web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Guidance Microsoft Doc...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested Answer

Guidance Microsoft Documentation out of date and require PS commands

(7) ShareShare
ReportReport
Posted on by dex87865 19

Hi, I am looking for Microsoft guidance on what PowerShell commands to use in absence of MSOnline to configure the following: https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/on-prem-server-based-sharepoint-online?view=op-9-0

I have managed to get past some with MGGraph but am failing on others, we really need this updated if they are going to deprecate the MSOnline.

Many thanks,

Categories:
Dynamics 365 general
I have the same question (0)
  • Daivat Vartak (v-9davar) Profile Picture
    Daivat Vartak (v-9d... 7,835 Super User 2025 Season 2 on at
    Hello dex87865,
     

    You're absolutely right. The deprecation of the MSOnline module necessitates a shift to Microsoft Graph PowerShell for managing Dynamics 365 (on-premises) with SharePoint Online integration. The Microsoft documentation you linked is outdated in this regard.

    Here's a breakdown of how to translate the MSOnline commands to Microsoft Graph PowerShell, along with explanations and potential pitfalls:

    Key Concepts and Challenges:

    • Microsoft Graph vs. MSOnline:

      • Microsoft Graph is the unified API endpoint for accessing Microsoft 365 services, including Azure AD, SharePoint Online, and more.

      • It's the future of Microsoft 365 management.

      • MSOnline is being retired. 

    • Dynamics 365 On-Premises Complexity:

      • Integrating on-premises Dynamics 365 with SharePoint Online adds complexity.

      • You'll need to manage Azure AD app registrations, permissions, and SharePoint Online configurations. 

    • Permission Scopes:

      • Microsoft Graph relies on permission scopes. You'll need to grant appropriate scopes to your Azure AD app registration. 

        •  

      •  

    Translating MSOnline Commands to Microsoft Graph PowerShell:

    1. Register an Azure AD Application:

      • This step remains crucial. You'll need an Azure AD application registration to authenticate and authorize your PowerShell scripts.

      • You can do this via the Azure portal or using Microsoft Graph PowerShell.

      • Relevant Graph Commands:

        • New-MgApplication: Create a new application registration.

        • New-MgServicePrincipal: Create a service principal for the application.

        • New-MgApplicationPassword: Add a client secret.

        • New-MgServicePrincipalAppRoleAssignment : assign api permissions. 

    2. Grant SharePoint Online Permissions:

      • You'll need to grant the Azure AD application the necessary permissions to access SharePoint Online.

      • Relevant Graph Commands:

        • New-MgServicePrincipalAppRoleAssignment: Use this to grant SharePoint Online permissions.

        • You'll need to find the correct appRoleId for the SharePoint Online permissions you need (e.g., Sites.FullControl.All). 

    3. Configure Dynamics 365 Server-Based SharePoint Integration:

      • This part involves configuring Dynamics 365 itself.

      • The PowerShell commands in the old documentation are for MSOnline, and are not needed, as the configuration happens within the Dynamics 365 application.

      • The steps within the dynamics 365 application will stay the same. 

    4. Enable Server-Based SharePoint Integration:

      • This is done within the dynamics 365 application. 

    5. Validate SharePoint Site Collections:

      • This is done within the dynamics 365 application. 

        •  

      6.  

    Important Considerations:

    • Authentication:

      • You'll need to authenticate your Microsoft Graph PowerShell session using the Azure AD application's credentials.

      • Use Connect-MgGraph and provide the TenantId, ClientId, and ClientSecret. 

    • Permission Scopes:

      • Carefully select the necessary permission scopes for your Azure AD application.

      • Grant only the minimum required permissions. 

    • Error Handling:

      • Implement robust error handling in your PowerShell scripts.

      • Use try...catch blocks to catch and handle exceptions. 

    • Documentation:

      • Refer to the official Microsoft Graph PowerShell documentation for the latest information on commands and parameters.

      • Always check the Microsoft Graph API documentation for the correct permission scopes. 

    • SharePoint Online Permissions:

      • The most common permission needed is Sites.FullControl.All, but depending on your needs, you may need others. 


      •  

    Example (Conceptual):

    # Connect to Microsoft Graph
    Connect-MgGraph -Scopes "Sites.FullControl.All", "Application.ReadWrite.All"
    # Create Azure AD Application
    $App = New-MgApplication -DisplayName "Dynamics365-SharePointIntegration" -SignInAudience "AzureADMyOrg"
    # Create Service Principal
    $ServicePrincipal = New-MgServicePrincipal -AppId $App.AppId
    # Create Client Secret
    $Password = New-MgApplicationPassword -ApplicationId $App.Id
    # Grant SharePoint Online Permissions
    $SharePointAppRoleId = "Your_SharePoint_AppRoleId" # Find the correct appRoleId
    New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $ServicePrincipal.Id -AppRoleId $SharePointAppRoleId -ResourceId "00000003-0000-0ff1-ce00-000000000000"
    # Dynamics 365 Configuration (Within the Application)
    # ...
    # Validate SharePoint Site Collections (Within the Application)
    # ...

