Archive

Archive for July 6, 2019

Office 365 Groups + Dynamics 365

In Dynamics 365 online, records can be owned by ‘Office 365 Groups’. Refer my previous article and following are quick notes.

  • The administrator can create Azure AD group teams that are associated to the Azure AD groups in each of the Customer Engagement and Common Data Service environments and assign a security role to these group teams.
  • When members of these group teams access these environments, their access rights are automatically granted based on the group team’s security role.

If you notice, to get the benefits of AAD group ownership, Users must have assigned ‘Dynamics 365 Customer Engagement Plan’ license.

What if the User don’t have ‘Dynamics 365 Customer Engagement Plan’ license. For example, when a sales team has a major opportunity requiring input from several people who don’t have access to Customer Engagement apps.

Office 365 Groups provides a single location to share documents, conversations, meetings, and notes.

Office 365 Groups can be enabled for any entity.

Install Office 365 Groups solution:

T9

  • Install ‘Office 365 Groups’ solution.

TG_8

Enable entities for Office 365 Groups:

  • Connect to your Dynamics instance.
  • Go to Settings -> Office 365 Groups
  • Add required entities.

T10

Create Office 365 Group:

  • Make sure users must have ‘Office online’ license and Mailbox configured.

T11

  • Create a Group and add the Users.

T12

  • Users get notifications in their Outlook web app
  • From Outlook, Users can click on ‘Discover’ to explore more available groups.

T13

  • Also a new SharePoint Sitemap collection gets created for each Group, which allows Users to share documents.

T14

Use Office 365 Groups from Dynamics App:

As we enabled ‘Office Groups’ for ‘Account’ entity

  • Open any account from Dynamics App.
  • From sitemap, click on ‘Office 365 Groups’
  • You can either ‘Create a new group’ or use an existing group.

TG_12

  • Once the configuration is completed, you can start Conversation and share documents which would be available for all members of the group.

T15

🙂

 

 

Working with Azure Active Directory (AAD) Groups in Dynamics Customer Engagement

July 6, 2019 1 comment

In Dynamics 365 online, along with ‘Owner’ and ‘Access’ type, following types have been introduced in ‘Teams’.

  • AAD Security Group
  • AAD Office Group

T1

With these new ‘Team Types’, records in Dynamics 365 can be owned by AAD Groups.

Lets understand what is Azure Active Directory (AAD) group and what’s the significance of making AAD group as owner of a Dynamics record.

  • The administrator can create Azure AD group teams that are associated to the Azure AD groups in each of the Customer Engagement and assign a security role to these group teams.
  • When members of these group teams access these environments, their access rights are automatically granted based on the group team’s security role.

Create AAD Group:

  • Make sure you have Office 365 account (Subscribe to 30 days trail here)
  • Connect to Microsoft 365 Admin Center using Office 365 credentials.
  • Create Users and assign ‘Dynamics 365 Customer Engagement Plan’ license.

T2

  • Now connect to Azure Active Directory Portal
  • Create a new Group of type ‘Office’ and add the Users.
  • Copy the ‘Object ID’ which we need in next steps.

T3

Create Team of type ‘AAD Office Group’:

  • Connect to Dynamics instance
  • Navigate to Settings -> Security -> Teams -> New
  • Select ‘Team Type’ as ‘AAD Office Group’ and paste the AAD Group ‘Object Id’ copied in above section.
  • Save and assign a role.

T4

Access the Dynamics as ‘AAD Group’ Team Member:

As we created a AAD Group and a Team in Dynamics App with ‘Sales Manager’ security role, it’s time for ‘Test User 1’ to access the Dynamics Application.

  • Login to Dynamics Application as ‘Test User 1’
  • Post login, Dynamics App greeted me with ‘You need a Microsoft Dynamics 365 security role to continue’ message.

T5

  • From the message, its clear that Dynamics App expecting ‘Test User 1’ to have a User level Security role and not honoring the Team level Security Role which he is member of.
  • We can resolve this issue by assigning ‘Sales Manager’ role to ‘Test User 1’ which means for every User of AAD group we have to on-board by assigning them an individual security role.
  • But we can make ‘Test User 1’ access Application with out assigning a Role, as we got a cool ‘Member’s privilege inheritance’ feature introduced in ‘Security Role’.

‘Member’s privilege inheritance’ in Security Role:

  • Navigate to ‘Settings -> Security -> Security Roles’
  • Open the ‘Sales Manager’ security role.
  • Change the ‘Member’s Privilege Inheritance’ to ‘Direct User (Basic) access level and Team privileges‘ and Save.

T6

  • Refresh the Dynamics application, ‘Test User 1’ can access the records and application.

T7

  • By setting ‘Member’s Privilege Inheritance’ to ‘Direct User (Basic) access level and Team privileges‘ makes the ‘Sales Manager’ role as both User role as well Team role.
  • This feature eliminates the need of AAD Admin to assign User level roles to individual group members.

Assign Records to ‘AAD Group’ Teams:

  • We can assign the record to ‘AAD Group’ Teams similar to ‘Owner’ Teams.

T8

🙂