Let us squeeze this lemon to automate as much as possible of the tedious work regarding the administration of a Dynamics 365 Customer Engagement or PowerApps.
The most natural tedious work to automate with the most significant impact will be the Security Role assignment if you ask me so let us explore how to automate this by looking at what is built into Azure Active Directory and Dynamics 365 Customer Engagement and PowerApps CDS.
When done with the below steps, the added benefit is that you only need AD group access role rather than Microsoft Dynamics 365 Admin role to assign a Dynamics/PowerApps security role.
See a video demo on how I made it work…
ps. you need to be a Dynamics 365/PowerApps Admin to set this up
How to Automate Security Role Assignment
- Open up Dynamics as an Admin and navigate to “Advanced Setting.”
- Click on the Menu down arrow next to Setting in the black top line.
- Select “Security”
- Select “Teams”
- Click “new.”
- Give the new Team a Name, Owning Business unit and an Administrator. For members of this team to be controlled by Azure Active Directory select Teams Type = AAD Security Group.
- Fing the Azure AD Group Object ID (see Automate Microsoft License assignment as Easy as 1-2-3 on how this was created.)
- Paste in the Azure AD group Object ID in “Azure AD Object id for a Group” – Press Save
- Once saved, relate a Dynamics 365 Securit role / PowerApps CDS security role to the group by clicking “Manage Roles.” Select 1 or more security role and press “Ok.” Now all setup is done, and automation magic will start.
How it behaves could seem as a bit strange so please read the next steps to meet your stange new automation friend.
- Finding your Azure AD security Teams again is done by changing the view to “All AAD Security Group Teams.”
- Let us see when the adding of a user to the Azure AD group will be reflected in Dynamics/PowerApps. First, I will add new users to the AD group: Then I verify that the user is added. The strange thing is that when looking at members of the Dynamics group, the new users do not seem to be added… but the reality is that it is not a batch job running adding users…but a check that is done when users log in. After Users log in, they appear in the Team member list and have the security role rights that the Team have.
For details read see Microsoft documentation
To Complete Automation for License assignment please see this post: Automate Microsoft License assignment as Easy as 1-2-3
But why automate License and Security Role Assignment you say!
History shows that
-Microsoft tend to re-invent a license by creating a new with a different name when this occurs, all users must have a new license assigned and the old removed.
-People changes jobs and therefore, license and Security roles are handed over between people.
-Organizations change the internal structure, which can make it necessary to assign a different Security role to most users.
Above reasons all get worse with manual humans work as humans make mistakes where wrong people get access, and the right once does not.
A most important reason for doing this Automation is that it takes less than 10 minutes to automate, which is equal to the same time it takes to manually assign license and Security roles to 10 users.