Why does Microsoft Dynamics 365 ask for delegated admin in Azure app registration

1
votes

I'm following a guide online to generate an access token to access Microsoft Dynamics 365 Customer Engagement: https://eax360.com/dynamics-365-online-connect-using-postman/.

All of it works fine, however I am wondering why delegated Admin permissions need to be supplied in Azure Active directory during app registration. I have seen a lot of guides explain that permissions must be delegated but the above site documents the process well. As a general rule, I thought that starting with the lowest security permissions was the norm. I am new to Azure AD so thoughts are very much welcome.

1
azure-active-directorydynamics-crm

1 Answers

0
votes

If your app will be a client which allows the authenticated user to perform operations, you must configure the application to have the Access Dynamics 365 as organization users delegated permission.

Application permission means that you want your app to access Common Data Service without a user.

So whether to use delegated permission in Azure app registration depends on your needs. It is not mandatory.

But we can see that the Application permissions in Azure app registration is gray out. This is because Microsoft provides a different way to implement it.

We need to create a Common Data Service application user an then bound it to the registered app. After that, we could connect using the application secret. See the details here: Connect as an app.