Share via

ADF lost access to Dynamics CRM / Dataverse after MFA was turned on

11-4688 61 Reputation points
2024-05-09T13:00:44.1466667+00:00

Today my ADF pipelines started throwing errors:

Operation on target Process order failed: ErrorCode=DynamicsFailedToConnect,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Failed to connect to Dynamics: Unable to Login to Dynamics CRM: ERROR REQUESTING Token FROM THE Authentication context - USER intervention required but not permitted by prompt behavior AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'

It seems that it was caused by turning on the MFA and all of my datasets authenticate with user - password.

I believe I will need to re-authenticate the linked service with Dynamics / Dataverse somehow, but I am unsure how to proceed.

Is there any chance for a step-by-step walkthrough? I am not an Admin in the Azure Account so I don't have any permissions to grant access etc. I would really appreciate a solution that I could send to the admin so he can somehow fix the access issue.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,619 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,696 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,774 questions
Dynamics 365 Training
Dynamics 365 Training
Dynamics 365: A Microsoft cloud-based business platform that provides customer relationship management and enterprise resource planning solutions.Training: Instruction to develop new skills.
63 questions
Microsoft Dataverse Training
Microsoft Dataverse Training
Microsoft Dataverse: A Microsoft service that enables secure storage and management of data used by business apps. Previously known as Common Data Service.Training: Instruction to develop new skills.
8 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olufunso Adewumi 380 Reputation points Microsoft Employee
    2024-05-09T15:39:14.39+00:00

    The error you ae encountering indicates that Multi-Factor Authentication (MFA) requirements are preventing your Azure Data Factory (ADF) pipelines from connecting to Dynamics 365. Since MFA has been enabled, the previous method of authentication using just a username and password is no longer sufficient. To resolve this, you’ll need to switch to using a service principal or a managed identity for authentication, which supports MFA.

    Here’s a step-by-step guide you can provide to your Azure administrator to re-authenticate the linked service with Dynamics/Dataverse:

    Create a Managed Identity:

    In the Azure portal, go to the Azure Data Factory’s Identity section.

    Enable a System-assigned managed identity or create a User-assigned managed identity.

    Grant Permissions to the Managed Identity:

    Assign the necessary permissions to the managed identity in Dynamics 365. This typically involves Azure AD roles and Dynamics 365 security roles.

    Update the ADF Linked Service:

    Navigate to the ADF instance and go to the Linked services section.

    Find the linked service that connects to Dynamics 365.

    Edit the linked service to use the managed identity for authentication.

    Configure Dynamics 365 to Accept the Managed Identity:

    In Dynamics 365, set up the necessary configurations to accept connections from the managed identity.

    Test the Connection:

    After updating the linked service, test the connection to ensure that it’s working correctly with the new authentication method.

    By following these steps, the administrator should be able to update the authentication method for the ADF pipelines to work with Dynamics 365 post-MFA enforcement. Please note that the exact steps and permissions required may vary based on your organization’s setup and the specific configurations of Dynamics 365 and Azure Data Factory.

    https://learn.microsoft.com/en-us/azure/data-factory/credentials?tabs=data-factory