Fix Plugin Registration Tool Connection Issues with Multi-Factor Authentication (MFA) Enabled in Dynamics 365

Hi Folks,

It’s been a since I posted on Dynamics 365 Plugins, so this blog post talks about one small tip when connecting to your Dynamics 365 instance from Plugin Registration Tool either if you were connecting from Standalone Plugin Registration Tool or using Plugin Registration Tool from XrmToolBox.

If you were looking to install plugin registration tool itself, you can check the below post or if you want to learn about all Plugin related issues at once, you can check the references at the bottom of this post, else you can continue reading this post.

If you don’t know this tip, it will be difficult and least you will spend many minutes figuring out the error message you see in the Plugin registration tool.

This is applicable for applications who have MFA enabled, even if you haven’t enabled, it was enabled by Microsoft by default to enforce security.

As usually, you select:

  1. Office 365
  2. Enable Display list of available organizations, Show Advanced
  3. Provide User Name, Password
  4. Click on Login

You will be prompted this error in such case

======================================================================================================================
Source : Microsoft.IdentityModel.Clients.ActiveDirectory
Method : MoveNext
Date : 12/4/2025
Time : 5:09:52 pm
Error : AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'. Trace ID: 7a7cac23-056c-4e77-ba82-98d50c0b7001 Correlation ID: d8b32fe6-6197-4d9a-a460-3834c8dc292a Timestamp: 2025-04-12 09:09:52Z
Stack Trace : at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ProcessAdalExecption(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, UserIdentifier& user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource, CrmLogEntry logSink, Boolean useDefaultCreds, String& authToken, AdalException adalEx)
at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ExecuteAuthenticateServiceProcess(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource, UserIdentifier& userIdent, CrmLogEntry logSink, Boolean useDefaultCreds, SecureString clientSecret)
at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverGlobalOrganizations(Uri discoveryServiceUri, ClientCredentials clientCredentials, X509Certificate2 loginCertificate, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, UserIdentifier& userOut, CrmLogEntry logSink, Boolean useGlobalDisco, Boolean useDefaultCreds)
at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, ClientCredentials clientCredentials, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, UserIdentifier& userOut, CrmLogEntry logSink, Boolean useGlobalDisco, Boolean useDefaultCreds)
at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.QueryOAuthDiscoveryServer(Uri discoServer, ClientCredentials liveCreds, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean useGlobalDisco)
at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.QueryOnlineServerList(ObservableCollection`1 svrs, OrganizationDetailCollection col, ClientCredentials liveCreds, Uri trimToDiscoveryUri, Uri globalDiscoUriToUse)
at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.FindCrmOnlineDiscoveryServer(ClientCredentials liveCreds)
at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
======================================================================================================================
Inner Exception Level 1 :
Source : Not Provided
Method : Not Provided
Date : 12/4/2025
Time : 5:09:52 pm
Error : Response status code does not indicate success: 400 (BadRequest).
Stack Trace : Not Provided
======================================================================================================================
Inner Exception Level 2 :
Source : Not Provided
Method : Not Provided
Date : 12/4/2025
Time : 5:09:52 pm
Error : {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'. Trace ID: 7a7cac23-056c-4e77-ba82-98d50c0b7001 Correlation ID: d8b32fe6-6197-4d9a-a460-3834c8dc292a Timestamp: 2025-04-12 09:09:52Z","error_codes":[50076],"timestamp":"2025-04-12 09:09:52Z","trace_id":"7a7cac23-056c-4e77-ba82-98d50c0b7001","correlation_id":"d8b32fe6-6197-4d9a-a460-3834c8dc292a","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}: Unknown error
Stack Trace : Not Provided
======================================================================================================================
======================================================================================================================
Inner Exception Level 2	: 
Source	: Not Provided
Method	: Not Provided
Date	: 12/4/2025
Time	: 5:09:52 pm
Error	: {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'. Trace ID: 7a7cac23-056c-4e77-ba82-98d50c0b7001 Correlation ID: d8b32fe6-6197-4d9a-a460-3834c8dc292a Timestamp: 2025-04-12 09:09:52Z","error_codes":[50076],"timestamp":"2025-04-12 09:09:52Z","trace_id":"7a7cac23-056c-4e77-ba82-98d50c0b7001","correlation_id":"d8b32fe6-6197-4d9a-a460-3834c8dc292a","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}: Unknown error
Stack Trace	: Not Provided
======================================================================================================================

Based on the above inner exception, we can clearly understand that it is looking for Multifactor Authentication, so untick the Show Advanced checkbox, it then asks for Multifactor Authentication as shown below.

