Azure: Cant select data export service as a principal

Question

I want to export my data from my MS Dynamics 365 to the Azure Cloud. To export my dynamics data, i have installed the data export service in dynamics. In azure i have the option to specify my key vault value an access policy, so i have normally the option to add the data export service as a principal. But in my case there does not exist such an option. What could be the reason?

Answer 1

Run the Windows PowerShell script described here as an Azure account administrator to give permission to the Data Export Service feature so it may access your Azure Key Vault. This script displays the key vault URL required for creating the Export Profile that is used to access the connection string.

$subscriptionId = 'ContosoSubscriptionId'   
$keyvaultName = 'ContosoKeyVault'
    $secretName = 'ContosoDataExportSecret'
    $resourceGroupName = 'ContosoResourceGroup1'
    $location = 'West US'
    $connectionString = 'AzureSQLconnectionString'
$organizationIdList = 'ContosoSalesOrg1_id, ContosoSalesOrg2_id'
$tenantId = 'tenantId'
    # -------------------------------------------------------------------------------- #

# Login to Azure account, select subscription and tenant Id
Login-AzureRmAccount
Set-AzureRmContext -TenantId $tenantId -SubscriptionId $subscriptionId

# Create new resource group if not exists.
$rgAvail = Get-AzureRmResourceGroup -Name $resourceGroupName -Location $location -ErrorAction SilentlyContinue
if(!$rgAvail){
    New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
}

# Create new key vault if not exists.
$kvAvail = Get-AzureRmKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ErrorAction SilentlyContinue
if(!$kvAvail){
    New-AzureRmKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location $location
    # Wait few seconds for DNS entry to propagate
    Start-Sleep -Seconds 15
}

# Create tags to store allowed set of Organizations.
$secretTags = @{}
foreach ($orgId in $organizationIdList.Split(',')) {
    $secretTags.Add($orgId.Trim(), $tenantId)
}

# Add or update a secret to key vault.
$secretValue = ConvertTo-SecureString $connectionString -AsPlainText -Force
$secret = Set-AzureKeyVaultSecret -VaultName $keyvaultName -Name $secretName -SecretValue $secretValue -Tags $secretTags

# Authorize application to access key vault.
$servicePrincipal = 'b861dbcc-a7ef-4219-a005-0e4de4ea7dcf'
Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvaultName -ServicePrincipalName $servicePrincipal -PermissionsToSecrets get

# Display secret url.
Write-Host "Connection key vault URL is "$secret.id.TrimEnd($secret.Version)""

Note : An Azure subscription can have multiple Azure Active Directory tenant Ids. Make sure that you select the correct Azure Active Directory tenant Id that is associated with the instance of Dynamics 365 for Customer Engagement apps that you will use for data export.

For more details, you could refer to this article .