D365FO User Licensing Update April 2021
In the past, I have talked about that there are two separate licensing mechanisms in D365FO: entry point and privilege based. I have recently found that there is a third… the Dynamics 365 Licensing Guide itself. Dynamics 365 Licensing Guide This is an almost 60 page document that Microsoft releases on a semi-regular basis and gives the overview of how to license Dynamics 365, the most current… Continue Reading Alex’s...
Why You Need To Be Careful When Using The MetadataSupport Library For Enums in D365FO
I have used the MetadataSupport library in X++ to help get metadata information for tables, menu items, and data entities in the past. I have also used it for enums but recently found an issue when dealing with enum extensions. I initially wrote the logic to get enum metadata information like this: Which seems to work just fine, until you find an enum that contains a base enum extension, for… Continue Reading Alex’s...
Should You Apply Company Restrictions to All User Roles?
One security issue I’ve seen in D365FO, especially from those that have updated from AX 2012, is the idea that company/legal entity restrictions only need to be applied to the System User role and no other roles assigned to a user. What is the rationale behind this? What issues arise if this is done? And what can be done to address this? Why Apply Company Restrictions to Only the System User… Continue Reading Alex’s...
Getting Table Field Information for Form Entry in D365FO
There are many instances where you need to know exactly which table field is tied to an entry on a form: Interested in applying table field level security Want to turn on some type of audit trail tracking So how do we go about doing this? Right Click -> Form Information The easiest method I have found is to right click on the form field (or in some cases the form field label) and going to… Continue Reading Alex’s...
Comparing X++ vs .NET Performance and Memory Usage on Large Collections
After taking a little hiatus from writing I have a backlog of things that I need to catch up on for my blog. The first is a scenario I ran into recently while helping clients and has to deal with X++ and .NET performance and memory usage differences. Some Background Information To set up this scenario, within the Fastpath application (an external SAAS-based .NET application hosted in Azure)… Continue Reading Alex’s Article...
Current State of D365FO User Licensing
Since I’ve written multiple posts on this topic in the past, I thought it would be a good idea to combine the different posts and create a place that I can continually update with the latest information. So going forward, while I will still have individual posts on user licensing as well, this post will always be updated with the latest information. Last Updated: 1/25/2021 Where We Started In… Continue Reading Alex’s...
Voting is Open for DynamicsCon Sessions Until January 22nd
Voting for submitted DynamicsCon sessions (the FREE virtual conference that is taking place March 16 – 18th 2021) is now open until January 22nd! There are a lot of great sessions so be sure to go get registered for the conference and vote on sessions! I have one solo session available along with one I would be co-presenting with my colleague Frank Vukovits with. Understand User Licensing to… Continue Reading Alex’s...
Upcoming Sessions at Power Community D365 FinOps Summit January 29-31 2021
I will be presenting two sessions at the upcoming free Power Community D365 FinOps Summit being held from January 29th – 31st 2021. Be sure to register for the conference and mark your calendars as there are a lot of great sessions available! Common Security Mistakes and How to Avoid Them Join Andre Arnaud de Calavon and myself to learn about common security mistakes that many end users run… Continue Reading Alex’s...
How to Connect Power BI to D365FO Service Operation Endpoint
In the past, I have written about connecting Power BI to a Custom API data source. Now I’d like to talk about connecting Power BI to a custom D365FO service operations endpoint. In this example, I am going to use the Fastpath Audit Trail service operation endpoints we use for our reporting. This endpoint accepts a POST request be made against it and returns the data for the report requested… Continue Reading Alex’s...
Current State of D365FO User Licensing December 2020
With D365FO 10.0.15 now generally available, its time to look to see what has been updated for user licensing. There are definitely some updates in this release! If we navigate to System Administration -> Security -> Security Configuration -> Go to a Role/Duty/Privilege -> View Permissions we can now see that the License area in the upper left hand corner now shows the privilege license SKU… Continue Reading...
