Dynamics Community Forum Thread Details

UPDATE: This post was updated on Feb 4th to reflect latest information

===
Early in 2020 (March), Microsoft announced a Team Member license enforcement. The idea is to drive all users that do not require full Dynamics capacity and are using Team Member licenses, towards the right usage of the application. The scheduled date is February 1st, 2021 for this enforcement to be applied. These are some of the most common questions regarding this enforcement:

What does this enforcement include?

Enforcement on January 31^st, 2021 is associated basically to:

- display the 3 team Member apps (Sales team Member, Customer Service team Member, Project Resource Hub) to all Dynamics 365 CRM Environment.
- remove/prevent displaying the rest of the Out of the Box applications (Sales Hub, Customer Service Hub) as well as Custom Apps (Canvas/Model Driven) that do not have an app pass.

Can this be postponed?

No. Enforcement is scheduled for Jan 31, 2021. No further extensions or delays are expected nor communicated at the moment

What this enforcement doesn’t include?

According to https://docs.microsoft.com/en-us/dynamics365/get-started/team-members-license#does-the-team-member-license-enforcement-restrict-create-update-delete-operations-and-other-operations-as-specified-in-the-licensing-guide At this moment, the enforcement doesn’t restrict usage of certain entities (leads, Opportunities, Invoices for example)

Also, you can customize the security roles (Sales Team Member Role, for example) to add access to other entities. However, as stated on https://docs.microsoft.com/en-us/dynamics365/get-started/team-members-license#can-the-security-roles-be-customized-and-changed-by-customers-to-add-or-remove-additional-privileges

NOTE: Please note that it is expected that any modification (either on customization, security roles, navigation) is kept compliant with the licensing guide.

What happens with users that have “old” Team Member licenses (purchased before October 2018)?

At this moment they’re not going to be affected by the enforcement and will continue to use the same applications they previously had. However, as they reach their renewal date and depending on the contract they have, they’ll have to switch to the new Team Member licenses, and the enforcement will take place at this moment.

How can an user/Administrator validate if they’re compliant?

Information is available on https://docs.microsoft.com/en-us/dynamics365/get-started/team-members-license#how-can-we-assess-conformance-to-use-rights-if-the-application-or-security-role-wont-enforce-all-the-restrictions There’s a Report that reflects the users, actions and entities that might be incorrect. IN order to access this, Administrators have to navigate to PowerPlatform Admin center:

On “Analytics” click on “Dataverse”
ON the reports page, click on the top arrow next to “Download”
Select the report for “Non conformant usage by users with Team Member license”:

This will download an excel file with the data. If all users/accesses are compliant, the excel file should be empty with this message:

However, if uses are executing incorrect actions or using incorrect entities, the message should be something like:

For any non-compliant users, administrators should re-evaluate their licensing footprint to potentially step them up to the corresponding Dynamics 365 Full User license. Please note that this report is based on Actions and not on access: this means the report will show actions executed on tables that are not within scope of a team Member. If a user is executing an action within scope (Updating activities or contacts but using a different application for example) is not expected to appear on the report. Also, this report DOESN'T reflect if the user is accessing a custom (model driven or canvas) app

Is there any other report I can use to verify Access?

No. The rest of reports will offer partial information, for example the Most Active users performing operations will indicate users doing Create, Read, Update, Delete but won't tell the entities). Active Users By Entities will show users and entities but not the type of action. And none of this reports will indicate if the user has a team Member license.

Can Team Member licensed users access a custom (Canvas or Model driven) App?

No. By default, these applications won’t be displayed. This is stated on https://docs.microsoft.com/en-us/dynamics365/get-started/team-members-license#will-team-member-users-be-able-to-access-custom-model-driven-applications-in-the-organization. However, if the (custom) app is shared with a specific Security Role, users will be able to see the application but upon accessing, they will receive an error message

One possible workaround is: if the tenant has Power Apps per App licenses, you can assign these Per App licenses to a specific environment and mark an app to use App Passes, as stated on https://docs.microsoft.com/en-us/power-platform/admin/about-powerapps-perapp#step-two-allocate-per-app-plans: basically, we assign per App passes to an environment an then, we mark the app to automatically use app passes.

Note that only Canvas App can get the "Auto assign per app passed". Model driven apps doesn't have this option available, since they will automatically consume AppPasses.

The final step on both cases would be:

- Share the apps with the users from within make.powerapps.com:

- share the App with a security role/Security group or users that are required:

Does Team Member license include a PowerApps license or allow Apps usage?

No. Team Member licenses are meant for a read only scenario within Dynamics 365 Applications. Custom Applications (Model Driven/Canvas) are outside of the scope. However, custom entities (up to 15)can be added to the designated Team member app

When is this taking place?

As with any Online product, the enforcement will take place progressively by region as per the release schedule available on https://docs.microsoft.com/en-us/dynamics365/released-versions/dynamics-365ce#all-version-availability

My Admins have Team Member license, but they see all. Is this OK?

Yes. Microsoft updated the documentation to reflect this particular use case: Users with System Administrator, Environment Maker or System Customizer security roles are entitled to see all the apps despite the license they have. And this makes a lot of sense: as Administrators, they should see apps and share with other security roles as well as to login and validate a specific behavior. A similar situation will happen with users marked as Non-Interactive or Application users. This is documented on https://docs.microsoft.com/en-us/dynamics365/get-started/team-members-license#can-i-customize-these-new-team-member-apps

Can I customize my Team Member app?

Yes. As stated on https://docs.microsoft.com/en-us/dynamics365/get-started/team-members-license#can-i-customize-these-new-team-member-apps, as long as you keep compliant with the Licensing guide regarding the entities and the actions, you can add up to 15 entities whether they’re Out of the Box or custom entities, and they’re not restricted.. the three applications are specifically designed Model Driven Apps and as such, you can modify them to fit your needs the same way you’ll do it using AppDesigner or PowerApps. You can follow the guidelines provided on https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/add-edit-app-components