Licensing Advent Calendar – Day 10 – Licenses usage summary

Licensing Advent Calendar

Day 10! So far, I’ve gotten a lot of questions and feedback. Thanks for all the interactions. Even from experienced people, I get messages saying that most of the content is familiar, but still, there are some things mentioned in the blogs that they were not aware of. The post today will be like that. Everyone is likely aware of the Licenses usage summary page, but not everyone has the same number of tab pages. Curious about that?

Licenses usage summary

I will follow up on where I left off in my post from yesterday. I mentioned to ensure the User Security Governance features should be enabled. If the features are enabled, you can open the Licenses usage summary page by the following navigation path: System administration > Security > Security governance > Licenses usage summary.

The form has 4 or 5 tab pages in your environment, depending on whether the latest updates were applied or not. Microsoft decided to remove one tab page. I will elaborate on the deprecated tab page at the end of this post.

Each tab page has one thing in common. It has information about securable objects that are included in a license or not. Is an object entitled or not entitled?

The objects types part of the license calculation are:

  • Menu item display
  • Menu item action
  • Menu item output
  • Data entity
  • Data entity method
  • Service operation

These are all entry points to functionality via forms, data access via data management, or access using external applications. Additional metadata is maintained by Microsoft to manage which licenses have access to these entry points in case of read or write permissions. The majority of elements used in security roles are the menu items.

Note that the old used metadata, such as the list of SKUs per privilege and the license properties on menu items, have been deprecated. You can’t rely on this anymore. Instead, a list of SKUs for each securable object part of the license is maintained in a new microservice.

There is no license validation implemented at this moment on the object types table, form, form control, and report.

The data on this form is refreshed every 2 to 8 hours according to the banner when you open the form. In my experience, this is for my demo environments about every 6 hours.

User Role Licenses

In case you have 4 tab pages, it starts with User Role Licenses.

On this tab page, there are two grids with data. The top grid shows what roles are assigned and what licenses they require for these roles. The column License quantity is showing a value of 1 or 0, with a purpose. The first license per user has the value 1; the others have a 0. The same license per user only has once the value 1. In case you export the data, you can use this column to count the total number of required licenses. In case of multiple licenses per user, you have options to choose between a base or attach license as described on day 3: Licensing Advent Calendar – Day 3 – Dynamics 365 Licensing

The lower grid shows the securable elements the user has access to via the selected security roles. The Entitled column has a checkbox in case the securable element is part of the selected license. In case there is one license per role, this is always the case.

With the help of this information, you can validate if the license requirement is as expected. In the example above, there is a security role with a name that indicates it is about purchase requisitions. The licensing guide clearly states that the purchase requisitions feature is a Team members SKU. As this role currently requires a higher license, it is worth checking the culprit. There might be additional features enabled in this role, or it could be a bug from the standard application or licensing calculation. In a next post, I will explain how you can find out what to do to lower the license requirements to the expected level.

In the example where a security role requires more than one license, you can check per line which securable elements can be used per license when you select a particular line with a selected license. In the example above, there are some securable objects not entitled to the Finance license. Most likely, they now need the Project Operations license. You can check that to switch to another record.

Imagine there are only these three elements not entitled for the Finance license SKU, then you can check if the users do need the access at all, or if, e.g., read-only is a viable option to lower the license requirement from 2 to 1 license.

Role licenses

The next tab page shows the license requirements for the security roles. It shows a combination of all security roles with a license SKU. When you initially open the tab page, you might be lost. How to read and use this data?

The added value comes when you either sort by Role name or filter for a specific role.

When I filter in this case on a security role, the top grid shows a count for Entitled and Not entitled securable elements. In case the count is 0, the license can be used for this security role. There might be more licenses possible than one. In this case, you can choose between Supply Chain Management or the Premium variant. For a proper purchase requisitions role, only the SKUs None and Human Resources Self Service will have a count higher than zero in the Not entitled column. In that case, you can choose the lowest possible license.

The bottom grid shows again the securable elements for the role, indicating which are entitled within the selected SKU or not.

In many cases, for a specific role, there is no single SKU having zero not entitled objects. In that case, more than one base license is required. You can use the User Role Licenses tab page to check which SKUs are suggested by the licensing calculation. Note that in some cases, there might be even a requirement for more than two licenses, or there can be a choice between different base licenses.

For example, the licensing details show that this role needs the Finance and Project Operations license. When reviewing all details, there might be an option to use, e.g., SCM instead of Finance. This all depends on the entitled versus the not entitled objects. If it is possible to enhance the role to lower licenses depends on several variables as described above.

Duty licenses and Privilege licenses

Similar to the security roles, there are also tab pages for duties and privileges. A security role consists of one or more duties and/or privileges. A duty consists of one or more privileges. On the privileges, you manage the access level per entry point.

In case you want to extend an existing security role with, e.g., an existing duty, you can use the last two tab pages to find out the license requirement before adding it to a security role.

Deprecated tab page

As mentioned above, one tab page has been deprecated by Microsoft, but is still visible in case you don’t have the latest available quality update installed.

This tab page was very useful as it had a focus on only the licenses required per user. The data on User Role Licenses is almost equal, with the difference that there is an additional detail level with security roles. Some information on this tab page was not consistent with other reports. For that reason, Microsoft decided to remove it.

Unfortunately, the User Role Licenses tab also has an issue that has already been reported to Microsoft. This only occurs in case there is a single security role with three or more distinct license requirements. I will talk about that in another post.

I liked this deprecated view, as at several clients where I performed a security and license assessment, some users have 23 or more security roles assigned. This is not the best practice, but it is the reality. The User Role Licenses view is cumbersome to use in that scenario. I provided feedback to Microsoft by asking if they could bring back this view. Another workaround would be exporting the data to Excel and creating an aggregated overview.

There is more…

During the Advent period, each day in December, I will share some thoughts and tips related to the Dynamics 365 user license enforcement. If you have questions about this topic, feel free to contact me via LinkedIn, the comments section below, or the contact form on this blog. I will then either update one of the planned blogs for the coming 24 days or answer questions in a new post.

Dynamics 365 Licensing Enforcement Advent Calendar



I do hope you liked this post and will add value for you in your daily work as a professional. If you have related questions or feedback, don’t hesitate to use the Comment feature below.


That’s all for now. Till next time!

/0 Comments/by
You might also like
Let your Operations Flow - Part 1Let your Operations Flow – Part 1
Tips on using Remote Desktop app for LCS environments
How to find privileges and duties for not-entitled securable objects
New features User License Consumption report – October 2025
less is moreImage by Pexels from Pixabay Security in Dynamics 365 F&O: Less is More
Default languageHow to select a default language for new users in Microsoft Dynamics 365 for Finance and Operations
Licensing Advent CalendarLicensing Advent Calendar – Day 24 – Licensing tables
Security Form ControlsImage by Kris from Pixabay Securing a menu item is not enough – form controls
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.