How to Fix ‘The devInstall option is not applicable to the current deployable package’ Error
If you are trying to install a deployable package via command line using the AXUpdateInstaller.exe devinstall command and get this error: Here are the steps you can take to fix this issue, run the following commands: AXUpdateInstaller.exe generate -runbookid=”OneBoxDev” -topologyfile=”DefaultTopologyData.xml” -servicemodelfile=”DefaultServiceModelData.xml”… Continue Reading Alex’s...
Announcing the Release of my Dynamics 365 for Finance & Operations Security Course
If you are looking for an in-depth D365FO security course that will take you from a security novice with no prior knowledge of the subject to having a deep understanding of security, audit, and compliance topics and functionality within D365FO. This is the course for you! Dynamics 365 for Finance & Operations Security Course The course covers: Understanding the D365FO Security Model Security… Continue Reading Alex’s...
Current State of D365FO User Licensing for October 2020
Microsoft recently released the 10.0.14(PU38) version of D365FO and along with that came a couple of changes for user licensing. Resource Updates I have updated the privilege to license SKU report that is available as a free resource from Fastpath. This report will show the privilege to license SKU association and then the IsUnique value for that particular privilege license combination. This… Continue Reading Alex’s...
Upcoming Sessions at Dynamic Communities Summit North America 2020
It’s that time of year again for the Dynamic Communities Summit North America conference coming up the week of October 5th – 9th. Obviously this year will be slightly different as the entire conference will be virtual but I will again be presenting a number of sessions (with some help from a colleague of mine Frank Vukovits). Educational Sessions Security Tips, Tricks, and Hacks in D365… Continue Reading Alex’s...
The Spring 2020 Edition of the Security and Audit Field Manual: D365FO Has Been Released
The Fastpath team has released the Spring 2020 version of our Security and Audit Field Manual series for D365FO. The technical aspects of the book include features and functionality that I have found in the last year surrounding the security, audit, and compliance features within D365FO. I would like to thank Mark Polino, Trish Boccuti, Heather Robinson, and the rest of the Fastpath team with… Continue Reading Alex’s...
Current State of D365FO User Licensing for August 2020
Updating Process for Determining User Licensing In this post I don’t have any new or changing information to share about user licensing in D365FO, but I wanted to clarify the steps for determining user licensing diagram from my last post. I’ve revamped the flow of the decision tree slightly to make it more explicit and hopefully easier to read. New Licensing Guide Released by Microsoft Also I… Continue Reading...
Issue with Revoking SysAdmin Role via OData in D365FO
I recently ran into an interesting issue with OData that I wanted to share. Within our Fastpath product suite we have a tool called Identity Manager that helps with the compliant provisioning, modification, and termination of user and user role assignments. Our clients use this module to help ensure that users are assigned the correct access at the correct time while also keeping SOD… Continue Reading Alex’s Article on...
Vote for DynamicsCon Sessions Before August 1st
In today’s world of virtual events it is easy to not know which are worth attending. But what if I told you there was a free Dynamics 365 conference where the attendees vote on which sessions will be presented. And a majority of the presenters are either Microsoft employees, Microsoft MVPs, or subject matter experts in their area. Well that’s exactly what the DynamicsCon conference is… Continue Reading Alex’s...
Current State of D365FO User Licensing for July 2020
I wanted to give a periodic update about user licensing in D365FO for July 2020. With the GA release of 10.0.12/PU36 there has been some changes regarding user licensing to address some of the issues I went over in my previous user licensing post in May. Here are some of the changes: License types available in 10.0.12/PU36 Base licenses: Finance Supply Chain Management (SCM) Commerce… Continue Reading Alex’s Article on...
Current State of D365FO User Licensing for May 2020
I’ve written about user licensing in D365FO in the past but because of the numerous changes Microsoft has made to licensing in the past six months I wanted to start doing periodic updates to give a current state of licensing. There are currently two different licensing mechanisms currently in use for D365FO: Analysis being done at the entry point level – Determining User Licenses in Dynamics… Continue Reading...
