Boutique Microsoft Partners are often stuck between two choices when building portals:
- ship quickly with low-code portal pages, or
- build a “real” React portal outside the platform and spend months recreating auth, security, ALM, and governance.
Microsoft’s new Single-Page Application (SPA) support in Power Pages (Preview) is interesting because it tries to remove that tradeoff: bring a modern React-based SPA experience into Power Pages while still keeping the platform’s enterprise security and hosting model.
This blog explains what Microsoft released, why it matters for partners and ISVs, and when to choose Power Pages SPA vs other options.
What Microsoft introduced (in plain terms)
Power Pages now supports creating and deploying complete SPAs through a code-first approach. Microsoft specifically calls out:
- React-based, component-driven experiences
- AI-assisted development (GitHub Copilot)
- Power Pages Web APIs for data operations
- Deployment to Power Pages environments using Power Platform CLI
- Security/governance maintained via Power Pages controls
Why boutique Partners / ISVs should care
If you’re a CTO/architect at a smaller partner, you typically need three things:
1) Modern UX without portal “limitations”
A SPA model helps you build app-like experiences (complex UI state, components, snappy interactions) in a way front-end teams already understand.
2) Platform-grade security without rebuilding it
Power Pages is already built around identity + authorization via web roles and table permissions. This matters when you’re building external portals and need predictable, auditable access control.
3) A real ALM story
The Power Platform CLI gives you a repeatable path for moving portal assets across environments (Dev → Test → Prod) and supporting CI/CD workflows.
How the architecture works (high level)
Think of Power Pages SPA as four layers:
1) Frontend (your SPA)
You build a React SPA with full control over UI/UX. Microsoft positions this as a pro-code workflow with room for AI-assisted development.
2) Data access (Power Pages Web APIs)
Your SPA uses Power Pages Web APIs to read/write data.
3) Security (web roles + table permissions enforced on API calls)
Even though the app is client-side, Power Pages enforces table permissions and web roles on Web API calls so data access aligns with the user’s role.
4) Deployment/hosting (Power Pages + CLI)
You deploy the SPA to Power Pages using CLI commands (upload/download).
Deployment flow (what your team actually does)
Microsoft shows a streamlined CLI approach for SPA sites, including commands to upload and download SPA code sites.
In partner terms, that enables a clean loop:
- Devs build locally (React, TS, Copilot, etc.)
- CI builds the compiled assets
- CLI deploys to the target Power Pages environment
- You repeat across Dev/Test/Prod as part of release management
Important preview constraints (read before committing)
Because it’s new/preview, there are real limitations you should factor into architecture decisions:
- Out-of-the-box lists/forms aren’t supported for SPA sites; you build your own UI and use Web APIs.
- SEO is limited because SPA sites are client-side rendered.
- Source control nuance: Git integration can be used, but Microsoft notes that only compiled web files are added to repo, not full source.
- Some “bring your own component into an existing site” scenarios aren’t supported the way teams might expect today.
For boutique partners, the takeaway is simple: treat Power Pages SPA like a pro-code portal experience inside Power Platform, not like classic Power Pages pages with extra sprinkles.
When to choose Power Pages SPA vs alternatives
Choose Power Pages SPA when:
- You need modern, app-like UX for an external portal (tenant portal, onboarding, service requests, partner portal).
- You want to stay inside Power Platform for identity, governance, and Dataverse security.
- You have (or can staff) React/TypeScript capability.
- You want a cleaner DevOps story via CLI.
Choose classic Power Pages when:
- You rely heavily on OOTB lists/forms and rapid maker-led iteration.
Choose a custom React portal outside Power Platform when:
- SEO is a core requirement at scale, or you need full SSR/Next.js style search visibility (and you’re willing to own the full security/hosting/ALM burden).
A practical partner checklist (use this on day 0)
Choose Power Pages SPA when:
- You need modern, app-like UX for an external portal (tenant portal, onboarding, service requests, partner portal).
- You want to stay inside Power Platform for identity, governance, and Dataverse security.
- You have (or can staff) React/TypeScript capability.
- You want a cleaner DevOps story via CLI.
Choose classic Power Pages when:
- You rely heavily on OOTB lists/forms and rapid maker-led iteration.
Choose a custom React portal outside Power Platform when:
- SEO is a core requirement at scale, or you need full SSR/Next.js style search visibility (and you’re willing to own the full security/hosting/ALM burden).
A practical partner checklist (use this on day 0)
Choose a custom React portal outside Power Platform when:
- SEO is a core requirement at scale, or you need full SSR/Next.js style search visibility (and you’re willing to own the full security/hosting/ALM burden).
A practical partner checklist (use this on day 0)
Before you recommend Power Pages SPA to a client, confirm:
- ✅ Identity approach (Entra ID / External ID) and site visibility needs
- ✅ Web roles and table permissions model (who can see/update what)
- ✅ API strategy: which tables and operations are exposed via Web API
- ✅ ALM: CLI-based deployment plan and environment strategy
- ✅ Observability: logging/monitoring plan for production support (Day 2 operations)
- ✅ SEO requirement (if yes, be cautious)
Closing thought
For boutique Microsoft Partners, Power Pages SPA could become a strong middle path: modern front-end experiences with Power Platform governance and security—without having to rebuild the portal stack from scratch.
If you’re exploring this preview, the best next step is to run a small “Hello World + Web API + permissions” pilot to validate security, ALM, and UX patterns early.