Documentation
Connections
Microsoft Dynamics 365/Dataverse

Microsoft Dynamics 365/Dataverse

Supported platforms

Connections are supported to:

  • Microsoft Dynamics 365 Online
  • Microsoft Dataverse
  • All online Dynamics 365 versions that support TDS (Tabular Data Stream) access

On-premise Dynamics deployments are not supported by API, but you can connect to SQL Server database which Dynamics uses behind the scenes.

How the connection works

The connection accesses Dynamics 365 / Dataverse using the platform’s standard data access layer.

  • Data access is performed using TDS
  • All queries respect Dataverse security, roles, and permissions
  • Only data exposed through Dataverse and enabled for TDS is accessible

Detailed information about TDS behavior, configuration, and limitations is available on a dedicated documentation page.

Required connection details

To configure a connection, you must provide:

  • Environment URL
    Example: https://orgname.crm.dynamics.com
  • Tenant ID
  • Authority
  • Application (Client) ID
  • Client Secret

The connection configuration is created automatically based on these values.

Authentication and security model

Connections use Azure Active Directory application authentication.

  • An Azure AD application is used to authenticate
  • The application must be created as a Dataverse Application User
  • The Application User must be assigned Dataverse security roles

All data access follows Dataverse security rules:

  • Table-level permissions
  • Row-level security
  • Field-level security
  • Business unit restrictions

Where to obtain required values

Tenant ID

  • The Tenant ID identifies your Azure Active Directory tenant
  • It can be found in:
    • Azure Active Directory → Overview
    • Power Platform Admin Center → Environment details

Authority

  • The Authority defines the Azure AD endpoint used for authentication
  • In most cases, this value is:

https://login.microsoftonline.com/<TENANT_ID>

Replace <TENANT_ID> with your actual Tenant ID.

Application (Client) ID and Client Secret

  • These values come from an Azure AD App Registration
  • The App Registration represents the identity used to access Dataverse
  • The Client ID identifies the application
  • The Client Secret is used for non-interactive authentication

Application User in Dataverse

  • The Azure AD application must be added to Dataverse as an Application User
  • This step links the App Registration to the Dataverse environment
  • The Application User must be assigned appropriate Dataverse security roles

Without a Dataverse Application User, authentication will succeed but data access will be denied.

Required Dataverse configuration

Before connecting, ensure:

  1. TDS access is enabled for the Dataverse environment
  2. The Azure AD application exists as a Dataverse Application User
  3. The Application User has sufficient security roles to access required data

If any of these are missing, the connection may fail or return no data.

Not supported

  • On-premise Dynamics 365 deployments
  • Interactive or personal user authentication
  • Managed Identity authentication
  • Data access that bypasses Dataverse security
  • Entities not exposed through TDS

Important notes

  • Only online Dynamics / Dataverse environments are supported
  • Data access is strictly limited by Dataverse roles
  • Entity availability depends on TDS configuration
  • Schema and naming follow Dataverse conventions

Refer to the TDS configuration and limitations documentation for detailed behavior.