Easily Create a Read Only Role in D365FO
I have gotten the question of creating a ‘read only’ or ‘view only’ role many times in the past so I thought I would show the process of how I created one. There are many reasons that a read only role would be needed: Executive/Upper Management users who need access to view information but should not be able to transact in the system Internal/External audit users who need to validate reports… Continue...
Best Practice for Moving D365FO Security Between Environments
One of the questions I get quite often is now that I know that security created/modified from the AOT is stored differently than security created/modified from the user interface, what is the best way to move security between environments effectively and ensure the validity of the tested security in each environment? Treat Security as Code What I mean by this is that your security should go… Continue Reading Alex’s Article...
How to Continue to Use the Table Browser Functionality Within D365FO
While using D365FO it is sometimes helpful to be able to view the actual data within a particular table from a web browser. This has previously been done via the SysTableBrowser menu item display, but recently there was a message on the D365UG forum that trying to navigate to this menu item was throwing an error. If you are unfamiliar with the SysTableBrowser you can utilize it by using the… Continue Reading Alex’s Article...
Upcoming Sessions at Dynamics Communities Summit Europe 2020
We are just over a month away from the Summit Europe 2020 conferences in Barcelona, Spain. As always there is a wide variety of amazing sessions, presentations, and networking to be had. I have a number of sessions across both the extreme365 and Summit conferences surrounding security, audit, and compliance that you shouldn’t miss! Security Landscape in Dynamics and Beyond – Customer… Continue Reading Alex’s Article...
Automatic Company Restriction Assignment in D365FO
I recently wrote about what features allow you to restrict user role assignments to a specific company/legal entity within D365FO, and another great AX developer Nathan Clouse chided me and said ‘What if someone made an open source project to change this behavior?’. After some back and forth we decided we were the people to start this project, I recently got our first feature completely so I… Continue Reading...
Options for Configuring User Legal Entity Restrictions in D365FO
By default, in Dynamics AX/365FO when assigning a user to a role, this access is granted across all companies/legal entities. What options do you have to restrict this? Assign Organizations Under System Administration -> Users you are able to see the roles assigned to a user. When you select a particular role you can then select Assign Organizations to restrict which companies/legal entities… Continue Reading Alex’s...
Current State of User Licensing in D365FO PU31
With D365FO PU31/10.0.7 now becoming GA, we get our first look at Microsoft’s new licensing model within D365FO. I wrote about the high level changes in this post, but let’s look to see how this new licensing model is implemented. First and foremost I wanted to try and find the association between the new license types and the menu items. I started by looking at menu item objects in the AOT… Continue Reading...
Securing the Open in Microsoft Office Button in D365FO
On some pages within D365FO there will be an Office button in the upper right hand corner that allows you to either export grid data to Excel or use Excel to easily update, create, or delete data. Security for these actions are controlled slightly differently than the normal menu item method instead they are controlled by security via data entities. Integration Points There are two different… Continue Reading Alex’s...
Gaps in the Security Diagnostics for Task Recordings Feature in D365FO
I have written in the past about how to use the Security Diagnostics for Task Recordings feature within D365FO to help determine the securable objects consumed during a recorded business process or task. But I found while diving deeper into using the tool that there are some gaps that you need to be aware of. The Gaps 1) The access required for the objects is not shown If we look at the… Continue Reading Alex’s Article on...
Tool To Help Migrate D365FO Security Between Environments
After a great week at Summit 2019 time to get back at it! One of the things I heard repeatedly throughout the sessions I did and numerous people who stopped by our booth was that moving/migrating D365FO security between environments is extremely difficult and not intuitive/user-friendly at all, which I have to agree with. You may remember I created the D365FO Security Converter Tool in the… Continue Reading Alex’s Article...