That’s it, with this simple tick of unchecking the Show Advanced, you were able to overcome this error, how cool is it…?

I have written lot of articles with respect to Plugin registration tool, you can check them below

Issues related to Plugins and Plugin Registration Tool

Hope this helps…

Cheers,

PMDY

Update user personal settings Automatically easily when a new user gets added to Dynamics 365 Environments

Hi Folks,

In the Dynamics 365 world, it’s all about efficiently handling the user requests. Whenever you add any user to the environment, the system will update the default personal settings for the user. Maybe you could have some processes in your system which is dependent on the user time zone. So, setting the time zone is very important. It is tedious to update the personal settings manually going to the user profile and updating it manually every time.

In case you want to do it for all users at one time during initial setup, you can follow my blog post Update Model Driven App Personal Settings from XrmToolBox.

Of course, you have a wonderful tool in XrmToolBox from which we will be able to set the User Personal Settings in bulk so that we can update to all the users in one go. What if we want to automate this process, i.e. whenever you add a new user to the Dynamics 365 environment, you want to set that person time zone automatically without any manual intervention.

There you go…this post is for you then…you can do it simply using Plugin or Power Automate. In this blog post, we will see how we can utilize the Plugin as it is more effective approach.

You need to write a Plugin on Associate Message.

Just use this piece of code to set Personal settings…

using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Xrm.Sdk;
using Microsoft.Crm.Sdk;
using Microsoft.Crm.Sdk.Messages;
namespace Ecellors_Demo
{
public class Demo : IPlugin
{
public void Execute(IServiceProvider serviceProvider)
{
// Obtain the tracing service
ITracingService tracingService =
(ITracingService)serviceProvider.GetService(typeof(ITracingService));
// Obtain the execution context from the service provider.
IPluginExecutionContext context = (IPluginExecutionContext)
serviceProvider.GetService(typeof(IPluginExecutionContext));
IOrganizationServiceFactory serviceFactory =
(IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);
if (context.InputParameters.Contains("Relationship"))
{
var relationshipName = context.InputParameters["Relationship"].ToString();
try
{
if (relationshipName != "systemuserroles_association.")
{
return;
}
if (context.MessageName == "Associate")
{
//logic when role added
var updateUserSettingsRequest = new UpdateUserSettingsSystemUserRequest();
updateUserSettingsRequest.Settings = new Entity("usersettings");
updateUserSettingsRequest.UserId = context.UserId;
updateUserSettingsRequest.Settings.Attributes["timezonecode"] = 215;//Singapore timezone
service.Execute(updateUserSettingsRequest);
}
if (context.MessageName == "Disassociate")
{
//logic when role removed
var updateUserSettingsRequest = new UpdateUserSettingsSystemUserRequest();
updateUserSettingsRequest.Settings = new Entity("usersettings");
updateUserSettingsRequest.UserId = context.UserId;
updateUserSettingsRequest.Settings.Attributes["timezonecode"] = 0;//UTC timezone
service.Execute(updateUserSettingsRequest);
}
else
{
return;
}
}
catch (FaultException<OrganizationServiceFault> ex)
{
throw new InvalidPluginExecutionException("An error occurred in UserSettingsPlugin.", ex);
}
catch (Exception ex)
{
tracingService.Trace("UserSettingsPlugin: {0}", ex.ToString());
throw;
}
}
}
}
}

Update the personal settings as per your needs in this request. You can find all the attributes of the user settings table by using Fetch Xml Builder easily.

Hope this helps someone.

