Exam PL-400 topic 3 question 31 discussion

DRAG DROP -
You are creating an app that connects to Microsoft Dataverse on a nightly basis. You plan to integrate the app with an external system.
The application must not authenticate by using a Microsoft Azure Active Directory (Azure AD) user account.
You need to enable the application to authenticate to Dataverse.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Suggested Answer:
Step 1: Register the application in Azure AD with appropriate permissions.
App registration in Azure Active Directory is typically done by ISVs who want to develop external client applications to read and write data in Dataverse.
Registering an app in Azure Active Directory provides you with Application ID and Redirect URI values that ISVs can use in their client application's authentication code.
Step 2: Use the Azure AD application id and secret as credentials in the application.

Add credentials -
Credentials are used by confidential client applications that access a web API. Examples of confidential clients are web apps, other web APIs, or service-type and daemon-type applications. Credentials allow your application to authenticate as itself, requiring no interaction from a user at runtime.
You can add both certificates and client secrets (a string) as credentials to your confidential client app registration.
Step 3: Create the application user in Dataverse using the Application User form.
App registration can also be done by an application developer or individual user who is building a client application to connect to and read/write data in Dataverse.
Use the Application ID and Redirect URI values from your registered app in your client application's authentication code to be able to connect to Dataverse environment from your client application, and perform the required operations. Note that if the app is registered in the same tenant as your Dataverse environment, you won't be presented with a consent form when connecting from your client application to your Dataverse environment.
Note: When end users use the ISV's application for the first time to connect to their Dataverse environment by providing their Dataverse credentials, a consent form is presented to the end user. After consenting to use their Dataverse account with the ISV's application, end users can connect to Dataverse environment from external application. The consent form is not displayed again to other users after the first user who has already consented to use the ISV's app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV's app.
Step 4: Assign a security role to the application user in Dataverse
Grant access to users that already have a Dynamics 365 license
Any user who already has a license for any model-driven app in Dynamics 365 also will be able to access Dynamics 365 Marketing without requiring any additional licenses. All you need to do is assign them the security roles and privileges required to access the Marketing features they need.
Incorrect:
* Grant the Dataverse application user the Access Dynamics 365 as organization users permission in Azure AD.
Reference:
https://docs.microsoft.com/en-us/power-apps/developer/data-platform/walkthrough-register-app-azure-active-directory https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app https://docs.microsoft.com/en-us/dynamics365/marketing/admin-users-licenses-roles