Power Platform Pipelines became GA two years ago and now ship as the default ALM tooling. They are good. They are not enough on their own for an enterprise pipeline, and the gap is documentation Microsoft has not written.
What Pipelines do well
A native deployment from a development environment through test, UAT, and production with managed solution promotion, no service-principal scripting required. Approvals are built in. The deployment history is queryable in Dataverse. For a 3-environment shop with one developer, this is enough.
Where Pipelines fall short
- No connection-reference rebinding logic for environment-specific values beyond the basic prompt.
- No environment variable layering that maps to your existing Azure Key Vault.
- No automated pre-deployment validation (PCF version compatibility, plugin assembly signing).
- No rollback. Rolling back means deploying the previous solution, which is not the same thing.
The hybrid model that works
Use Pipelines for the promotion (it handles solution layering correctly). Bolt Azure DevOps or GitHub Actions around it for everything else:
Dev environment -> Solution Checker (gate) -> Pack via XrmTooling
-> Source-controlled solution.zip -> Pipeline trigger via API
-> Post-deploy: bind connections, set env vars from Key Vault, smoke testThe Pipelines REST API endpoint is https://api.powerplatform.com/appmanagement/{environment}/pipelines/{id}/run and it accepts a parameters block for variable overrides.
Managed vs unmanaged: the rule
Production environments must contain only managed solutions plus the Default Solution. If anyone has ever made an unmanaged change directly in production, your pipeline promotions will create layered customizations that override your dev work. Audit production for unmanaged components monthly using the unmanagedcomponents admin report.
Solution layering pitfalls
When two managed solutions touch the same component, the last installed wins. Order matters and is invisible from the Pipelines UI. Maintain a solutions-manifest.json in source control listing the install order. Your future self will thank you.
Connection references: the real work
Every flow and connector needs a connection reference. In a 3-environment promotion, you have 3 sets of credentials to rebind. The Pipelines UI prompts at deployment time, which does not scale past five connections. Use the Set-PowerPlatformConnectionReference API call as a post-deploy step bound to environment-specific service principals.
What to do this week
Pull the deployment history for the last 30 days from Dataverse (pipelinedeployment table). Count how many promotions failed at the connection-reference rebind step. That number is your investment case for automating the rebind via API.