     

    Key Recommendations:

    • Focus on using Microsoft Graph PowerShell for all Azure AD and SharePoint Online management.

    • Thoroughly test your PowerShell scripts in a non-production environment.

    • Stay up-to-date with Microsoft's documentation and release notes.

    • Provide feedback to Microsoft about the outdated documentation.

    By following these guidelines, you can successfully configure Dynamics 365 (on-premises) with SharePoint Online integration using Microsoft Graph PowerShell.

     
    If my answer was helpful, please click Like, and if it solved your problem, please mark it as verified to help other community members find more. If you have further questions, please feel free to contact me.
     
    My response was crafted with AI assistance and tailored to provide detailed and actionable guidance for your Microsoft Dynamics 365 query.
     
    Regards,
    Daivat Vartak
  • dex87865 Profile Picture
    dex87865 19 on at
    Many thanks @Daivat Vartak for your in depth answer.
     
    Does this process you mention take over the server-based authentication section and makes it so we no longer require the setting up of SSL certs?
     
    Our setup is as follows:
    We have a Dynamics CRM environment on-prem and our customers each have their own CRM tenant located on our premise to which they integrate their own SharePoint Online site to. This requires the use of server-based authentication to which they import our public SSL certificate using the below
     
    $RootDomain = “*.Thisdomainbeingourcustomerfacingurl”
    $CRMAppId = "00000007-0000-0000-c000-000000000000" 
    New-MsolServicePrincipalCredential -AppPrincipalId $CRMAppId -Type asymmetric -Usage Verify -Value $CredentialValue
    $CRM = Get-MsolServicePrincipal -AppPrincipalId $CRMAppId
    $ServicePrincipalName = $CRM.ServicePrincipalNames
    $ServicePrincipalName.Remove("$CRMAppId/$RootDomain")
    $ServicePrincipalName.Add("$CRMAppId/$RootDomain")
    Set-MsolServicePrincipal -AppPrincipalId $CRMAppId -ServicePrincipalNames $ServicePrincipalName
     
    Regarding your answer, would each individual customer have to run something along the lines of the below on their own 365 tenant to integrate their SharePoint Online site to their CRM tenant that is on our on-prem Dynamics environment, with no need of a SSL cert anymore?
     
    # Connect to Microsoft Graph
    Connect-MgGraph -Scopes "Sites.FullControl.All", "Application.ReadWrite.All"
    # Create Azure AD Application
    $App = New-MgApplication -DisplayName "Dynamics365-SharePointIntegration" -SignInAudience "AzureADMyOrg"
    # Create Service Principal
    $ServicePrincipal = New-MgServicePrincipal -AppId $App.AppId
    # Create Client Secret
    $Password = New-MgApplicationPassword -ApplicationId $App.Id
    # Grant SharePoint Online Permissions
    $SharePointAppRoleId = "Your_SharePoint_AppRoleId" # Find the correct appRoleId
    New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $ServicePrincipal.Id -AppRoleId $SharePointAppRoleId -ResourceId "00000003-0000-0ff1-ce00-000000000000"
  • Suggested answer
    CU21032259-0 Profile Picture
    CU21032259-0 2 on at
    Good day,
     
    Been puzzling myself,
     
    Here is a bit of a lead, still testing.
     
     Connect to Microsoft Graph
    Connect-MgGraph -Scopes "Application.ReadWrite.All"
    # Define variables
    $RootDomain = "XXXXXXXX"
    $CRMAppId = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    $ServicePrincipalId = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    # Create a new service principal credential
    $Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $Certificate.Import("C:\Temp\Cert\XXXXXXXXX")
    $CERCertificateBin = $Certificate.GetRawCertData()
    $CredentialValue = [System.Convert]::ToBase64String($CERCertificateBin)
    # Add key credential to the existing service principal using Microsoft Graph API
    $KeyCredential = @{
        type = "AsymmetricX509Cert"
        usage = "Verify"
        key = $CredentialValue
    }
    $Body = @{
        keyCredentials = @($KeyCredential)
    }
    Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/servicePrincipals/$ServicePrincipalId" -Body ($Body | ConvertTo-Json -Compress)
    # Get the service principal
    $CRM = Get-MgServicePrincipalByAppId -AppId $CRMAppId
    # Update the service principal names using Microsoft Graph API
    $ServicePrincipalName = $CRM.ServicePrincipalNames
    $UpdatedServicePrincipalNames = $ServicePrincipalName | Where-Object { $_ -ne "$CRMAppId/$RootDomain" }
    $UpdatedServicePrincipalNames += "$CRMAppId/$RootDomain"
    $Body = @{
        servicePrincipalNames = $UpdatedServicePrincipalNames
    }
    Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/servicePrincipals/$ServicePrincipalId" -Body ($Body | ConvertTo-Json -Compress)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Martin Dráb Profile Picture

Martin Dráb 58 Most Valuable Professional

#2
#ManoVerse Profile Picture

#ManoVerse 42

#3
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 38 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans