Create a Technical Design
10-15%of exam
Build Power Platform Solutions
10-15%of exam
Implement Power Apps Improvements
10-15%of exam
Extend the User Experience
10-15%of exam
Extend the Platform
30-35%of exam
Develop Integrations
10-15%of exam
Quick Facts
- Exam
- PL-400
- Credential
- Power Platform Developer Associate
- Time
- 100 min
- Pass
- 700/1000
- Questions
- Not published
- Level
- Intermediate
- Blueprint
- Mar 19 2026
- Renewal
- 12 months
Client Script vs Plug-in
Client script
- Browser execution
- Immediate form UX
- Can be bypassed
Plug-in
- Server execution
- All data channels
- Can join transaction
Experience vs enforcement
Logic Location Picker
- Requirement fits native feature→Built-in feature
- Immediate form behavior→Client script
- Simple declarative validation→Business rule
- Transactional server invariant→Synchronous plug-in
- Cross-service workflow→Cloud flow
- Custom serverless compute→Azure Functions
- Reusable Dataverse operation→Custom API
- External REST API→Custom connector
Architecture Choices
- Built-in features
- Prefer before custom
- Client script
- Immediate form logic
- Business rule
- Declarative validation
- Plug-in
- Server transaction logic
- Cloud flow
- Cross-service automation
- Azure Functions
- Custom serverless compute
- Custom API
- Reusable Dataverse operation
- Custom connector
- External API wrapper
Standard vs Virtual Table
Standard table
- Dataverse stores data
- Native capabilities
- Offline-friendly
Virtual table
- External system stores data
- Live external access
- Provider limitations
Stored data vs live data
Data + Security Design
- Standard table
- Native Dataverse storage
- Virtual table
- External data live
- Elastic table
- High-throughput data
- Authentication
- Verify identity
- Authorization
- Permit actions
- DLP policy
- Connector boundary
- Security role
- Privilege bundle
- Business unit
- Security boundary
- Team
- Shared access
- Row sharing
- Record-specific access
Component Design
- Canvas component
- Reusable app UI
- Component library
- Cross-app reuse
- PCF component
- Reusable coded UI
- Power Fx function
- Reusable formula logic
- Inbound integration
- External to Dataverse
- Outbound integration
- Dataverse to external
- AI solution logic
- Intelligent decision path
- AI agents
- Development troubleshooting aid
ALM Route
Unmanaged -> Pipeline -> Managed
Managed vs Unmanaged
Unmanaged
- Development source
- Direct customization
- Export as managed
Managed
- Downstream deployment
- Controlled customization
- Supports uninstall
Build vs distribute
Environment + Security
- Environment
- Development isolation
- Least privilege
- Minimum required access
- Operational security
- Troubleshoot access failures
- Security role
- Supports code components
- Connection reference
- Solution-aware connection
- Environment variable
- Deployment-specific value
- Power Platform CLI
- Developer workflow tool
- Source control
- Component source truth
ALM + Delivery
- Unmanaged solution
- Development changes
- Managed solution
- Downstream deployment
- Dependency
- Required component link
- Solution layer
- Customization precedence
- Pipeline
- Governed deployment
- Build Tools
- Azure DevOps automation
- CI
- Build and validate
- CD
- Release and deploy
Canvas Logic
- Power Fx
- App formula language
- Named formula
- Reusable computed value
- Component library
- Reusable shared components
- Cloud flow
- Canvas business logic
- Delegation
- Server-side query work
- Nondelegable formula
- Partial local results
- Preload
- Load needed data
- Concurrent
- Parallel independent formulas
App Troubleshooting
- Monitor
- Runtime event trace
- Browser tools
- Client debugging
- Network trace
- Request timing
- Canvas performance
- Preload and delegate
- Model form
- Minimize heavy scripts
- Model view
- Limit costly columns
- Formula analysis
- Find slow operations
- Error handling
- Expose actionable failures
PCF Lifecycle
init -> updateView -> getOutputs -> destroy
Experience Extension Picker
- Form event logic→Client API
- Reusable coded control→PCF
- Reusable canvas UI→Component library
- Command formula→Power Fx
- Complex command behavior→JavaScript
- Embedded tailored experience→Custom page
Client Scripting
- Client API
- Model-driven object model
- Execution context
- Event runtime context
- Form context
- Current form access
- Event handler
- Registered client callback
- Xrm.WebApi
- Dataverse client requests
- Power Fx command
- Declarative button action
- JavaScript command
- Coded button action
- navigateTo
- Open custom page
PCF Components
- Manifest
- Component metadata
- init
- Initialize component
- updateView
- Render changed state
- getOutputs
- Return bound values
- destroy
- Release resources
- Device API
- Device capabilities
- Utility API
- Platform helpers
- Web API
- Dataverse data access
- Solution package
- Deploy component
Plug-in Stages
PV -> PO -> Core -> Post
PreValidation vs PreOperation
PreValidation
- Before main transaction
- Cancel early
- Validate request
PreOperation
- Inside transaction
- Modify target
- Before core operation
Reject early vs mutate
Plug-in Pipeline
- PreValidation
- Before main transaction
- PreOperation
- Inside transaction before core
- PostOperation
- After core operation
- Execution context
- Message runtime data
- Target
- Incoming row data
- Pre-image
- Before value snapshot
- Post-image
- After value snapshot
- Filtering attributes
- Limit update triggers
- Tracing service
- Sandbox diagnostics
- Organization service
- Dataverse operations
Synchronous vs Asynchronous
Synchronous
- Caller waits
- Can roll back
- Keep execution short
Asynchronous
- Runs later
- PostOperation only
- Background processing
Immediate consistency vs throughput
Connectors + APIs
- OpenAPI definition
- REST contract
- Connector auth
- Secure API access
- Policy template
- Runtime request transformation
- Custom code
- Transform connector data
- Custom API
- Dataverse message
- Web API
- RESTful Dataverse operations
- Organization service
- .NET Dataverse operations
- OAuth
- Delegated or app auth
- Retry policy
- Handle API limits
- Batch
- Group API operations
Custom API vs Connector
Custom API
- Dataverse operation
- Plug-in implementation
- Platform message
Custom connector
- External REST API
- OpenAPI contract
- Apps and flows
Dataverse operation vs REST wrapper
Functions + Flows
- Azure Functions
- Custom serverless compute
- Scheduled trigger
- Time-driven function
- Event trigger
- Event-driven function
- Managed identity
- Passwordless service auth
- Dataverse trigger
- Row event flow
- Trigger filter
- Reduce flow runs
- Secure inputs
- Hide sensitive values
- Key Vault
- Store secrets
- Scope
- Group flow actions
- Child flow
- Reusable flow logic
- Service principal
- Application identity
Synchronization Sequence
Track -> Key -> Upsert -> Checkpoint
Webhook vs Service Bus
Webhook
- Direct HTTP delivery
- Simple endpoint
- Receiver handles availability
Service Bus
- Brokered messaging
- Durable delivery
- Decoupled consumers
Direct call vs broker
Integration Picker
- HTTP event receiver→Webhook
- Durable brokered delivery→Service Bus
- High-volume event stream→Event Hubs
- Incremental synchronization→Change tracking
- External business identifier→Alternate key
- Create-or-update synchronization→Upsert
- Custom integration compute→Azure Functions
Event Integration
- Notification service
- Publish execution context
- Registration tool
- Register service endpoint
- Webhook
- HTTP event delivery
- Service Bus
- Reliable brokered messaging
- Event Hubs
- High-volume event streaming
- Service endpoint
- External event destination
- Remote context
- Serialized execution data
- Async step
- Post-transaction delivery
Alternate Key vs Primary Key
Alternate key
- Business identifier
- External system match
- Supports upsert
Primary key
- Dataverse GUID
- Native row identity
- Always unique
External identity vs Dataverse identity
Data Synchronization
- Change tracking
- Incremental data changes
- Delta token
- Synchronization checkpoint
- Alternate key
- External business identity
- Primary key
- Dataverse row GUID
- Upsert
- Create or update
- Idempotency
- Safe repeated processing
- Conflict handling
- Resolve concurrent changes
- Retry
- Recover transient failures
Common Traps
Question count confusion
Practice count is local ≠ Exam count not published
Client validation only
Client logic can bypass ≠ Plug-in enforces server-side
Wrong plug-in image
Pre-image holds old values ≠ Post-image holds new values
Unfiltered update step
Every update may trigger ≠ Filter relevant attributes
Delegation warning ignored
Local subset can mislead ≠ Prefer delegable queries
Configuration embedded
Use environment variables ≠ Use connection references
Secrets exposed
Secure flow inputs ≠ Store secrets in Key Vault
API throttling ignored
Expect transient limits ≠ Apply bounded retries
Long synchronous work
Caller remains blocked ≠ Move work asynchronous
Last Minute
- 1.Platform leads at 30-35%
- 2.Other domains each 10-15%
- 3.Questions = Not published
- 4.Built-in before custom code
- 5.Client UX; plug-in enforcement
- 6.Delegate large canvas queries
- 7.PreOperation can modify Target
- 8.PostOperation supports asynchronous steps
- 9.Custom API = Dataverse message
- 10.Connector = external REST wrapper
- 11.Track, key, then upsert
- 12.Retry Dataverse API limits
- 13.Managed solutions go downstream
- 14.Agents can aid troubleshooting
Explore More Microsoft Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
More From This Family
Videos and articles for deeper review.
