Requirements
To create and test a single-tenant application that uses server-to-server authentication you will need:
An Azure AD tenant to use when registering the provided sample application.
A Dataverse subscription that is associated with the Azure AD tenant.
Administrator privileges in the Azure AD tenant and Dataverse environment.
Azure application registration
To create an application registration in Azure AD, follow these steps.
Navigate to https://admin.microsoft.com and sign in, or from your Dataverse environment web page, and select the application launcher in the top left corner.
Choose Admin > Admin centers > Azure Active Directory
From the left panel, choose Azure Active Directory > App registrations (Preview)
Choose + New registration
In the Register an application form provide a name for your app, select Accounts in this organizational directory only, and choose Register. A redirect URI is not needed for this walkthrough and the provided sample code
...
6. On the Overview page, select API permissions
...
7. Choose + Add a permission
8. In the Microsoft APIs tab, choose Dynamics CRM
9. In the Request API permission form, select Delegated permissions, check user_impersonation, and select Add permissions
...
10. On the API permissions page select Grant admin consent for "org-name" and when prompted choose Yes
11. Select Overview in the navigation panel, record the Display name, Application ID, and Directory ID values of the app registration. You will provide these later in the code sample.
12. In the navigation panel, select Certificates & secrets
13. Below Client secrets, choose + New client secret to create a secret
14. In the form, enter a description and select Add. Record the secret string. You will not be able to view the secret again once you leave the current screen.