable**: The environment variable exists but has no value configured +3. **Incorrect Setup**: The Azure Key Vault integration was not properly configured during setup +4. **Missing Fallback Secret**: Neither the Azure Key Vault secret nor the text-based secret (`admin_auditlogsclientsecret`) is configured + +## Understanding the Flow Logic + +The flow uses a two-tier approach for secret management: + +1. **Primary Method (Azure Key Vault)**: Attempts to retrieve the secret from Azure Key Vault using the `admin_auditlogsclientazuresecret` environment variable +2. **Fallback Method (Text Secret)**: If the Azure Key Vault retrieval fails, it falls back to using the text-based secret from `admin_auditlogsclientsecret` environment variable + +The error occurs when the `Get_Azure_Secret` action receives a null or empty input, preventing it from even attempting to retrieve the secret. + +## Required Environment Variables + +The flow requires one of the following configurations: + +### Option 1: Azure Key Vault (Recommended for Production) +- **admin_auditlogsclientid**: The Application (Client) ID of the Azure AD app registration +- **admin_auditlogsclientazuresecret**: The Azure Key Vault secret reference for the client secret + +### Option 2: Text-based Secret (For Testing/Development) +- **admin_auditlogsclientid**: The Application (Client) ID of the Azure AD app registration +- **admin_auditlogsclientsecret**: The client secret value stored as a plain text environment variable + +### Additional Required Variables +- **admin_TenantID**: Your Azure Tenant ID +- **admin_AuditLogsAudience**: The audience URL (default: `https://manage.office.com`) +- **admin_AuditLogsAuthority**: The authority URL (default: `https://login.windows.net`) + +## Troubleshooting Steps + +### Step 1: Verify Environment Variables Exist + +1. Navigate to your **CoE Governance** environment in Power Platform Admin Center +2. Go to **Solutions** > Open the **Center of Excellence - Core Components** solution +3. Select **Environment variables** from the left navigation +4. Check if the following environment variables exist: + - `admin_auditlogsclientid` + - `admin_auditlogsclientazuresecret` OR `admin_auditlogsclientsecret` + - `admin_TenantID` + - `admin_AuditLogsAudience` + - `admin_AuditLogsAuthority` + +### Step 2: Verify Environment Variable Values + +1. For each environment variable found in Step 1: + - Click on the environment variable to open it + - Check if the **Current Value** field has a value + - If the Current Value is empty, you need to add a value + +### Step 3: Configure Azure AD App Registration + +If you haven't set up the Azure AD app registration for Office 365 Management API: + +1. **Register an Azure AD Application**: + - Go to Azure Portal > Azure Active Directory > App registrations + - Click "New registration" + - Name: "CoE Audit Logs API Access" (or similar) + - Supported account types: "Accounts in this organizational directory only" + - Click "Register" + +2. **Configure API Permissions**: + - In your app registration, go to "API permissions" + - Click "Add a permission" + - Select "Office 365 Management APIs" + - Select "Application permissions" + - Add the following permissions: + - `ActivityFeed.Read` + - `ActivityFeed.ReadDlp` + - `ServiceHealth.Read` + - Click "Grant admin consent" (requires Global Admin or Application Admin role) + +3. **Create a Client Secret**: + - In your app registration, go to "Certificates & secrets" + - Click "New client secret" + - Add a description and select expiration period + - Click "Add" + - **Important**: Copy the secret value immediately (you won't be able to see it again) + +4. **Get the Application (Client) ID**: + - From the app registration Overview page, copy the "Application (client) ID" + +### Step 4: Configure Environment Variables + +#### Option A: Using Azure Key Vault (Recommended) + +1. **Set up Azure Key Vault** (if not already done): + - Create an Azure Key Vault in your Azure subscription + - Add the client secret to Key Vault with a descriptive