Dynamics 365 has feature to leverage Microsoft Office 365 security group as a team. This helps to assign roles to team instead of user. And also we can use the same security group in other application like OneDrive, SharePoint…
This blog will discuss Microsoft 365 groups and AAD security teams.
We have two types of Active directory groups in Microsoft 365 Admin center.
- Microsoft 365
- Creates a group email to collaborate. We can also add Microsoft teams for group conversations, files, and calendars.
- Security
- Used as a team in Dynamics 365 and controls access to OneDrive and SharePoint
As we know Active directory has users and groups. 
AD Group for Environment
First, we need to setup a group which grants people access to an environment.
- Create an AD group in Microsoft 365 Admin center
- Go to Power Platform Admin and select the environment
- Select “Edit” on Details section
- Assign Security group (Only one) to this environment
- Note: This can be either Microsoft 365 or Security group type
This allows users to access the Dynamics 365 environment if they add to that group. This is an easy way to control which users can access different environments.
Teams in D365
In Dynamics 365 we have few types of teams available.
-
- Owner teams
- Access Teams
- Group teams
Owner teams work like a user, they can own records and have security roles. For example, when a case is created, then the record assigned to team instead of user.
Access teams are dynamically formed and dissolved. This typically happens if the clear criteria for defining the teams, such as established territory, product, or volume isn’t provided. For example Sales agent have permission to case record for that specific customer he deals with.
The groups teams are Similar to owner team, an Azure AD group team can own records and can have security roles assigned to the team. Groups teams are linked to an AD Group.AD Security Group
We are discussing how AD security group will be used as Team in Dynamics 365.
Below diagram shows how AD groups works as Dynamics 365 Teams
Find the steps to setup the team
- First, we need to create Security group in AD
2. Assign user(s) to that group
3. Copy the Object id for Security Group and Create Team in D365
-
- Go to Portal.azure.com
- Search “Groups” (Azure Service)
- Find Security group and copy the object id
- Team type – AAD Security Group
- Azure AD Object id for a group – Put the object id that copied from security group (Note: we can’t update the object id later)
4. Assign roles to the team (Classic Step)
Team Members are not displaying…Why…
You may noticed team members are not displaying on teams.
Members/user permissions are derived dynamically at run-time when the team member accesses the application. So don’t worry, it will so up…
5. Access the application using new user and member should display
Noticed a user added D365 automatically, but no roles assigned. Obviously, permission has been assigned through group teams.
We can only create one group team for each Azure AD group per environment, and the Azure AD Object Id of the group team cannot be edited once the group team is created
Thanks for reading this blog!
I understand that there is currently no way for a AAD group to have a queue attached.
Is there a way to to solve this with a flow? We want the automation this provides but we also need the Team to be able to own and manage records.