14
K

Tenant Capacity API – Service Principal Access Restriction and Documentation Misalignment

Kevin Diep on 10/30/2025 4:09:38 AM

Summary


As of July 1st, the Tenant Capacity Details API stopped working and now returns a 403 Forbidden error.

This change has impacted multiple tenants that rely on this API for automation and capacity monitoring.

 

Concern: Documentation Misalignment


The current behavior contradicts the guidance in the official documentation: https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal


As the public documentation clearly states that:

 

"Authenticating via username and password is often not ideal, especially with the rise of multifactor authentication. In such cases, service principal (or client credentials flow) authentication is preferred. This can be done by both registering a new service principal application in your own Microsoft Entra tenant and then registering that same application with Power Platform."

 

However, service principal authentication is now no longer supported for this endpoint due to security constraints, creating inconsistency and potential operational disruption.

 

Suggestion


We propose 2 options to address this issue:


  • Given tenant capacity is only visible to a Power Platform Admin via Power Platform portal, we propose adding a permission to allow this access to a service principle to keep consistent. Add a permission such as "Licensing.TenantCapacity.Read" this will keep it consistent with M365 graph APIs as well: https://learn.microsoft.com/en-us/power-platform/admin/programmability-permission-reference


  • If introducing a new permission is not feasible, Power Platform already provides a supported process to grant service principal access by having a Power Platform Admin authenticate and approve the required permissions. This approach ensures compliance with current security practices and avoids additional configuration complexity: https://learn.microsoft.com/en-us/power-platform/admin/powerplatform-api-create-service-principal



Why This Matters


This change affects all tenants currently using the API and disrupts existing automation workflows. It also creates barriers for future users who plan to use service principals to access the Tenant Capacity API. Clear communication and updated documentation are essential to help organizations adapt effectively and avoid unnecessary troubleshooting.

Category: Dataverse
STATUS DETAILS
New