name (e.g., "coe-audit-logs-secret") + - Configure access policies to allow your Power Platform environment to read secrets + +2. **Configure Environment Variables**: + - In Power Platform, set `admin_auditlogsclientid` to your Application (Client) ID + - Set `admin_auditlogsclientazuresecret` as a "Secret" type and link it to your Azure Key Vault secret + - Set `admin_TenantID` to your Azure Tenant ID + +#### Option B: Using Text-based Secret (Simple Setup) + +1. **Configure Environment Variables**: + - In Power Platform, set `admin_auditlogsclientid` to your Application (Client) ID + - Set `admin_auditlogsclientsecret` to your client secret value + - Set `admin_TenantID` to your Azure Tenant ID + - **Note**: This stores the secret in plain text; use Azure Key Vault for production environments + +### Step 5: Verify Tenant ID and Endpoint Configuration + +1. Verify `admin_TenantID`: + - Go to Azure Portal > Azure Active Directory > Overview + - Copy the "Tenant ID" + - Update the environment variable if needed + +2. Verify endpoint configurations based on your cloud: + - **Commercial Cloud**: + - `admin_AuditLogsAudience`: `https://manage.office.com` + - `admin_AuditLogsAuthority`: `https://login.windows.net` + - **GCC (US Government)**: + - `admin_AuditLogsAudience`: `https://manage.office365.us` + - `admin_AuditLogsAuthority`: `https://login.microsoftonline.us` + - **GCC High**: + - `admin_AuditLogsAudience`: `https://manage.office365.us` + - `admin_AuditLogsAuthority`: `https://login.microsoftonline.us` + +### Step 6: Test the Flow + +1. Open the **Admin | Audit Logs | Office 365 Management API Subscription** flow +2. Click "Run" or "Test" +3. When prompted, enter one of the following operations: + - `list` - Check if subscription exists + - `start` - Start the subscription + - `stop` - Stop the subscription +4. Review the run history: + - If successful, you should see a "Succeeded" status + - If it fails, check the error details in the flow run history + +### Step 7: Verify Flow Connections + +1. Open the flow in edit mode +2. Check all connection references: + - Dataverse connections should be properly authenticated + - No warnings or errors should appear on actions +3. If you see connection errors: + - Click "Edit" on the connection + - Re-authenticate with an account that has appropriate permissions + +## Common Errors and Solutions + +### Error: "Value cannot be null. Parameter name: input" + +**Solution**: The environment variable for the Azure secret is not configured. Follow Step 4 above to configure either `admin_auditlogsclientazuresecret` or `admin_auditlogsclientsecret`. + +### Error: "Unauthorized" or "401" status code + +**Solution**: +1. Verify the client secret hasn't expired +2. Check that API permissions are properly configured and admin consent is granted +3. Verify the Application (Client) ID is correct + +### Error: "Forbidden" or "403" status code + +**Solution**: +1. Ensure the Azure AD app has the required API permissions (`ActivityFeed.Read`, `ActivityFeed.ReadDlp`) +2. Verify admin consent has been granted for the permissions +3. Check that the service principal is enabled in your tenant + +### Error: "The remote server returned an error: (404) Not Found" + +**Solution**: +1. Verify you're using the correct audience URL for your cloud environment +2. Ensure the tenant ID is correct +3. Check that Office 365 audit logging is enabled in your tenant + +## Prerequisites + +Before using the Office 365 Management API Subscription flow, ensure: + +1. **Unified Audit Log is enabled**: + - Go to Microsoft Purview compliance portal > Audit + - Verify audit log search is enabled + - If disabled, turn it on (may take up to 24 hours to become active) + +2. **Required Licenses**: + - Office 365 E3/E5 or Microsoft 365 E3/E5 licenses + - Audit logging capabilities are included in these licenses + +3. **Required Permissions**: + - Azure AD: Application Administrator or Global Administrator (for app registration) + - Power Platform: System Administrator on the CoE environment + - Office 365: Global Administrator (to enable audit logging) + +## Related Documentation + +- [CoE Starter Kit Setup Guide](https://learn.microsoft.com/power-platform/guidance/coe/setup) +- [Set Up Audit Log Components](https://learn.microsoft.com/power-platform/guidance/coe/setup-auditlog) +- [Office 365 Management Activity API Reference](https://learn.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference) +- [Enable or disable unified audit logging](https://learn.microsoft.com/microsoft-365/compliance/audit-log-enable-disable) + +## Prevention + +To prevent this issue in future deployments: + +1. **Use the Setup Wizard**: The CoE Starter Kit includes a setup wizard that guides you through configuring all required environment variables +2. **Document Your Configuration**: Keep a record of all environment variables and their purposes +3. **Use Azure Key Vault**: For production environments, always use Azure Key Vault for storing secrets +4. **Monitor Secret Expiration**: Set up alerts for when client secrets are about to expire +5. **Regular Testing**: Periodically test the flow to ensure it's working correctly + +## Additional Support + +If you continue to experience issues after following these steps: + +1. Check the [CoE Starter Kit GitHub Issues](https://github.com/microsoft/coe-starter-kit/issues) for similar problems +2. Review the flow run history for detailed error messages +3. Enable flow run history with detailed tracking to get more diagnostic information +4. File a new issue on GitHub with: + - CoE Starter Kit version + - Error message and flow run history screenshot + - Steps you've already taken to troubleshoot + - Your cloud environment type (Commercial, GCC, etc.) + +## Summary + +The "Value cannot be null" error in the Office 365 Management API Subscription flow is typically caused by missing or empty environment variables for authentication. By following the troubleshooting steps above, you should be able to: + +1. Identify which environment variables are missing or empty +2. Configure the Azure AD app registration properly +3. Set up the correct authentication method (Azure Key Vault or text-based) +4. Successfully run the subscription flow + +Remember that the flow supports both Azure Key Vault and text-based secrets, so you can choose the method that best fits your security requirements and environment setup. From 31a236894f887d5f2c265c96200616252ed4bb31 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 24 Dec 2025 04:22:57 +0000 Subject: [PATCH 3/4] Add issue analysis and response template for Office 365 Management API Subscription flow errors Co-authored-by: harini-2-y <235104376+harini-2-y@users.noreply.github.com> --- ...S-office365-management-api-subscription.md | 188 ++++++++++++++++++ ...SE-TEMPLATE-audit-logs-get-azure-secret.md | 90 +++++++++ 2 files changed, 278 insertions(+) create mode 100644 docs/troubleshooting/ISSUE-ANALYSIS-office365-management-api-subscription.md create mode 100644 docs/troubleshooting/ISSUE-RESPONSE-TEMPLATE-audit-logs-get-azure-secret.md diff --git a/docs/troubleshooting/ISSUE-ANALYSIS-office365-management-api-subscription.md b/docs/troubleshooting/ISSUE-ANALYSIS-office365-management-api-subscription.md new file mode 100644 index 000000000..9b9325321 --- /dev/null +++ b/docs/troubleshooting/ISSUE-ANALYSIS-office365-management-api-subscription.md @@ -0,0 +1,188 @@ +# Issue Response: Admin | Audit Logs | Office 365 Management API Subscription Flow Fails + +## Issue Summary + +**Reported Issue**: The Admin | Audit Logs | Office 365 Management API Subscription Flow fails on Action 'Get_Azure_Secret' with error: "Error occurred while reading secret: Value cannot be null. Parameter name: input" + +**Solution Version**: 4.50.6 +**Component**: Core - Audit Logs +**Environment**: CoE - Governance environment + +## Analysis + +### Root Cause +The flow is failing because the required environment variable for Office 365 Management API authentication is not properly configured. The flow expects one of these environment variables: +- `admin_auditlogsclientazuresecret` (Azure Key Vault secret reference), or +- `admin_auditlogsclientsecret` (text-based client secret) + +When the `Get_Azure_Secret` action receives a null or empty input, it throws this error. + +### Flow Architecture +The flow uses a two-tier authentication approach: +1. **Primary**: Attempts to retrieve the secret from Azure Key Vault using `admin_auditlogsclientazuresecret` +2. **Fallback**: If Azure Key Vault fails, it uses the text-based secret from `admin_auditlogsclientsecret` + +The error occurs before the fallback mechanism can engage, indicating the primary environment variable is missing or null. + +## Troubleshooting Steps + +### Immediate Action Required + +1. **Verify Environment Variables Exist** + - Navigate to: Power Platform Admin Center > Your CoE Environment > Solutions + - Open: "Center of Excellence - Core Components" solution + - Go to: Environment variables + - Check for these variables: + - `admin_auditlogsclientid` ✅ + - `admin_auditlogsclientazuresecret` OR `admin_auditlogsclientsecret` ✅ + - `admin_TenantID` ✅ + - `admin_AuditLogsAudience` ✅ + - `admin_AuditLogsAuthority` ✅ + +2. **Verify Values are Not Empty** + - Click each environment variable + - Confirm "Current Value" field contains a value + - If empty, proceed to configuration steps below + +### Configuration Steps + +#### Prerequisites +Before configuring the flow, ensure you have: + +1. **Azure AD App Registration** set up: + - Go to: Azure Portal > Azure Active Directory > App registrations + - If no app exists for CoE Audit Logs, create one: + - Click "New registration" + - Name: "CoE Audit Logs API Access" + - Supported account types: Single tenant + - Click "Register" + +2. **API Permissions** configured: + - In app registration, go to "API permissions" + - Add "Office 365 Management APIs" permissions: + - `ActivityFeed.Read` (Application) + - `ActivityFeed.ReadDlp` (Application) + - `ServiceHealth.Read` (Application) + - Click "Grant admin consent" + +3. **Client Secret** created: + - In app registration, go to "Certificates & secrets" + - Click "New client secret" + - Add description and set expiration + - **IMPORTANT**: Copy the secret value immediately + +4. **Application Details** noted: + - From app registration Overview, copy: + - Application (client) ID + - Directory (tenant) ID + +#### Configure Environment Variables (Simple Method) + +For quickest resolution, use text-based secret: + +1. In Power Platform, open environment variables in the Core Components solution +2. Set the following values: + - `admin_auditlogsclientid` = Your Application (Client) ID + - `admin_auditlogsclientsecret` = Your Client Secret value + - `admin_TenantID` = Your Tenant ID + - `admin_AuditLogsAudience` = `https://manage.office.com` (for Commercial cloud) + - `admin_AuditLogsAuthority` = `https://login.windows.net` (for Commercial cloud) + +**Note**: If using GCC or other clouds, adjust the audience and authority URLs accordingly. + +#### Configure Environment Variables (Azure Key Vault Method - Recommended) + +For production environments: + +1. Create/use Azure Key Vault and add your client secret +2. Configure environment variables: + - `admin_auditlogsclientid` = Your Application (Client) ID + - `admin_auditlogsclientazuresecret` = (Type: Secret, linked to Key Vault) + - `admin_TenantID` = Your Tenant ID + - Set audience and authority URLs as above + +### Testing the Flow + +After configuration: + +1. Open the flow in Power Automate +2. Click "Test" > "Manually" +3. Enter "list" as the operation parameter +4. Run the flow +5. Check results: + - **Success**: Flow shows "Succeeded" status + - **Still failing**: Check flow run history for specific error details + +## Quick Reference Documentation + +We've created comprehensive troubleshooting documentation for this issue: + +### 1. Quick Fix Guide (⚡ Start Here) +**File**: `docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md` +- Checklist format +- Fastest path to resolution +- Common mistakes to avoid + +### 2. Detailed Troubleshooting Guide +**File**: `docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md` +- Comprehensive step-by-step instructions +- Understanding flow logic +- All configuration scenarios +- Common errors and solutions +- Cloud-specific configurations + +### 3. Issue Response Template +**File**: `docs/troubleshooting/ISSUE-RESPONSE-TEMPLATE-audit-logs-get-azure-secret.md` +- Template for responding to similar issues +- Can be used by maintainers + +## Additional Prerequisites + +Before the flow can work, ensure: + +1. **Unified Audit Log Enabled**: + - Go to: Microsoft Purview compliance portal > Audit + - Turn on audit log search + - Allow 24 hours for activation + +2. **Appropriate Licenses**: + - Office 365 E3/E5 or Microsoft 365 E3/E5 + - Required for audit logging capabilities + +3. **Required Permissions**: + - Azure AD: Application Administrator or Global Administrator + - Power Platform: System Administrator on CoE environment + - Office 365: Global Administrator (to enable audit logging) + +## Expected Behavior After Fix + +Once properly configured, the flow should: +1. Authenticate using the configured credentials +2. Successfully connect to Office 365 Management API +3. Perform the requested operation (list/start/stop) +4. Return a success status with operation results + +## Related Links + +- [CoE Starter Kit Setup Guide](https://learn.microsoft.com/power-platform/guidance/coe/setup) +- [Set Up Audit Log Components](https://learn.microsoft.com/power-platform/guidance/coe/setup-auditlog) +- [Office 365 Management Activity API](https://learn.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference) +- [Enable Unified Audit Logging](https://learn.microsoft.com/microsoft-365/compliance/audit-log-enable-disable) + +## Follow-up + +After implementing the fix, please: +1. Confirm the flow runs successfully +2. Test all operations: list, start, stop +3. Verify audit log data collection is working +4. Update this issue with your results + +If issues persist after following these steps, please provide: +- Screenshot of environment variables (with secrets redacted) +- Flow run history screenshot +- Specific error messages from the failed run +- Your cloud environment type (Commercial, GCC, etc.) + +--- + +**Note**: This issue has been addressed with comprehensive documentation to help current and future users resolve similar configuration problems. diff --git a/docs/troubleshooting/ISSUE-RESPONSE-TEMPLATE-audit-logs-get-azure-secret.md b/docs/troubleshooting/ISSUE-RESPONSE-TEMPLATE-audit-logs-get-azure-secret.md new file mode 100644 index 000000000..51444c8d7 --- /dev/null +++ b/docs/troubleshooting/ISSUE-RESPONSE-TEMPLATE-audit-logs-get-azure-secret.md @@ -0,0 +1,90 @@ +# Issue Response Template: Office 365 Management API Subscription Flow - Get_Azure_Secret Error + +Use this template when responding to issues related to the Office 365 Management API Subscription flow failing with "Get_Azure_Secret" errors. + +--- + +## Response Template + +Thank you for reporting this issue. The error you're experiencing with the **Admin | Audit Logs | Office 365 Management API Subscription** flow is a common configuration issue related to missing or empty environment variables. + +### Summary + +The error `Action 'Get_Azure_Secret' failed. Error occurred while reading secret: Value cannot be null. Parameter name: input` occurs when the flow attempts to retrieve the Azure Key Vault secret for Office 365 Management API authentication but the required environment variable is not configured. + +### Root Cause + +The flow expects one of these environment variables to be configured: +- `admin_auditlogsclientazuresecret` (Azure Key Vault-based secret - recommended) +- `admin_auditlogsclientsecret` (text-based secret - simpler setup) + +When neither is properly configured, the flow fails at the `Get_Azure_Secret` action. + +### Quick Resolution + +For a fast resolution, please follow our **[Quick Fix Guide](../docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md)** which provides a checklist and the fastest path to get your flow working. + +**TL;DR**: +1. Verify environment variables exist and have values (Solutions > Environment variables) +2. Set up an Azure AD app registration with Office 365 Management API permissions +3. Configure `admin_auditlogsclientid` with your Application (Client) ID +4. Configure `admin_auditlogsclientsecret` with your client secret value +5. Configure `admin_TenantID` with your Azure Tenant ID +6. Rerun the flow + +### Detailed Troubleshooting + +For comprehensive troubleshooting steps, including: +- Understanding the flow logic and fallback mechanisms +- Azure AD app registration setup +- Azure Key Vault configuration +- Cloud-specific endpoint configurations +- Common errors and their solutions + +Please see our **[Detailed Troubleshooting Guide](../docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md)**. + +### Prerequisites + +Before using this flow, ensure: +1. ✅ Unified Audit Log is enabled in Microsoft Purview +2. ✅ You have appropriate licenses (Office 365/Microsoft 365 E3 or E5) +3. ✅ You have required admin permissions (Azure AD Application Administrator, Power Platform System Administrator) + +### Related Issues + +This issue is similar to: +- Missing environment variable configurations during initial setup +- Azure AD app registration not properly configured +- Client secrets that have expired + +### Next Steps + +After following the troubleshooting guides: +1. Test the flow with the `list` operation to verify the configuration +2. If successful, you can proceed with `start` or `stop` operations +3. If you continue to experience issues, please provide: + - Screenshot of your environment variables (with sensitive values redacted) + - Flow run history screenshot showing the specific error + - Your CoE Starter Kit version + - Your cloud environment type (Commercial, GCC, GCC High, etc.) + +### Additional Resources + +- [CoE Starter Kit Setup Guide](https://learn.microsoft.com/power-platform/guidance/coe/setup) +- [Set Up Audit Log Components](https://learn.microsoft.com/power-platform/guidance/coe/setup-auditlog) +- [Office 365 Management Activity API Reference](https://learn.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference) + +--- + +Please let us know if you have any questions or if you're still experiencing issues after following these guides! + +--- + +## Customization Notes for Responders + +When using this template: +1. Replace relative links with full GitHub links to the documentation files +2. Adjust the response based on the specific details provided by the issue reporter +3. If they've already tried some steps, acknowledge that and focus on what they haven't tried +4. If multiple issues are reported, address each one or ask them to split into separate issues +5. Add labels: `area: audit logs`, `type: configuration`, `status: needs information` (if waiting for user response) From 20316905bbc5abbb554d2ba97804483d3c766214 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 24 Dec 2025 04:24:34 +0000 Subject: [PATCH 4/4] Add GitHub issue comment template for Office 365 Management API Subscription flow errors Co-authored-by: harini-2-y <235104376+harini-2-y@users.noreply.github.com> --- .../GITHUB-ISSUE-COMMENT-template.md | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 docs/troubleshooting/GITHUB-ISSUE-COMMENT-template.md diff --git a/docs/troubleshooting/GITHUB-ISSUE-COMMENT-template.md b/docs/troubleshooting/GITHUB-ISSUE-COMMENT-template.md new file mode 100644 index 000000000..1680bb16d --- /dev/null +++ b/docs/troubleshooting/GITHUB-ISSUE-COMMENT-template.md @@ -0,0 +1,114 @@ +# GitHub Issue Comment - Office 365 Management API Subscription Flow Error + +**Copy and paste this comment to the GitHub issue** + +--- + +Thank you for reporting this issue! I've analyzed the problem and created comprehensive documentation to help you resolve it. + +## 🔍 Issue Analysis + +The error `Action 'Get_Azure_Secret' failed. Error occurred while reading secret: Value cannot be null. Parameter name: input` indicates that the required environment