Recently, I encountered an issue that had me scratching my head. A developer needed to enable the Power Virtual Agents API permission, but it required approval in SharePoint Online. Here’s what happened and how I resolved it.
The Problem
When I navigated to API Access in SharePoint Online, selected the pending request, and clicked Approve, I received an error.
I had the correct permissions, and there were no outages reported, leaving me puzzled. After some troubleshooting on my own, I decided to open a support ticket with Microsoft. Interestingly, the support engineer was able to replicate the issue on their end, confirming it wasn’t just me.
Troubleshooting Steps
The support team walked me through a few checks. Here’s what we reviewed:
- Check the SharePoint Online Client Extensibility Web Application Principal Helper
- Ensure the Client Extensibility Web Application Principal Helper is enabled for users.
- In my case, it was already enabled, so this wasn’t the root cause.
- Update the Redirect URIs in Azure Portal
This step turned out to be the fix.
Solution: Update Redirect URIs for the SharePoint Web App Principal
Here’s how to resolve the issue:
- Go to the Azure portal and navigate to Applications > App registrations.
- Select the All applications tab and search for SharePoint Web.
- Locate the Principal Helper app and open its overview page.
- Under Redirect URIs, you’ll see something like this:
- 1 web, 0 spa, 0 public client
- Click on this link to begin the migration process.
- On the next screen, you’ll see a link labeled:
- “This app has implicit grant settings enabled. If you are using any of these URIs in SPA with MSAL.js 2.0, you should migrate URIs.”
- Click this link to proceed.
- A side pane will appear with the URI details.
- Check off the URI listed.
- Click Configure to apply the change to the app principal.
Once the URI is updated, return to SharePoint Online and try approving the API request again. This should resolve the issue.
Azure Testing Site 