Team based Security in Microsoft Dynamics 365 CE : Azure AD Security Group Team (Part 4)

In the cloud era, Microsoft Azure is making a great position in the world market and more importantly Power Platform, Dataverse and Dynamics 365 CE are built on Azure Cloud Environment. Initially, it was difficult to integrate between Azure and Microsoft product families, now Microsoft introduces new features in Dynamics 365 CE for Azure users to use directly as team members called Azure AD Security Groups Teams. This article is a continuation of team-based security where the Owner Team and the Access Team are explained.

However, there are a number of Microsoft products that are working together, with Azure and D365 CE being the major ones. So, first we will try to know what is Azure AD Security Group Team.



According to Microsoft's Doc:

This Team is similar to Owner Team and An Azure AD group team can own records and can have security roles assigned to the team.

There are two type of Azure AD Group Team:

  • Security Group 
  • Office Group
Security Group (Azure AD Security Group): 

Microsoft's Doc Says :

Azure AD Security Groups that are cloud only can be managed by users in the tenant that have the appropriate admin roles.

Office Group (Azure AD Office Group):

Office Group are a membership object in MS 365 that eases the task of ensuring a group of people have consistent permissions to a group of related resources.

In other words:

Microsoft 365 groups (formerly Office 365 groups) are used for collaboration between users, both inside and outside organization and grant access to resources. 

When can we use what? 

I have tried a lot to find out the advantages and disadvantages between the two, but I am not able to succeed. However I will wait whitepaper of security model. But In my current comprehension of these security team is that Dynamics 365 CE resides under the environment and a single organization can design different environments according to its geographical presence. For collaboration between teams and users, Microsoft provides direct integration between Users/Teams and Security Groups. These are repetitive activities to add/assign/grant access to the same users in different product environments, IT Administrators can mitigate their jobs to use Azure AD Security Group.

In my opinion, Azure AD Office Group is best practice, because license  and App plan generally grant/assign in the Microsoft 365. it would be better to manage  entire users from single point. Disadvantage is in my view that it will impact on the performance, it works on 8 hour cache mechanism. 

Steps of Create Azure AD Security Groups:

  • Choose Advance Setting
  • Click on the Security and Select Team

Some Important facts:
  • Both Office as well as Security Azure AD Groups can be used to provide access to users.
  • We can create an AD Groups and then we go to power platform Admin and navigate to environments where we will see all environments.
  • Administrators can use their Azure Active Directory  (Azure AD) Groups to manage access rights for licensed customer engagement and Common Data Service Users.
  • If Company has multiple MS-Dataverse environments, we can use security group to control which licensed users can be a member of particular environment .
  • Team Members are dynamically derived (added or removed) when they access the environment based on their Azure AD Group membership.


Comments

  1. Nanfor Ibérica6 June 2021 at 08:50

    Very Nice Post. I am very happy to see this post. Such a wonderful information to share with us. I would like to share with my friends. For more information visit here


    Microsoft Certified Power Platform Fundamentals

    ReplyDelete

Post a Comment

Popular posts from this blog

Powering Up Your Analytics: Exploring Power Query in Power BI

Image
Data is a valuable asset that has a profound impact on almost every aspect of modern life. Its proper collection, analysis and application can promote innovation, improve efficiency and solve complex challenges in various sectors. In data processing, ETL is a comprehensive process that includes data extraction, transformation, and loading, while Power Query is a specific tool that facilitates the "extract" and "transformation" aspects of ETL, allowing data to be collected and analyzed. Permission is granted to process. And reporting. is ready. It becomes easy to do this. Microsoft's ecosystem of products. Power Query is a data transformation and data preparation engine. Power Query is available in Microsoft Excel and Power BI. Power Query provides a user-friendly and intuitive interface for data professionals and analysts to access and manipulate data from various sources without the need for extensive coding or scripting. It allows users to connect to a wide ra
Read more

Power App Component Overview : Canvas App vs Model-Driven App

Image
The Power Platform is a suite of low-code/No-code tools and technologies developed by Microsoft and Power App is integral component of Power Platform. Power App is platform that enables users to build custom web and mobile applications with a visual interface and minimal coding. The platform support various data sources, including Microsoft 365, Azure Service, and many other, enabling users to integrate and interact with their existing data and systems. In Microsoft's Power Apps, there are two main types of apps that we can create: Canvas Apps: Canvas apps provide a blank canvas where you can design highly customizable applications with a drag-and-drop interface.  Model-Driven Apps: Model-driven apps are built on top of the Dataverse, which provides a set of pre-built data entities and business logic. There are few key technical difference between Canvas App and Model Driven App: During the usability analysis, these high-level technical differences need to be considered. The choi
Read more

Exam PL-400: Microsoft Power Platform Developer

 Create a technical design (10-15%) Validate requirements and design technical architecture design and validate the technical architecture for a solution design authentication and authorization strategy determine whether you can meet requirements with out-of-the-box functionality determine when to use Logic Apps versus Power Automate flows determine when to use serverless computing, plug-ins, or Power Automate determine when to build a virtual entity data source provider and when to use connectors Design solution components design a data model design Power Apps reusable components design custom connectors design server-side components Describe Microsoft Power Platform extensibility points describe Power Virtual Agents extensibility points including Bot Framework skills and Power Automate flows describe Power BI extensibility points including Power BI APIs, custom visuals, and embedding Power BI apps in websites and other applications describe Power Apps portal extensibility points incl
Read more