Retrieve only active Dynamics 365 CE licensed Users in CDS connector in Power Automate

Let’s say you have a requirement where you want to work only on Dynamics 365 and you are using Office 365 Get User Profile action to retrieve all users.

In this example, I have some Dynamics 365 Customer Engagement licenses assigned to uers. And I want to retrieve only the Active D365 Users in my Common Data Service Connector.

Here’s how I do it –

Retrieve Users with Filter Condition

Now, the best thing you could do is identify what is the userlicensetype field of other Dynamics 365 users you might have retrieved in your previous executions.

licenseTypeFilter

I’ve used the query userlicensetype eq 6 to query for Active D365 users

If you want to retrieve Users who have been Disabled, you can check by using userlicensetype eq -1

Note: You’ll need to check the respective values for other users who have licenses like Team Member or Sales Professional. Since I haven’t tried those, I don’t have their exact number codes. Best way is to identify a user whose licence configuration you are looking for and look for their userlicensetype field value in Flow.

Result

This gave me only those users who have D365 Customer Engagement License assigned to them
4retrieved

And if I look at my O365 Portal, I can see that 4 users have the Dynamics 365 Customer Engagement License
D365Licensed

There are even more ways you can use to identify for different licenses used. I recommend it’s good practice to retrieved only those users which are needed for your operation.

If you’re also looking to secure the Input/Output data in Flow, refer this Secure Input/Output in Power Automate Run History

Hope this helps!

Create a support Queue in D365 CE

I thought I should share my best practice of creating a quick Support Queue purely to receive Emails in Dynamics 365.

In my example below, the support email address is a User in Office 365 assigned any license that has Exchange Online service present. My example user needn’t have a Dynamics license for purely for the purpose of a Queue. Your application may vary.

Let’s take a look!

Support Queue Email

Now, typically a Support Queue’s Email is purely to track support requests raised over the email address provided. Typically, support@emailaddress.

  1. To start off, I’ll create a user in Office 365 called Support Queue and the login address I choose is support@cft146.onmicrosoft.com and assign only the license which is needed for the Queue i.e. any license having Exchange Online service in it, (E5 in my case) you may chose any other.
    licenseAssigned.png
  2. Then, I make sure my Mailbox is created in a few minutes post assigning the licence and then I’m good to go once I setup the Timezone and Language on the mailbox.
    mailboxReady.png

 

Create a Queue in D365 CE

  1. In D365 CE, directly head-over to create a Queue in D365. Assuming you are a System Admin, head over to Settings > Service Management and go to Queues. And then create a new Queue.
    queueInD365

    newQueue

  2. Enter the details as below, remember to keep the email address the same as the Exchange Email address for this user and click Save.
    createQueueDirectly.png
  3. Once you click Save, the Mailbox will be automatically created.
    SupportQueueMailBoxCreated.png
    That’s it. Now, let’s head towards enabling the mailbox for Server Side Sync.

Enable Server Side Sync on the Support Mailbox

To enable Mailbox, the Email address needs to be Approved by the Global Administrator of O365. [Your org could even be set to not requiring any Approval prior to enabling synchronization, you may need to ask you Admin for the same]. But assuming it’s required – approveEmail

Note that Incoming Email and Outgoing Email above is set to Server-side Synchronization or Email Router. [Incoming enabled is a must to receive emails in the system]. Click OK.
clickOKApprove

Once this is confirmed, see in the next step – the warning message disappears which is shown previously and you can now Test & Enable Mailbox for Server Side Sync. Now, click on Test & Enable Mailbox
test&Enable

Make sure that if you have multiple environments and you want to sync with only the current environment, check the option as below and then confirm.
confirm1EnvironmentOnly

Now, once the test is completed, you’ll be able to see the Success in the Active Mailboxes
enabledSuccessfully.png

 

Testing the Queue

Now, the Queue is ready to receive emails already. If you take look at the Queue, the test emails must have already come in by now.
QueueIsCorrect.png

Now, let’s say that a user has submitted an email to support@cft146.onmicrosoft.com [Your support email here 🙂 ], it will appear in the Queue as below
emailSent.png
itemReceived.png

And then you can continue to build your Queue use cases as per your requirements.

