Audience: Power Platform Administrators, System Administrators, Support Engineers
Overview
This article explains how to diagnose and resolve situations where the Work 365 model-driven app does not appear in My Apps or in Dynamics. It covers the modern maker experience (make.powerapps.com), environment and license checks via the Power Platform admin center (https://admin.powerplatform.com), the requirement for appropriate administrative roles, and handling custom security roles (for example, Skyblue PV).
Key concepts
Model-driven app (Work 365): An app deployed on Dataverse/Dynamics whose visibility is controlled by app sharing and security roles.
Security roles: Role-based privileges that determine what users and teams can see and do. Role privileges (for example, Customization and table/entity read permissions) affect app visibility.
Power Platform admin center: Central portal for managing environments, licensing, and environment-level access controls (https://admin.powerplatform.com). Some checks require Power Platform Admin, Environment Admin, or System Administrator privileges.
Custom roles: Custom security roles must be associated with the model-driven app before they can be used to grant access.
How it works — step-by-step troubleshooting
Confirm the Work 365 solution is installed
In the target environment, open Solutions and verify that the Work 365 solution is present and published. If it is missing, install or restore it in the correct environment.
Check app sharing and roles in the maker portal
Sign in to https://make.powerapps.com → Apps → locate the Work 365 tile → click … (More options) → Share / Manage roles. From here, you can see which security roles are associated with the app and which users or teams have access. This is the recommended UI for model-driven apps.
Associate custom roles with the app
If your organization uses custom roles, ensure the custom role is added to the app’s role list in the Share/Manage roles dialog. If a role is not associated with the app, it will not be selectable when granting access. Only roles associated with the app can be used to grant visibility.
Verify security role privileges
Open Security Roles (Settings → Security or via the maker portal). Inspect the role(s) assigned to the user and confirm required privileges are present—particularly Customization and Read privileges on the tables/entities used by the app. Insufficient privileges can prevent the app from appearing even when the role is assigned.
Check team membership and inherited roles
Determine whether the user is a member of any Teams that have roles applied. Roles inherited via Teams affect app visibility; verify both direct role assignments and team-based assignments.
Validate environment access and licensing in the Power Platform admin center
In https://admin.powerplatform.com, confirm the user has a suitable license and that the environment is not restricted (for example, by an Entra security group or tenant policy). These checks typically require Power Platform Admin, Environment Admin, or System Administrator permissions.
Open the app by direct URL and capture the response
If sharing appears correct but the app is still not visible, open the app’s direct URL. Record the exact message (e.g., “You don’t have permission” or “App not found”). The message helps distinguish role/permission problems from solution or environment issues.
Clear cache and force refresh
After making role or sharing changes, have the user sign out, clear browser cache/cookies, and sign in again (or use an in-private window). Security changes can take a few minutes to propagate; a refresh often resolves visibility delays.
Use cases
The new hire cannot see Work 365 after onboarding.
A custom role was created but not associated with the app.
Environment visibility is limited by Entra security groups or tenant policies.
Best practices
Always associate any custom roles with the model-driven app before assigning them to users or teams. This prevents unexpected visibility issues.
Use Entra security groups together with Power Platform teams for scalable role management in larger organizations.
Document role changes (who made the change and when) for auditability and rollback.
Use the Power Platform admin center to validate environment health, licensing, and access control settings.
FAQ
Do I need Global Admin to fix this?
No. Global Admin is not always required. For environment-level and tenant-level checks you typically need Power Platform Admin, Environment Admin, or System Administrator permissions. App sharing and role association can often be performed by an App Maker or environment admin depending on how tenant permissions are delegated.
Why doesn’t my custom role appear when I try to share the app?
Because the custom role must first be associated with the model-driven app (Share → Manage roles). Only roles that are associated with the app will be available to assign when sharing.
Summary
Make sure the Work 365 solution is installed in the correct environment, verify app sharing and role associations in the maker portal, associate any custom roles to the app before assigning them, confirm role privileges are sufficient, and validate environment visibility and licensing in the Power Platform admin center. When escalations are necessary, include the checklist items above to accelerate troubleshooting.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article