Confiz Logo
Let's talk
  • Blog, Cloud, Dynamics 365

Implementing security with Azure Active Directory User Groups in Dynamics 365 F&O

Content

Share this article:

Microsoft Active Directory Security Groups is a legacy feature from Microsoft that enables user role and organization assignments based on their membership in Microsoft Active Directory security groups. It can also be used to enable JIT (just-in-time) provisioning of users when they sign into Dynamics 365 Finance and Operations environment for the first time.
The purpose of Active Directory security groups is to simplify and manage access control and permissions for users within a network. These groups allow administrators to efficiently assign rights and permissions to multiple users simultaneously, ensuring consistent access to resources such as files, folders, applications, and other network services.
As the Office 365 world is expanding, more businesses are moving their solutions to the cloud. As a result, there is a greater need for administrators to be able to manage and provision users from a central location and as a group rather than individually.
Administrators can leverage their Azure Active Directory (Azure AD) groups to manage user access rights in Dynamics 365 Finance and Operations (D365FO). This blog will guide you through the steps for setting up and configuring Dynamics 365 Finance and Operations. Keep in mind that setting up and configuring Azure Active Directory is the responsibility of the IT administration.

How to enable the Active Directory Groups feature in Dynamics 365 Finance and Operations

The Azure Active Directory Groups feature is not enabled by default. To enable this feature, you must change the setting on the license configuration page. To do so, go to System Administration > Setup > License Configuration. Find Administration and then enable the Microsoft Entra ID Security Group.

Note: The system should be in maintenance mode to enable any license configuration.
Setting group security

Take control of your business operations

Discover how Confiz services can simplify your complex workflows and improve decision-making.

Get a Free Quote

Setting up group security

After enabling the feature, when you go to System Administration and then choose Users, you will see a new entry called Groups.
This page will look similar to the user setup screen, but you are setting up group security instead.
The first thing to do is import the Azure AD group you want to set up by clicking on the import groups.
The name field will be non-editable as it’s getting the name directly from AD (Active Directory). You must fill out the ID field, and it should be unique. Once you select the group, you will notice that the screen looks exactly like the user info setup screen. It has a details area at the top and the roles you want to assign at the bottom.
Now, you need to select the appropriate roles to assign to the AD groups you will import. Once this is done, all current users of the group, as well as any future users who join the group, will automatically inherit the group's security settings. In this way, if you need to make a security change in the future, it will affect all users of a group, and there won’t be any need to go to each user one by one to change security settings.

Accelerate growth at an unprecedented pace

Discover how Confiz can help you take control of your daily operations, increasing growth and revenue.

Book a Free Consultation

Managing users in Dynamics 365 Finance and Operations

The Microsoft Entra ID security group feature offers JIT (Just in Time) provisioning. JIT refers to when a new user tries to sign in to the Dynamics 365 Finance and Operations environment for the first time. If the user's AD group is available in D365 F&O, it will automatically create its user.
The main drawback of this feature is that the user ID, in this case, will be an auto-generated number sequence preceded by a ‘$’ sign.

Things to remember while enabling the Active Directory Security Groups

Disabling an Azure AD Group does not disable the users assigned to that group from logging in. However, only disabling the Azure AD user, removing the group as a user from within Dynamics 365 Finance and Operations, or removing the D365FO user entirely will affect the user’s ability to sign in to D365FO. All assigned access is cumulative. This means that if a user is directly assigned roles and is a member of an Azure AD group with assigned roles, their access will be the combination of the directly assigned roles and the inherited roles from the Azure AD group. While this process eases user security setup, it complicates reporting on a user's access. Keep in mind that, by default, no report is available to show a user's access rights clearly.

Enhance security in Dynamics 365 Finance and Operations with Confiz

Active Directory groups in Dynamics 365 Finance and Operations offer robust security features that seamlessly integrate with your system. These groups can grant access, restrict users, and enhance security, providing significant value to your Dynamics 365 environment. If you have any questions or concerns about enabling this feature or need assistance with implementing Active Directory groups, please don't hesitate to contact us at marketing@confiz.com. Our team of Dynamics 365 functional and technical consultants is here to help.

About the author

Ahsan Tariq

With over 3 years of experience in the Dynamics Finance and Operations, Ahsan is a Microsoft D365 F&O Apps Developer working as a senior software engineer on both international and local clients. Focusing both on technical stability and performance optimization, Ahsan spares no expense when it comes to quality of delivery. His skillset include but are not limited to developing SSRS Reports, D365 customizations, solution design, integration and more.
Ahsan Tariq

New to implementation
guide?

Start here to understand how it’s reshaping the future of intelligent systems.

Let’s Talk

Subscribe

Get exclusive insights, curated resources and expert guidance.

You may also like

agentic crm

The rise of agentic CRM: Why Dynamics 365 CE is built for multi-agent collaboration?

Building custom pages in the Dynamics 365 Store Commerce app

How to run General Ledger Foreign Currency Revaluation in D365 Finance & Operations

WhatsApp integration with Dynamics 365 using Azure communication services

How to run cash & bank Foreign Currency Revaluation in D365 F&O

Microsoft Dynamics 365 2025 release wave 2: Key features, AI Copilot updates & timeline

Fill in the details.
We’ll get in touch.

Mohammed Reza

Director Business Development, UAE | KSA

m.reza@confiz.com

+971 508598906

+966 118349672

Linkedin-in

Qaisar Iqbal

Global Vice President Industry Solutions

qaisar.iqbal@confiz.com

+966 118349672

Linkedin-in

Ahmad Youness

Director Business Growth, KSA

ahmad.youness@confiz.com

+966 546074079

Linkedin-in

Amber Emerick

Sales Manager, NA

amber.emerick@confiz.com

+1 323-327-0055

Linkedin-in