Hope this helps!

Import multiple Users in Office 365

One of the common asks to import multiple users in Office 365 is to be able to create multiple users in most efficient way possible.

Here’s a quick guide to do so using Import multiple users feature in Office 365 Admin Center.

Download Template for Importing Users

  1. Let’s say you are in the Admin Center using portal.office.com. Under Users, You’ll find a button to Add Multiple Users
    addMultipleButton
  2. And the feature let’s you download a template with some sample data in case you’re unsure of what to enter.
    downloadTemplate.png
  3. Once downloaded, you’ll get the Excel in your system
    downloaded
  4. Now, you’ll see some sample data which you can simply delete to add your actual data.
    sampleData.png

    deleteSampleData.png

  5. And let’s say, your data looks like this. I’ve added Kuldeep Gupta and Subhash Mahato, 2 users with some info.
    sampleData

Import Back into O365

Now, we are set to import this in O365.

  1. On the same feature, look for Browser button to import.
    browserExcel
  2. Click Verify to validate the info entered for any errors. Once verified, you can click Next.
    verify
    clickNext.png
  3. On the next step, I’ll assign licenses and proceed by clicking Next.
    assignLicenses
  4. Once the processing is done, users will be added
    importCompleted
  5. And you’ll see 2 new users in O365 with the selected licenses
    2newUsers.png

Hope this was easy! 🙂

 

Use Azure App Passwords for MFA enabled D365 authentication from Console App

If you have a Console App that authenticates to D365 using a credential (typically, an Administrator) but now the administrator is setup for Multi-Factor authentication, your Console App won’t work. So here’s what you can do.

If you first want to check out about enabling Multi-Factor Authentication, you can check my blog post on it here – Office 365 Admin: Quickly Enable Multi-factor authentication for users

Standard Authentication vs MFA enabled User

When there’s not MFA enabled for Dynamics 365 (Office 365) account credentials, you are able to connect to the organization with no issues and get the CRMServiceClient in your application easy.
authenticated

But, if you have Multi-Factor Authentication enabled for a credential that is used in Console Apps to connect to D365, the Console App will not connect and the CrmCerviceClient will have null as below with the error ‘Unable to Login to Dynamics CRM

unabletologin

Managing App Passwords on Azure Portal

Once you have multi-factor authentication enabled for your account, you can go to portal.azure.com and manage App Passwords as follows –

  1. In Azure Portal, go to your account settings.
    gotoaccount
  2. Then, go to Additional security verification
    additionalsecurityverification
  3. Look for App Passwords
    apppasswords
  4. You can manage and create more passwords here
    manageapppasswords
  5. Create a password if you don’t want to use a default one or want to use different passwords for different apps. Give it a suitable name and click Next
    createapppassword
  6. Copy the password as it is the only time it will be displayed.
    copypassowrd
  7. And you can see your passwords as you create them
    morepasswords

 

Implementing App Passwords in Console App

As the name suggests, App Passwords will let you create special passwords for applications to authenticate to Dynamics 365 without needing to go through multi-factor authentication like when you’re running a Console App to connect to Dynamics 365

  1. Go to the Password in the credentials in the App.Config of the Console Application
    oldpassword
  2. And replace it with the App Password
    newpassword
  3. Now, Build the application and run it. It will authenticate successfully.
    authenticated

Hope this helps! 🙂

 

Restrict User Access to a D365 instance using Security Groups

Use Case

You have multiple instances and you don’t want every member with a D365 license to be able to access each of those environments. How do you tackle this? Answer is using Security Groups on the Environments and Users.

Creating Security Group

In Office 365, create a Security Group and add members to it who should have access to the desired environment.

  1. Navigate to Groups in Office 365 and create a New Group. Give it a suitable name.
    creategroup
    groupname
  2. Add members to the Group who should have access. Click on Edit as shown below to Add members to the group and select the members and save it.
    editmembers
    addmembers
    membersadded
  3. Your Security Group is ready.
    securitygroupready

Apply Security Group to the D365 instance

  1. Navigate to Dynamics 365 Admin Center and select Edit on the instance you want to apply the Security Group on.
    editinstance
  2. Select the Security Group field and select the Security Group you created.
    selectsecuritygroup
  3. Click Next.
    clicknext
  4. Save once confirmed that you have selected the correct Security Group.
    saveinstance
    That’s it.

Who all can access the environment

All those are a part of the Security Group applied to the instance will have access to the environment including the Global Administrator
enabledusers

Rest of the users will be in the Disabled Users list
disabledusers

And if they try to access the environment, they will not be able to and will see this –
accessdenied

Hope that was easy! 🙂

D365 Quick Tip: Audit User Access in D365 v9 CE

One of the most common asks as an administration is to know when the user started accessing the system and from where.

In your Dynamics 365 Customer Engagement apps, you can enable Auditing for User Access.

Enable Auditing of User Access

You need to enable this feature once you enable Auditing on Organization level. Then, you can enable User Access Auditing as well

Navigate to Settings > Administration > System Settings and under Auditing tab

OR

Settings > Auditing > Global Audit Settings
systemSettings

Once the Auditing for User Access has started, the Audit Summary will record this –
userAuditStarted

And whenever a User logs into Dynamics 365 via the Web Application, Phone app or WebServices that provide authentication, the Auditing will be logged as shown below –

auditRecording

The Operation will be Access and the Event will be User Access via Web or User Access via Web Services.

If you want to enhance user login, you can quickly enable Multi-Factor Authentication for the users, read my blog on MFA here – Office 365 Admin: Quickly Enable Multi-factor authentication for users

Hope this quick tip helps. 🙂

Use Learning Path for your D365 v9.x Organization – Part 1 | Setup

Learning Path an intuitive feature as compared to Customized Help. Customized Help will take you to an entirely different section whereas Learning Path will guide you through the application when you use the system. This is a multi-part blog series which will walk-through the setup of Learning Path and use of Guided Task and Sidebar in Learning Path.

Also, I’ve you’ve already setup Learning Path on your org, you can read my post on using Sidebars in Learning Path – Use Learning Path Learning Path for your D365 v9.x Organization – Part 2 | Sidebar

And Guided Tasks is here – Use Learning Path for your D365 v9.x Organization – Part 3 | Guided Tasks

Learning Path is available on Customer Engagement and the organization must be on D365 December 2016 Update or later.

Let’s look at how you can enable this for your Organization

Opt-In for Learning Path

  1. First step is to go to Settings > Administration > System Settings. Under General Tab, find ‘Enable Learning Path’ and ‘Enable Learning Path Authoring’. Make sure ‘Use custom Help for customizable entities’ is set to No.
    optIn
  2. When you chose to enable Authoring, a confirmation will be asked for your consent according to Microsoft policies.
    confirmAuthoring

Learning Path Authoring Group

  1. When you’ve opted in for Learning Path Authoring, and in your navigation you go to Training > Content Library under Learning Path.
    lpSiteMap
  2. But you’ll be treated with this message below because you’ve not yet been added to the Group in Office 365.
    lpError

Add to Learning Path Authoring Group in O365

  1. In your Office 365 Admin Center, navigate to Groups as shown below
    authoringGroupInO365
  2. And you should add the Sys Admin user to the Learning Path Author groups as shown below –
    adminAddedToGroup

    Sync Roles in Content Library

    When you’ve enabled Learning Path successfully, you will need to check which Security Roles are enabled in Learning Path designer. The content is shown to users based on the precedence of their security roles.

    1. Navigate to Content Library, you’ll find Configuration button on top as shown below –
      configApp
    2. Under configuration, you’ll see Sync Role button which will sync security roles with Customer Engagement security roles. You can set your precedence of Security Roles before you Sync Roles.
      syncRoles
    3. Click Yes to confirm, it takes a few minutes while it’s happening in the back end.
      confirmSync
    4. Upon completion, you’ll see this message and you know you’re done.
      syncDone
    5. Once everything is setup, you’ll be ready to use Guided Task and Sidebar in Learning Path which I’l be covering in further blog posts in this series.
      lpReady

     

Here’s Part 2 – Use Learning Path Learning Path for your D365 v9.x Organization – Part 2 | Sidebar

And Part 3 – Use Learning Path for your D365 v9.x Organization – Part 3 | Guided Tasks