Licensing Advent Calendar – Day 15 – Security implementation

Licensing Advent Calendar

Welcome to the post of day 15. Another door got unlocked. In the post today. I will talk about when to start with the security implementation and some thoughts on keeping track of required licenses as part of the implementation and rollouts.

Security implementation

When an organization starts with the implementation of the application, the focus is usually not directly on security. The first focus is functionality. When to start with the security? Let’s take a step back, as we are already too late!

On day 11, I talked about the security architecture and the relation with licensing. See: Licensing Advent Calendar – Day 11 – Security architecture. To be able to send a quotation for software licenses and the implementation, you should know about the number of users and devices in use. This is the first moment where you have to provide an estimate of the number of users per license type and the devices. There are too many unknown variables at this moment in time that will influence the real numbers required later. What will be the implementation and the rollout plan? Do you, e.g., need all 300 licenses for the first implementation? To be able to start with Dynamics 365 F&O, you need 20 base licenses according to the terms. For sandboxes, there is no license enforcement. Add the licenses when you need them. I have seen several delays of go-live in the past, also delaying the roll-outs. So, you can start with a lower number of licenses and add them along the way when you need them.

As I was not involved during the sales cycles of the clients where I have done a security assessment, it is impossible to say what happened and what needs to be improved. However, some scenarios could be prevented. E.g., I got several times a question where it appeared that the client only had Finance licenses or only Supply Chain Management, as the partner involved mentioned to the client that it didn’t matter. The price was the same, which was one of the arguments. As the licensing guide talks about different license SKUs per area of the application for many years, this is bad advice. So ensure in the future that you will have an idea about the type of access for all users, e.g. number of timesheet writers, Finance users, SCM users, and more.

During the design phase, there will be more details about what elements of the application will be used and which persons should perform the tasks. My recommendation is to use this information to build a security or licensing matrix. Based on this information, a solution architect should have an overview and may be able to review if particular tasks can be moved to different persons to reduce license costs.

Along with the setup and feature tests, ensure that the security roles will be prepared for the first UAT. In this way, users can provide feedback, and you can already check the license levels per security role and see if they match the estimates. Any deviation should be reported so that the client can make informed decisions on how to go forward. When the expectation is that, e.g., 100 uses can work with an Operations – Activity license, and this turns out to be one or two full licenses, this will be a huge surprise on the day of going live. Also, here, based on the details, it can be proposed to move certain responsibilities with higher license requirements to a smaller group of users. E.g., the duties for customers and vendors creation require a base license. Having 100 users being able to add customers and vendors is costly, but also, the data entry will not be consistent. A data management department with a few users can be better for license costs and your data quality.

With this post, I’m not saying that all security reviews I have done are in a bad shape for estimated and sold licenses. In many cases, the required numbers were close to what the client really needed as licenses. Luckily, a majority of clients are aware of what they need. During the reviews, a lot of security roles were in a bad shape for licenses. Some examples of non-compliant security roles were shared yesterday.

In this post, I wanted to share my opinion on starting with security and licenses as early as possible during a Dynamics 365 F&O implementation. I will continue tomorrow with some tips on how to clean security roles for non-entitled objects.

There is more…

During the Advent period, each day in December, I will share some thoughts and tips related to the Dynamics 365 user license enforcement. If you have questions about this topic, feel free to contact me via LinkedIn, the comments section below, or the contact form on this blog. I will then either update one of the planned blogs for the coming 24 days or answer questions in a new post.

Dynamics 365 Licensing Enforcement Advent Calendar



I do hope you liked this post and will add value for you in your daily work as a professional. If you have related questions or feedback, don’t hesitate to use the Comment feature below.


That’s all for now. Till next time!

/0 Comments/by
You might also like
Licensing Advent CalendarMicrosoft Dynamics AX – Trial mode
Dynamics 365 Saturday Amsterdam 2019Dynamics 365 Saturday is visiting Amsterdam
Securing data projectsWhat are the options for securing data projects
Security configuration repairSecurity configuration – What is the ‘Repair’ button?
Let your Operations Flow - Part 2Let your Operations Flow – Part 2
Licensing Advent CalendarLicensing Advent Calendar – Day 20 – Security analysis in PPAC and LCS
Prepare yourself for the Microsoft Dynamics 365 for Finance and Operations One Version
Licensing Advent CalendarLicensing Advent Calendar – Day 4 – PPAC User License Consumption
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.