New Dataverse functionality in creation of App Users

In late 2019, I wrote a blog article on how to configure oAuth authentication for Dataverse by creating an App Registration record in Azure, and the configuring the App Registration/User account in your Dataverse environment so that it can be consumed as an Application User or Service Principal. The link to that article is shown below:

In recent weeks, I had to do that same for an additional user, but while going through the logic of implementing this, I notices some changes.

After the creation of the User account and the registration of the App in AD, when I went to create the account in my Dataverse environment. The username, full name (first and last names) and the email addresses were locked. The only setting that I was able to enter was the Client Id.

Dataverse - New Application User - Classic Interface

I even tried using God Mode so that I can enter my own User Name (for the AD account) that I specified, but when I saved the new Application User, the User Name would store whatever name was entered in the App Registration record.

This change was implemented a few months back, as Microsoft was trying to simplify the creation of App Users, so that the user can be created only be entering the Client Id. After the user account has been created we are able to modify the email address, first and last name, but the name (domain name) and the last name cannot be changed. The last name seems to be configured to what is stored in AAD as the App Registration name. Might need to play around with this a little, but if you have access to AAD, you should created this in the right way

I asked around a little bit, and it seems like a few days ago there has been a change in Microsoft Docs on how applications user should be created. The link is provided below:

The new changes are that now Application Users can be created right for the Power Platform Admin Center. As a prerequisite we have to register the App in Azure Active Directory, but once the app is registered, we can add in directly by following the steps below.

Navigate to Power Platform Admin Center, select the environment, click settings, and under Users + permissions select Applications Users as shown in the image below

Dataverse - PPAC - User and Permissions - App Users

In the Application Users settings you will see a list of all the App Users that are currently configured for your dataverse environment. Click on the Command bar New app user button as shown below:

Dataverse - PPAC - Environments - Settings - New App User

This will pop up a panel where you can start creating the new App User account. Under neither the App label, click on the App an app link:

Dataverse - PPAC - New App User - Add an existing App

This will pop up an additional panel which will show all of the apps that are registered in Azure Active Directory. Select the Microsoft Dynamics CRM (Dataverse) app registration that you previously configured, and click on the Add button

Dataverse - PPAC - Select app from Azure Active Directory

Once the app registration is added, we will need to select the Business Unit and to add the security roles. Click on the pencil icon next to Security role, which will pop up an additional panel showing the list of available security roles. Select one or more roles that need to be assigned to this user, as shown below:

Dataverse - PPAC - Add App User - Select Security Roles

The final page is shown below. Click on the create button to create the app user in your Dataverse instance, and it can be used after that.
Dataverse - PPAC - Create App User - Create

This is a great step moving forward, but I still wish the User account details could be set on the creation of the App User to an actual AAD user.