getting error while creating crm dynamics 365 dataset in ADF

Khurshid, Danish 0 Reputation points
2026-06-24T10:43:20.4666667+00:00

I am encountering the following error while trying to create a dataset using the Dynamics 365 connector in Azure Data Factory (ADF) although Linked service connection successful:

"The HTTP request was forbidden with client authentication scheme 'Anonymous'. The remote server returned an error: (403) Forbidden."

To validate the connection, I tested the same Dynamics 365 URL and credentials using Postman, and I was able to successfully retrieve the entity response from the endpoint below:

https://fort-dev.crm.dynamics.com/api/data/v9.2/EntityDefinitions?$top=1

I have also tried all three available connectors in ADF:

Dynamics 365

Dynamics CRM

Microsoft Dataverse

However, all of them return the same 403 Forbidden error when I attempt to create a dataset using their respective linked services.
I confirm below points as well.

  1. API permissions are given for this App User for Dynamics365
  2. User is a systemadmin

Could you please help identify if there are any additional permissions, authentication settings, or ADF-specific configurations that might be causing this issue?

Azure Data Factory
Azure Data Factory

An Azure service for ingesting, preparing, and transforming data at scale.


2 answers

Sort by: Most helpful
  1. Alex Burlachenko 23,250 Reputation points MVP Volunteer Moderator
    2026-06-24T15:25:49.0266667+00:00

    Khurshid, Danish hi, thx for sharing urs issue here at Q&A portal,

    linked service test passing only proves ADF can get a token/connect. Creating the dataset makes another Dataverse metadata call, and that call is getting treated as anonymous or isn’t getting the token in the way the connector expects.

    Since Postman works, compare the auth flow, not just the URL. In Postman, check the actual Authorization header and token audience. For Dataverse it should be for https://fort-dev.crm.dynamics.com/.default not Microsoft Graph, not Azure Management.

    In ADF, use the newer Microsoft Dataverse connector if possible. Make sure the linked service uses the org URL only https://fort-dev.crm.dynamics.com Don’t put /api/data/v9.2 in the linked service URL.

    The app registration needs to exist as an Application User inside that Dataverse environment, with the right security role. System Administrator is enough for testing, but make sure it’s assigned to the application user object, not only to ur normal user account. This is the bit that gets missed a lot.

    EntityDefinitions is metadata. Some ADF connector dataset UIs don’t handle metadata endpoints the same way as normal tables/entities. Try creating the dataset against a normal table like accounts first. If that works but EntityDefinitions fails, it’s connector UI metadata behavior, not permissions.

    If every normal entity fails too, recreate the Application User in Dataverse, reassign the role, wait a few mins for propagation, then create a fresh linked service. The Anonymous wording is misleading here it usually means the downstream Dataverse request didn’t get accepted as the app identity, not that u literally selected anonymous auth.

    rgds,

    Alex

    &

    If my answer was helpful pls mark it and additional thx if u follow me at Q&A portal
    

    Was this answer helpful?

    0 comments No comments

  2. Manoj Kumar Boyini 18,110 Reputation points Microsoft External Staff Moderator
    2026-06-24T11:30:24.88+00:00

    Hi @Khurshid, Danish

    Since the Linked Service connection test succeeds and the same endpoint works successfully in Postman, the issue appears to be related to how Azure Data Factory is authenticating or authorizing access when retrieving entity metadata during dataset creation.

    Could you please help verify the following:

    • Which authentication type is configured in the Linked Service (AAD Service Principal, Managed Identity, or Office 365)?
    • If using a Service Principal, please confirm that an Application User has been created in the Dataverse/Dynamics environment and that it has the required security roles assigned.
    • Verify that the configured serviceUri exactly matches the Dynamics 365 URL used in Postman and the browser (for example: https://fort-dev.crm.dynamics.com).
    • If Office 365 authentication is being used, please confirm whether Conditional Access or MFA policies are enabled in the tenant, as these scenarios require Microsoft Entra Service Principal authentication.

    Additionally, please let us know:

    • Which specific entity/table you are trying to select when creating the dataset.
    • Whether the issue occurs for all entities or only specific entities.
    • A screenshot of the Linked Service authentication configuration (excluding any sensitive information).

    This information will help determine whether the 403 response is related to Dataverse application-user permissions, entity-level security, or the authentication method being used by ADF.

    References:
    https://learn.microsoft.com/en-us/azure/data-factory/connector-dynamics-crm-office-365?tabs=data-factory
    https://learn.microsoft.com/en-us/power-platform/admin/manage-application-users
    https://learn.microsoft.com/en-us/power-automate/dataverse/manage-dataverse-connections

    Please let us know if you have any questions.

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.