The views and opinions expressed in this blog are those solely of the author(s) and do not necessarily reflect Microsoft’s current policy, position, or branding. For official announcements and guidance on Dynamics 365 apps and services, please visit the Microsoft Dynamics 365 Blog.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2020 release wave 1 Discover the latest updates and new features to Dynamics 365 planned through September 2020
Release overview guides and videos Release Plan | Preview 2020 Release Wave 1 Timeline
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
Just another day in office and just another new stuff to learn. I bet this one will excite almost all the CRM consultants worldwide.
So what I am talking about in here. Well I am talking about “team ownerships”. I think it is being used in almost every project I have come across till date. Teams are integral part of CRM security and none can deny it. You may be thinking – “come on debajit. We play with this stuff day in and day out. what new are you going to tell us”. If you are aware of the latest feature where Azure AD groups can own Dynamics 365 records, well nothing new in here. But in case this is sounding new, believe me you are in for a fun ride.
Let’s start with a revelation – Now Azure AD groups can own records in Dynamics 365. All this time there used to be owner teams. Now both Azure AD office and security group can own your business records. Let’s see how.
So here I login to the https://portal.azure.com. Choose the active directory for my CRM instance and click on “Groups” menu item on the left bar.
Let’s create a new group. Below are the group details. I have chosen Group Type as “Office 365”. However you can choose the other option “Security” as well.
I also add one member “CRM User 2” to the group.
So I have my new group created. Observe the Object ID field value I have highlighted in the below screenshot. If you remember, I told that this Office 365 security group can now own records in Dynamics 365. And Object ID value is going to be of prime importance to set that up.
I login to CRM –> Settings –> Security –> Teams –> New Team.
Details of the team specified below. I have chosen then team type as “AAD Office Group” and in the Azure AD Object Id field, I have put the Object ID copied from the previous step.
Save the team. CRM will validate the Object ID entered. Please note that you cannot add members to the team from Dynamics 365 screen. To add a member to the group, you would need to do that from the Azure portal or Office 365 admin screen.
So my team is saved. As you can see, there is no “+” icon in the Team Members section. It may take a moment to refresh the team members from Azure. If it doesn’t there is another trick up my sleeve which I am going to share with you soon. Let’s hold on to that for a moment.
So now I have team that represents a Office 365 group. The next step is to go ahead and assign security role to it. I click on Manage roles and assign “Sales Manager” role to it.
If you team members section is still not refreshed and does not show the user you added there in the portal, no worries we will get it sorted out.
So now you have a team which has members (we know it is there as we added in the portal) and has security role. So let’s make it own a record.
I go to Accounts and choose any account and then click on Assign. As you can see from the below screenshot, you can choose your Office 365 team you just created.
Works like a charm. Now office 365 admin can just manage groups from Office 365 admin screen or Azure portal, add or remove members from the team and all this will be automatically reflected in Dynamics 365 without the need of the Office 365 admin to login to Dynamics. Wonderful isn’t it?
Alas, till now “CRM user 2” whom I added to this group in Azure portal is not reflected. No worries, now it’s time to make it work.
I login to Dynamics 365 with CRM User 2. First time when I login, I see something like this. No Accounts, Contacts or other entities which I should have access by virtue of team roles.
But if I go back to my team now, I can user CRM User 2 added. Don’t know if it is a bug or behavior but it automatically gets refreshed in CRM when the user logs in.
Coming back to CRM user 2 screen, if I just refresh the page everything falls back to as desired.
I believe it’s a great feature and will be certainly helpful for many CRM consultants whenever they design security for their implementations.
Hope this helps!
For consultation/ corporate training visit www.xrmforyou.com or reach out to us at firstname.lastname@example.org
Our product offerings:
Role based views for Dynamics 365 (http://www.xrmforyou.com/role-based-views.html)
CRM-Sharepoint Attachment uploader and metadata manager (http://www.xrmforyou.com/sharepoint-integrator.html)
Record Cloner for Dynamics 365 (http://www.xrmforyou.com/record-cloner.html)
Multiselect picklist for Dynamics 365 (http://www.xrmforyou.com/multi-select-picklist.html)
Business Applications communities