Data Mission Sync requires a Microsoft Entra App Registration to authenticate with both your Dataverse environment and your Azure SQL Database. This single App Registration serves as the identity for Data Mission Sync when connecting to your data sources. Follow these steps to create and configure your App Registration.
| A Microsoft Entra App Registration is required. Data Mission Sync uses App Registration authentication for both Dataverse and Azure SQL connections. SQL Server username/password authentication is not supported. |
Why You Need an App Registration
Data Mission Sync connects to both Dataverse and Azure SQL on your behalf using secure application credentials. Instead of using personal usernames and passwords, an App Registration creates a dedicated identity for the service. This approach provides better security, doesn't require licensed user accounts, enables centralized access control through Azure AD, and allows fine-grained control over what data the service can access.
Required Permissions
To create an App Registration in Microsoft Entra ID, you need one of the following roles:
| Role | Description |
| Application Administrator | Can create and manage all aspects of app registrations |
| Cloud Application Administrator | Can create and manage app registrations (excluding Application Proxy) |
| Global Administrator | Full access to all administrative features |
| Default User Permissions | If your tenant allows it, regular users can create app registrations (controlled by the 'Users can register applications' setting) |
| 💡 Note: Contact your IT administrator if you don't have permission to create app registrations. They may need to create it for you or grant you the appropriate role. | |
Creating the App Registration
Follow these steps to create a new App Registration in the Azure Portal:
1. Sign in to the Azure Portal (https://portal.azure.com).
2. Navigate to Microsoft Entra ID (formerly Azure Active Directory).
3. Select App registrations from the left menu.
4. Click New registration.
5. Enter a name for your application (e.g., 'Data Mission Sync').
6. For Supported account types, select 'Accounts in this organizational directory only'.
7. Leave Redirect URI blank (not required for this application).
8. Click Register.
Recording Your App Details
After registration, record the following values from the Overview page. You will enter these into Data Mission Sync when configuring your source connection:
| Value | Where to Find It |
| Application (Client) ID | Found on the Overview page. Copy this GUID value. |
| Directory (Tenant) ID | Found on the Overview page. Copy this GUID value. |
| Client Secret | You will create this in the next step. |
| Display Name | The name you entered (e.g., 'Data Mission Sync'). Needed for Azure SQL setup. |
Creating a Client Secret
A client secret is like a password for your App Registration. Follow these steps to create one:
1. From your App Registration, select Certificates & secrets from the left menu.
2. Under Client secrets, click New client secret.
3. Enter a description (e.g., 'Data Mission Sync Production').
4. Select an expiration period (recommended: 12 or 24 months).
5. Click Add.
6. ⚠ Important: Copy the secret Value immediately. It will only be shown once.
| Store your Client Secret securely. If you lose it, you'll need to create a new one. Set a calendar reminder before expiration to rotate the secret and update it in Data Mission Sync. |
API Permissions (Not Required)
| 💡 Note: You do not need to configure API permissions in the App Registration for Dataverse access. Data Mission Sync uses Server-to-Server (S2S) authentication with an Application User. Access is controlled by the security roles assigned to the Application User in Dataverse, not by API permissions in Azure. |