Cheers,

PMDY

Dataverse Low Code Plugins – Insight

Prerequisite: Intall Dataverse Accelerator from AppSource from Microsoft Power CAT Team. Follow along once you have installed…see Dataverse Accelerator Installation Post if you want to know how..

Firstly, open the environment from https://make.powerapps.com where you would like to test this out, install the Dataverse Accelerator Solution as described above.

You should see there is an option to create Plugin from UI itself, no need to open Visual Studio and write your .Net Class library and register using Plugin Registration tool.

Please note that this is still an Experimental Feature and lot of improvements yet to be made..below is my quick test on basic CRUD Operation using this Plugin..

There were two types of Low Code Plugins

  1. Instant Plugins
  2. Automated Plugins

Let’s see how they work by creating an Instant Plugin

Step 1: Click on New Plugin Button available

Step 2: Key in the display name and description, both are mandatory to be entered…we don’t have a way to customize here as of now…

Step 3:Then Click on Next and enter the Parameters in the Definition area…I just mentioned In and Out parameters for brevity, then added a simple expression to multiply the input variable supplied by 100…

Make sure you won’t get any errors

Step 4: Then click on Next and click on Save.

Step 5:Once Saved, you will get a new button for testing…

Step 6:Clicking on Test will get you to the below screen to enter your input parameter…

Step 7:Clicking on Run which gives the output in Web API and highlighted is the response received with a success.

Note:

For some of the Automated Plugins, got a failure message with no way to troubleshoot what was the error was…I have raised this to Microsoft, but they mentioned that these features are work in Progress…

Hope we get all the complex functionality there in Dynamics 365 CE Plugins be available within Dataverse Low Code Plugins with the help of Power Fx too in future….the App development is going to be lot more easier…with Microsoft Power Platform… and citizen developers can pitch in…

Reference: Dataverse Low Code Plugins Repo in GIT Hub

Thank you for reading…

Cheers,

PMDY

Stop using OData V2.0 endpoint going further for your implementations….!

Hi Folks,

This blog is just to let you know why you should stop implementing OData calls using V2.0 version. I am pretty sure almost every Dynamics CE project out there have used this OData calls definitely in their implementations from quite some time. While some of new implementations have replaced the logic using Web API, still some people go with using OData V2.0 calls to build their functionality using JavaScript.

Microsoft had actually planned to remove this endpoint from April 30, 2023. But they deferred this because many projects are’nt yet prepared for removal of this end point and help the customers prepare for this transition to Web API end point.

Identify if you still using OData V2.0 end point, actually Organization Data Service is an OData V2.0 endpoint which was introduced with Dynamics CRM 2011..it’s deprecated way back with Dynamics 365 CE version 8.0.

So now, how to identify where and all you were using OData End Points in your code…you shouldn’t expect that existing code will work with only minor changes and this work can be taken at a later stage. This was a high priority warning message from Microsoft stating the removal, so I urge all of you to be prepared for this removal very soon and you shouldn’t be surprised.

So where to change…..?

Below are the places where you should change your way of implementation and align with Microsoft…

  1. The Organization Data Service using this end point /XRMServices/2011/OrganizationData.svc in Javascript, you can find it out with the help of the checker service rule web-avoid-crm2011-service-odata for identification. This can be code which was making OData calls to perform CRUD Operations on the current table or related table.
  2. Check any other code, including PowerShell scripts, that send requests to this endpoint: /xrmservices/2011/organizationdata.svc.
  3. Cross Check your Power BI reports or Excel Data sources that may be using this endpoint.

Note:

This announcement does not involve the deprecated Organization Service SOAP endpoint, meaning using Organization service in plugins. At this time, no date has been announced for the removal of that endpoint. At the time of writing this blog post, Microsoft didn’t announce whether this removal is only for Online or On Premise Versions.

References:

How to use Application Insights to identify usage of the OrganizationData.svc endpoint?

OData v2.0 Service removal date announcement

The Clock is Ticking on Your Endpoint

Do not use the OData v2.0 endpoint

Hope this saves time and effort implementing your Dynamics CE Solutions…

Cheers,

PMDY