Posts

Entra ID Group integration

A few years ago, I wrote a blog post about how to use Azure Active Directory for managing users and security in Dynamics 365 for Finance and Operations. In the meantime, Microsoft renamed Azure Active Directory to Microsoft Entra ID. In my blog, I provided how to manage users and provide access permissions by using security groups on Entra ID. Access permissions in Dynamics 365 Finance and Operations are then inherited from a group user. Using this option has some downsides, mainly related to not having security roles directly assigned to the user. I contributed a new feature to the D365FO Admin Toolkit with an enhanced Entra ID group integration feature. You can read more about this new feature in this post.

Read more

Workflow and security do have strong relation in Microsoft Dynamics 365 Finance and Operations. A user not assigned to a workflow task can’t approve a workflow instance. Also, the user should have correct permissions from the security settings as I explained before in another blog. (Workflow security in Dynamics 365 Finance and Operations)

In this blog, I will explain the behavior of a setting available on the Workflow parameters form, called Require explicitly assigned users.

Read more
Invalid Users

Starting in Microsoft Dynamics 365 F&O version 10.0.39, Microsoft enforced security guidelines for external users. Effectively, Microsoft disabled the cross-tenant access in Dynamics 365 F&O. This means that external users from a different tenant, can’t log in to Dynamics 365 unless they are created as a guest user in your own client. In this post, I will elaborate on the change, how it can impact your environments and how to setup external users correctly.

Read more

Security in Dynamics 365 Finance and Operations (F&O) is not easy. When you want to define custom roles, this also has a licensing impact. Sometimes, you expect a particular license for your role, but the application states something different. In this post, I will provide a scenario where the license expectation is a Team members SKU as the intention is to have a read only role, but the role will end up as Operations license.

Read more