Announcing public preview of Power Platform Managed Identity support for Dataverse Plug-ins

We are excited to announce public preview of Power Platform Managed Identity support for Dataverse plug-ins. This feature allows customers and partners to connect Dataverse plug-ins to Azure resources supporting managed identities, eliminating the need to manage credentials and reducing the risk of unauthorized data access. Power Platform Managed Identity leverages workload identities based on Federated Identity Credentials (FIC) providing enhanced security and control. Additionally, it enables you to apply Azure policies without the hassle of credential management.

Overview

Power Platform Managed Identity utilizes workload identities based on Federated Identity Credentials (FIC). You have the option to provision either a User Assigned Managed Identity (UAMI) or an Application Registration and configure Federated Identity Credentials (FIC). Application Registration enables you to apply Azure policies to Power Platform resources, such as Dataverse plug-ins.

You have two options for provisioning of managed identities:

1. User Assigned Managed Identity (UAMI): You can provision a User Assigned Managed Identity (UAMI) in Azure. Dataverse plug-ins can use this identity to connect to Azure resources that support managed identity. In this case, you cannot enforce Azure policies.
2. Application Registration: By provisioning the application in Microsoft Entra ID, you establish an application context and Identity that can connect to Azure resources supporting managed identity.  This allows you to apply Azure policies to the application, ensuring that Power Platform resources, such as Dataverse plug-ins, adhere to these policies.

You need to configure Federated Identity Credentials (FIC) in both options to enable managed identity.

Supported scenario

Currently, Power Platform Managed Identity supports Dataverse plug-ins. This means that Dataverse plug-ins can connect to Azure resources that support managed identities without the need to manage credentials. By leveraging managed identities, the connection process becomes more secure and streamlined, as it eliminates the risks associated with credential management. This feature ensures that Dataverse plug-ins can access necessary Azure resources seamlessly and securely, enhancing overall efficiency and security.

Today we support Managed Identity for Independent Software Vendor (ISV) plug-ins within the context of their environment. For example, an ISV plug-in installed in the environment, will have access to the resources within the scope of the environment. However, it will not have to access resources within the ISV tenant.

Availability

Power Platform Managed Identity support for Dataverse plug-ins is available in public preview to all our customers in public cloud.

Call to action

• Start by following the step-by-step instructions – Set up Managed Identity support for Dataverse plug-ins
• Learn more about Power Platform Managed Identity
• Share your feedback