variables for Office 365 Management API authentication are not properly configured in your CoE environment. + +## ⚡ Quick Fix (Start Here!) + +For the fastest resolution, please follow our **Quick Fix Guide**: +[QUICK-FIX-audit-logs-get-azure-secret-error.md](../docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md) + +**TL;DR** - The flow needs these environment variables configured: +1. ✅ `admin_auditlogsclientid` - Your Azure AD app's Application (Client) ID +2. ✅ `admin_auditlogsclientsecret` - Your Azure AD app's client secret (simpler option) + OR `admin_auditlogsclientazuresecret` - Azure Key Vault secret reference (production option) +3. ✅ `admin_TenantID` - Your Azure Tenant ID + +## 📚 Documentation Created + +I've created comprehensive troubleshooting documentation for this issue: + +### 1. **Quick Fix Checklist** ⚡ (2-3 minutes) +**Location**: `docs/troubleshooting/QUICK-FIX-audit-logs-get-azure-secret-error.md` + +- Fast checklist format +- Step-by-step fastest fix +- Common mistakes highlighted + +### 2. **Detailed Troubleshooting Guide** 📖 (Complete reference) +**Location**: `docs/troubleshooting/audit-logs-office365-management-api-subscription-flow-errors.md` + +Includes: +- Root cause analysis +- Understanding the flow architecture +- Step-by-step Azure AD app setup +- Environment variable configuration (both methods) +- Cloud-specific configurations (Commercial, GCC, GCC High) +- Common errors and solutions +- Prerequisites checklist + +### 3. **Issue-Specific Analysis** 🎯 +**Location**: `docs/troubleshooting/ISSUE-ANALYSIS-office365-management-api-subscription.md` + +- Analysis specific to your reported issue +- Immediate action steps +- Expected behavior after fix +- Follow-up checklist + +### 4. **Troubleshooting Index** +**Location**: `docs/troubleshooting/README.md` + +- Central index of all troubleshooting guides + +## 🔧 What You Need to Do + +### Step 1: Set Up Azure AD App Registration (if not done) + +1. Go to Azure Portal > Azure Active Directory > App registrations +2. Create a new app registration for CoE Audit Logs +3. Add API permissions: `ActivityFeed.Read`, `ActivityFeed.ReadDlp`, `ServiceHealth.Read` (Office 365 Management APIs) +4. Grant admin consent +5. Create a client secret and copy it immediately +6. Note your Application (Client) ID and Tenant ID + +### Step 2: Configure Environment Variables + +1. Navigate to Power Platform Admin Center > Your CoE Environment > Solutions +2. Open "Center of Excellence - Core Components" solution +3. Go to Environment variables +4. Set the required values (see Quick Fix guide above) + +### Step 3: Test the Flow + +1. Open the flow in Power Automate +2. Test with operation: "list" +3. Verify success + +## 📋 Prerequisites + +Before the flow can work, ensure: +- ✅ Unified Audit Log is enabled in Microsoft Purview (takes up to 24 hours after enabling) +- ✅ You have Office 365/Microsoft 365 E3 or E5 licenses +- ✅ You have appropriate admin permissions + +## 🆘 Still Having Issues? + +If you continue to experience problems after following the documentation: + +1. Check that all environment variables have values (not empty) +2. Verify your client secret hasn't expired +3. Confirm admin consent was granted for API permissions +4. Ensure Unified Audit Log is enabled and has been active for 24+ hours + +**Please provide**: +- Screenshot of your environment variables (with secrets redacted) +- Flow run history screenshot showing the error +- Your cloud environment type (Commercial, GCC, etc.) + +## 🔗 Additional Resources + +- [CoE Starter Kit Setup Guide](https://learn.microsoft.com/power-platform/guidance/coe/setup) +- [Set Up Audit Log Components](https://learn.microsoft.com/power-platform/guidance/coe/setup-auditlog) +- [Office 365 Management API Reference](https://learn.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference) + +--- + +**This issue has been addressed with comprehensive troubleshooting documentation. Please follow the guides above and let us know if you have any questions or need further assistance!** +