October 2019 User Licensing Update to Dynamics 365 Finance & Operations
On October 1st 2019, Microsoft released a new licensing guide for the Dynamics 365 business application suite with a number of updates. This licensing update only applies to the cloud version of D365FO and does not apply to on-premise installs. New Licensing Model (as of Oct 1st 2019) The Operations level license is now split into separate modules: Finance Supply Chain… Continue Reading Alex’s Article on their blog October...
Upcoming Sessions at Dynamics Communities User Group Summit 2019
With the calendar switching to October we are officially in the home stretch of the run up to Summit 2019 in Orlando, Florida. As always there is a wide variety of amazing sessions, presentations, and networking to be had. I have a number of sessions surrounding security, audit, and compliance that you shouldn’t miss! Can’t wait to see you all there!!! Pre-Conference Academy Dynamics 365 for… Continue Reading...
Does Licensing in D365FO Consider the Deny Permission?
I have a very interesting licensing scenario I recently ran into surrounding using the deny permission. With the move to D365FO, the deny permission allows for explicitly revoking access to an object, this in turn, should also impact the licensing to a user, role, duty, or privilege. To test this I set up the following scenario: 1. I found a menu item that has different licenses for the… Continue Reading Alex’s Article on...
The Spring 2019 Version of the Security and Audit Field Manual: Microsoft Dynamics 365 for Finance & Operations Has Been Released
The Fastpath team recently released the spring 2019 version of our security and audit series for D365FO. The technical aspects of the book have been updated to reflect the OneVersion releases of D365FO. I would like to thank Mark Polino, Trish Boccuti, and Heather Robinson of the Fastpath team for helping in the process of getting this edited, formatted, and published. A quick overview of the… Continue Reading Alex’s...
How To Utilize the Deny Permission in Dynamics 365 for Finance & Operations
One new piece of security functionality in D365FO is the idea of having an explicit deny access level available to assign. I’ve written about this access level permission in the past and how it overrides any other grants made to this object when assigned to the user. This functionality did not exist in AX 2012 so the question is ‘How do I utilize deny permissions when setting up… Continue Reading Alex’s Article...
Data Entity Filtering in Dynamics 365 for Finance & Operations
Data entities were introduced in D365FO to provide a way for external services to interact with business processes within D365FO without having to know or understand how the inner workings of that data was stored. It was built on top of the OData protocol which provides a standard by which we can consume those objects through RESTful APIs. But what I found while using these was that some of… Continue Reading Alex’s Article...
Field Level Security in Dynamics 365 for Finance & Operations
I’ve written in the past about Least Privilege Security in D365FO but one aspect I haven’t covered yet is the process of setting up field level security in D365FO. In D365FO, entry point security has changed slightly from AX 2012 and has simplified security by allowing menu item access to drive data source access. I’ve written about this in detail in a previous post. But if you want to be… Continue Reading...
Biggest Takeaways From Microsoft BizApp Summit 2019
With Microsoft’s Business Application Summit 2019 wrapping up in Atlanta, I thought I would share my thoughts on the biggest takeaways from the conference in my opinion. New OneVersion Release Schedule Instead of doing 12 separate monthly updates, Microsoft is changing the F&O release schedule to include only 8 with the other months not having an update during those months. You can now pause… Continue Reading...
Can Users Access D365FO With a License Type of None?
I recently saw a question posted on a forum regarding what license Microsoft assigns a user that has no license requirement based on their entry point access. I didn’t really have an answer as I hadn’t ran into this scenario and I didn’t cover it in my my earlier post about determining user licenses. In earlier versions of AX there was some uncertainty about which license would be applied so I… Continue Reading...
Why Adding an Undo Button to Unpublished Objects is Not Easy in D365FO
One question I’ve had throughout the releases of D365FO has been why there wasn’t an ‘Undo’ or ‘Remove’ for a security change made within the user interface. Before security changes go live into the system, they first go to a staging area called ‘Unpublished Objects’, on this screen there is currently a ‘Publish all’ and ‘Publish selection’ but there is no way to...
