Updated D365FSC User Licensing in 10.44

Alex MeyerFinance & Operations5 hours ago19 Views

Microsoft has been extremely busy the last few months updating their user licensing functionality as they get ready for enabling license enforcement later this year.

Let’s look at some of the updates that appear in the 10.44 release!

#1 – SysAdmins ‘Really’ Do Not Require A License

I have written about this topic in the past, previously for a user to not require a license they would have to be assigned only the SysAdmin role. If any other roles were assigned to the user, they would have to be licensed properly for these additional roles. With this update, if a user is assigned the SysAdmin role it does not matter what other roles are assigned to the user, the user does not require a license.

#2 – License Type of ‘None’ No Longer Exists

If you’ve been reviewing licenses in the past you may have noticed some objects in the system actually required a license type of ‘None’. Microsoft is making a push to identify these objects and correctly license them going forward. Because of these changes to object licenses, you may notice that some license requirements for users, roles, duties, and privileges changing when you update to this version.

#3 – Further Deprecating Legacy User License Reporting Functionality

Microsoft is continuing their push to deprecate / hide / remove legacy user licensing reporting. The following areas that provide licensing information will either be hidden / removed in a future release but have been deprecated in the current release:

The View Permissions report within the System Administration -> Security Configuration form.

The license information provided when assigning a role to a user in the System Administration -> Users form.

#4 – Change to License Methodology

I kind of ‘buried the headline’ here a bit in the sense that I think this is the biggest change to licensing we have seen to date. In 10.44 Microsoft has deployed a number of new tables which are storing the licensing information being analyzed within the Power Platform Admin Center (PPAC). Below is a (non-comprehensive) listing of tables and queries I have found / am using to help determine the license requirements.

Before I jump in, I wanted to give a huge shout out to Brad Bateman who helped document and confirm some of my findings below.

LicensingEntitlementObjects

A listing of all objects within the system.

LicensingAllSKUs

A table that stores all current licenses, their priority order in the analysis, and the ‘group name’ they are a part of.

LicensingElementsRequiringEntitlement

This table stores the objects that have a license requirement.

LicensingAllEntitledPermissions

A table that stores the association between an object and the licenses that would meet the requirements for assignment.

Object License Query

This is a query I developed that joins the above tables to help determine the lowest license requirement for each object.

LicensingRolePermissions

This table stores the role -> object -> AccessLevel assigned.

LicensingRoleRequirementsSummaryView

This view shows each role in the system and the license required, it also shows how many objects within the role are entitled, not entitled, and not required for licensing. This view is used to populate the top grid of the License Usage Summary report in the User Security Governance feature.

This view also exists at the duty / privilege level at:

LicensingDutyRequirementsSummaryView
LicensingPrivielgeRequirementsSummaryView

LicensingRoleRequirementsDetailedView

This view shows the detailed version the above view and shows the role -> object -> license assignment. This data is used to populate the detailed bottom grid of the License Usage Summary report in the User Security Governance feature.

This view also exists at the duty / privilege level at:

LicensingDutyRequirementsDetailedView
LicensingPrivielgeRequirementsDetailedView

LicensingUserRequirementsDetailedView

This is the same view as above at the user level, I wanted to call this out separately as this data can potentially show which objects a user is assigned that are entitled vs not entitled so could potentially be used to help diagnose user licensing issues.

This data is what populates the detailed grid within the user licenses tab for the License Usage Summary report in the User Security Governance feature.

Licensing Methodology Changes

The above represents the first real change to the underlying licensing methodology that Microsoft has made since 2019 and structurally changes how D365 is licensed.The biggest changes being:

Objects themselves actually drive all license requirements from Team Member -> Activity, to License SKUs (Finance, SCM, Commerce, etc)
We move away from ‘privilege based licensing’ where the privilege assigned to the user causes certain license SKUs to be required for a user

I am in the process of updating my user licensing documentation on my blog to reflect these changes.

My recommendation is to start to review any custom security to validate if any license changes have occurred as it is very possible that a previously designed role, duty, or privilege that required a particular license previously might have changed.