Team based Security in Microsoft Dynamics 365 CE : Azure AD Security Group Team (Part 4)
In the cloud era, Microsoft Azure is making a great position in the world market and more importantly Power Platform, Dataverse and Dynamics 365 CE are built on Azure Cloud Environment. Initially, it was difficult to integrate between Azure and Microsoft product families, now Microsoft introduces new features in Dynamics 365 CE for Azure users to use directly as team members called Azure AD Security Groups Teams. This article is a continuation of team-based security where the Owner Team and the Access Team are explained.
However, there are a number of Microsoft products that are working together, with Azure and D365 CE being the major ones. So, first we will try to know what is Azure AD Security Group Team.
According to Microsoft's Doc:
This Team is similar to Owner Team and An Azure AD group team can own records and can have security roles assigned to the team.
There are two type of Azure AD Group Team:
- Security Group
- Office Group
Microsoft's Doc Says :
Azure AD Security Groups that are cloud only can be managed by users in the tenant that have the appropriate admin roles.
Office Group (Azure AD Office Group):
Office Group are a membership object in MS 365 that eases the task of ensuring a group of people have consistent permissions to a group of related resources.
In other words:
When can we use what?
I have tried a lot to find out the advantages and disadvantages between the two, but I am not able to succeed. However I will wait whitepaper of security model. But In my current comprehension of these security team is that Dynamics 365 CE resides under the environment and a single organization can design different environments according to its geographical presence. For collaboration between teams and users, Microsoft provides direct integration between Users/Teams and Security Groups. These are repetitive activities to add/assign/grant access to the same users in different product environments, IT Administrators can mitigate their jobs to use Azure AD Security Group.
In my opinion, Azure AD Office Group is best practice, because license and App plan generally grant/assign in the Microsoft 365. it would be better to manage entire users from single point. Disadvantage is in my view that it will impact on the performance, it works on 8 hour cache mechanism.
Steps of Create Azure AD Security Groups:
- Choose Advance Setting
- Click on the Security and Select Team
- Both Office as well as Security Azure AD Groups can be used to provide access to users.
- We can create an AD Groups and then we go to power platform Admin and navigate to environments where we will see all environments.
- Administrators can use their Azure Active Directory (Azure AD) Groups to manage access rights for licensed customer engagement and Common Data Service Users.
- If Company has multiple MS-Dataverse environments, we can use security group to control which licensed users can be a member of particular environment .
- Team Members are dynamically derived (added or removed) when they access the environment based on their Azure AD Group membership.
Very Nice Post. I am very happy to see this post. Such a wonderful information to share with us. I would like to share with my friends. For more information visit here
ReplyDeleteMicrosoft Certified Power Platform Fundamentals