Service principal

A service principal in Microsoft Entra ID (formerly Azure AD) is an identity for non-human callers — applications, services, scripts, pipelines, integrations — that need to authenticate without a user. The service principal is created from an app registration with a client ID, client secret (or certificate), and configured permissions. Integrations between systems (Power Automate calling Dataverse, Azure Functions writing to Dataverse, CI/CD pipelines deploying solutions) authenticate as service principals. Service principals are granted appropriate Dataverse security roles or specific table permissions. Managed Identity is the recommended Azure-hosted variant — eliminates credential management because Azure handles the rotation. Always prefer service principals over user accounts for automation; they're auditable, manageable, and don't break when employees leave.