Recover for Dynamics, Server to Server Authentication

Background

Server to Server Authentication (also known as Service Account or Application User) is the common way apps registered on Microsoft AppSource  access the Dataverse data of their subscribers.

Currently, we use an impersonation method. Server to server will be an additional method available when adding a new Dynamics service.

Adding a New Service with the App User

Prior to adding a new service in Own Recover, you will need to set up a new Application in your Azure portal, and a new Application User in the Dynamics environment you plan to back up using Own Recover.

To set up the new authentication method, you must: 

• Register a new Confidential Client Application with Microsoft Entra.
• Create and configure a new Application User in the Microsoft Power Platform Environment.
• In the Own Recover Application, add a new Application User.
   

1. Register a new Confidential Client Application in Microsoft Entra (Azure Acitve Directory)

• Name the application appropriately for easy identification in Own Recover
• Permission to create a new app in Azure is required
• Add a new certificate for the app and select maximum expiration period
• Copy the secret code

2. Create and configure a new Application User in the Microsoft Power Platform Environment. 
   • Navigate to the destination environment to back up with Own Recover
   • Add a new App User and connect to the newly created application
   • Assign a System Administrator Security Role to the Application User
      
3. Add a new Service in the Own Recover Application
   • Add a New Service
   • Select the Provider - Dynamics 365
   • Select the Authentication Method - Application User

• Paste the new application details from the Entra portal

• The details required are:
  • Tenant ID and App ID from App Properties
  • Secret code - copied earlier
  • URL - from the Power Platform