Works near identically to the OAuth registration above with a few alternate steps that need to be done on the tenant's Azure Active Directory:

  1. From the tenant's main Azure Active Directory page (, click App Registrations on the left menu.

2. Click New Registration at the top.

3. Fill out the fields for your new app. For the redirect URL, enter for a dev instance, or for a dev instance.

4. Go to App Registrations again, and click on your shiny new app entry.

5. This shows general information about the app. You can get the Application (client) ID from the top of the page.

6. Click API Permissions.

7. Add a permission for Dynamics CRM.

8. Click Expose an API.

9. Beside 'Application ID URI', click set. A URI will be automatically set, and can be changed if wished (though I didn't experiment with doing the latter). This is what will be entered for Application ID URI (obviously).

10. Click Certificates & Secrets.

11. Add a new client secret. The resulting secret will only be visible immediately after saving. If you navigate away from the page or reload it, the secret will be locked and hidden (as secrets should be), so make sure to copy it immediately after creation. This is the Application (client) Secret.

12. That completes the Azure side of the configuration (assuming I haven't missed anything). The important parts are the Application ID from the App's main page, the Application ID URI that was set on the API page, and the secret from Certificates & Secrets.

Did this answer your question?