Things to Watch Out For When Developing D365FO Security Through the User Interface
There are a couple questions I get/issues I see quite often around setting up security in the D365FO user interface so I figured I would make a post around things to watch out for. Security is still hierarchy based, and needs to be created in that way One of the things I’ve seen done quite often is a user trying to set up security where they assign just the access type to an object that a… Continue Reading Alex’s...
Extensible Data Security (XDS) Framework in D365FO
The Extensible Data Security (XDS) framework is a feature in D365FO and AX 2012 that allows users to supplement role based security and allow access to tables to be restricted by a policy. This feature was an evolution of the record-level security that existed in previous versions of Dynamics AX. In simple terms, XDS is placing a WHERE (or ON) statement on any SQL SELECT, UPDATE, DELETE, or… Continue Reading Alex’s Article...
Configuring Azure AD Group Security in D365FO
In AX 2012 you had the ability to use Active Directory groups to help manage security within the application. The basic setup behind this was that you would: Create an AD group and put in the AX users you wanted to be controlled by that group Create the AD group within AX, that group would basically act as a user within the application Then create the users of that group as users within the… Continue Reading Alex’s Article...
Presenting Upcoming User Group Sessions and Academy Classes
The month of March will be very busy for myself and other colleagues at Fastpath as we will presenting sessions at Dynamics Communities conferences as well as leading an academy session. Academy Class – March 4th This Dynamics Communities academy class will be a complete overview of D365FO security and starting from a beginner level and going to advanced. It will be done over the course of 4… Continue Reading Alex’s...
Automated Role Access Testing Using the SysTestSecurityAttribute in D365FO
With the push in D365FO for automating everything from deployment to servicing to testing one of the questions I’ve heard numerous times is how do you perform/is it possible to perform automated role access testing? This comes into play for a number of reasons: With the quick releases of Microsoft D365FO I need a way to quickly ensure that my custom roles have the correct access even after… Continue Reading Alex’s...
Table Permission Framework in D365FO
In the past, I’ve written about the Table Permission Framework functionality within D365FO but recently I’ve had numerous examples of this causing D365FO users issues when setting up security. Because of this, I wanted to write about it again to explain how the feature works, how to troubleshoot security errors caused by the TPF, and how to remediate it. Table Permission Framework (TPF)… Continue Reading Alex’s...
Interesting Behavior of Unpublished Objects in Dynamics 365 for Finance & Operations
One thing I’ve been asked about numerous times and has caused confusion while using the user interface to set up security is some interesting behavior regarding objects showing up in the ‘Unpublished Objects’ area when no changes are made by the user. The Scenario A typical scenario is as follows: User goes to System Administration -> Security Configuration -> Privileges (and notices there… Continue...
Dormant User Account Reporting in D365FO PU21 8.1
Microsoft has added some additional user reporting around dormant user accounts in D365FO PU21 8.1. This report can be found in System Administration -> Security -> Dormant user security accounts. You then can provide some inputs for the report: Number of days since last login Account Type All Claims User Active Directory User Include users having this account status All Enabled Not… Continue Reading Alex’s Article...
Uninstall a deployable package in D365FO
Recently I had the opportunity to learn about uninstalling a deployable package and thought I would go through the process of how I did it. Take zip file of the deployable package that needs to be removed and unzip it Navigate within the unzipped deployable package to the following path: ..packageAOSServiceScripts… Continue Reading Alex’s Article on their blog
Setting Up Security in Dynamics 365 for Finance and Operations – Part III – Security Management
In numerous other posts, I talk about the effect of where you create D365FO security (AOT vs user interface) has on how it is stored. In other posts, I talk about creating an application to help move your security created in the user interface to your AOT. I thought it might be a good idea to bring these ideas to together and summarize this topic and show what security management best practice… Continue Reading Alex’s...