Microsoft got itself in quite a mess when it announced that users in Office 365 tenants would be able to make self-service purchases for the Power Platform. Some frantic backtracking resulted in a decision to postpone the introduction of the feature until January 14, 2020 and a commitment to deliver administrative controls to allow tenants to disable self-service purchases. Self-service purchase capabilities are not available for Office 365 Government, Nonprofit, and Education tenants.
Without any fuss, Microsoft quietly updated their self-service FAQ on November 19 with the statement that:
Subsequently, Microsoft published Office 365 notification MC196205 to announce the news.
Administrative control over self-service purchases is available through the MSCommerce PowerShell module. Version 1.2 of the module is the latest version, released via the PowerShell Gallery on November 15. This isn’t a particularly feature-rich or easy-to-use module, but it gets the job done.
Installing and Connecting
To install the module and connect to the MSCommerce endpoint, start PowerShell as an administrator to install the module. Then connect to the endpoint as shown below. You’ll be prompted for credentials: because you’re going to interact with the tenant configuration, make sure to use an account belonging to an Office 365 tenant or billing administrator. After connecting, run Get-Command to see the set of cmdlets loaded by the module.
Install-Module -Name MSCommerce -Scope AllUsers -Force
Import-Module MSCommerce
Connect-MSCommerce
Get-Command *-mscommerce*
CommandType Name Version Source
----------- ---- ------- ------
Function Connect-MSCommerce 1.2 mscommerce
Function Get-MSCommercePolicies 1.2 mscommerce
Function Get-MSCommercePolicy 1.2 mscommerce
The MsCommerce endpoint only supports TLS 1.2, so make sure that your workstation supports this protocol.
Policy-Driven Management
As is the norm for many Office 365 management entities these days, control is exerted through policies. If you run the Get-MSCommercePolicies cmdlet, you’ll find that there’s only one policy defined, called AllowSelfServicePurchase.
Get-MSCommercePolicies | fl
Description : This policy allows you to manage whether members of your organization can buy
specified products using self-service purchasing. You can set this policy on a
per-product basis.
PolicyId : AllowSelfServicePurchase
DefaultValue : Enabled
Get-MSCommercePolicy -PolicyId AllowSelfServicePurchase | fl
Looking at the AllowSelfServicePurchase policy, we find:
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase
ProductName ProductId PolicyId PolicyValue
----------- --------- -------- -----------
Power Apps CFQ7TTC0KP0P AllowSelfServicePurchase Enabled
Power BI Pro CFQ7TTC0L3PB AllowSelfServicePurchase Enabled
Power Automate CFQ7TTC0KP0N AllowSelfServicePurchase Enabled
Disabling Self-Service Purchases for One or More Products
So we know that the three apps in the Power Platform are covered by this policy. There’s no granular disablement possible on an account basis; if you disable self-service purchases for a product, it’s off for everyone in the tenant. With that in mind, the Update-MSCommerceProductPolicy cmdlet is the way to disable self-service purchases. An inconsistency is that the other cmdlets report the enabled status as the PolicyValue property while this cmdlet uses the Enabled boolean as the control.
Everyone loves a trier and the Microsoft team responsible for self-service purchases of Power Platform licenses are firmly in this category. Rebuffed in their first attempt to make self-service purchases available to all Office 365 tenants, Office 365 notification MC213897 (21 May) announces that in situations where tenants block self-service purchases, users will be able to request purchases of Power Platform licenses and have those requests added to a queue. Administrators can then review the request and assign licenses to users, if some are available in the tenant. If licenses aren’t available, Microsoft hopes that administrators will respond to user demand and buy some licenses. The feature will start rolling out in mid-June and is scheduled for completion in mid-July 2020.
Administration of an Office 365 tenant can be a pain at times. Learn how to work smarter through the Office 365 for IT Pros eBook.
Description PolicyId
———– ——–
This policy allows you to manage whether members of your organization can buy specified products using self-service purchasing. You can set this policy on a per-product basis. AllowSel…
The release notes say that you’ve got to use TLS 1.2 on the workstation to connect to the MSCommerce endpoint, so that’s why you had to update the protocol.
Just to be clear, the solution to the “HandleError : Failed to retrieve policies, ErrorMessage – The underlying connection was closed: An unexpected error
occurred on a send.” is to run the following PowerShell command:
Love the for loop. Suggest adding a little time delay because I found it runs a little too fast.
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase | ? {$_.PolicyValue -eq “Enabled” }| ForEach {Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $_.ProductId -Enabled $False; Start-Sleep -s 1 }
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
How did you make it work?
If I try against my tenant, I get:
PS C:\Users\administrator.PBNET> Get-MSCommercePolicies
HandleError : Failed to retrieve policies, ErrorMessage – The underlying connection was closed: An unexpected error
occurred on a send. ErrorDetails –
At C:\Program Files\WindowsPowerShell\Modules\MSCommerce\1.2\MSCommerce.psm1:139 char:5
+ HandleError -ErrorContext $_ -CustomErrorMessage “Failed to retri …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,HandleError
Thanks.
Are you logged into an Office 365 Global Admin or Billing Admin account?
I ran into the same issue and the solution is update the ServicePointManager Security Protocol. Below you can see the results.
PS C:\WINDOWS\system32> Get-MSCommercePolicy -PolicyId AllowSelfServicePurchase
HandleError : Failed to retrieve policy with PolicyId ‘AllowSelfServicePurchase’, ErrorMessage – The underlying connection was closed: An unexpected error occurred on a send.
ErrorDetails –
At C:\Program Files\WindowsPowerShell\Modules\MSCommerce\1.2\MSCommerce.psm1:176 char:5
+ HandleError -ErrorContext $_ -CustomErrorMessage “Failed to retri …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,HandleError
PS C:\WINDOWS\system32> [Net.SecurityProtocolType]
IsPublic IsSerial Name BaseType
——– ——– —- ——–
True True SecurityProtocolType System.Enum
PS C:\WINDOWS\system32> [System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls
PS C:\WINDOWS\system32> [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
PS C:\WINDOWS\system32> Get-MSCommercePolicy -PolicyId AllowSelfServicePurchase
Description PolicyId
———– ——–
This policy allows you to manage whether members of your organization can buy specified products using self-service purchasing. You can set this policy on a per-product basis. AllowSel…
PS C:\WINDOWS\system32>
The release notes say that you’ve got to use TLS 1.2 on the workstation to connect to the MSCommerce endpoint, so that’s why you had to update the protocol.
Thanks ! That has fixed my issues
Thx @Jason , same issue here and your solution works like charm 😉
Just to be clear, the solution to the “HandleError : Failed to retrieve policies, ErrorMessage – The underlying connection was closed: An unexpected error
occurred on a send.” is to run the following PowerShell command:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
How are you testing that this has worked?
Log into a user account and test if they can buy some licenses…
Love the for loop. Suggest adding a little time delay because I found it runs a little too fast.
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase | ? {$_.PolicyValue -eq “Enabled” }| ForEach {Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $_.ProductId -Enabled $False; Start-Sleep -s 1 }