Dynamics 365 Client Credentials
Best Practice:Dynamics 365 Client Credentials is no longer available when selecting Add Application on the Managed SaaS Applications page. Use instead the Microsoft 365, Microsoft 365 Certificate Based Authentication, or Microsoft 365 Client Credentials integration to view your organization’s Office 365 Client Credentials, Dynamics 365 Client Credentials, Power BI Client Credentials, Project Client Credentials, and Visio Client Credentials license usage data. To deactivate an existing integration, see Avoiding Duplicate Microsoft 365 Client Credentials Licenses between SaaS Management and IT Asset Management.
Dynamics 365 is an Enterprise Resource Planning (ERP) software that connects and manages an entire business, from financial and supply chain management and from manufacturing to operations.
Important:This Dynamics 365 integration requires the authentication method OAuth2 with client credentials.
The following sections explain prerequisites, resources, and instructions for integrating with SaaS Management.
Stored Dynamics 365 Client Credentials Information
The following table describes the available integration tasks and stored data within [ProductName].
|
|
|
|
Application Roster
|
|
•
|
User ID (User Principal Name) |
|
|
Application Access
|
|
•
|
User ID (User Principal Name) |
|
Note:The information stored is subject to change as enhancements are made to the SaaS application.
Required Minimum Permissions for Dynamics 365 Client Credentials
The minimum API required permissions are based on the Required Application Permissions for Dynamics 365 Client Credentials and the Required User Role for Dynamics 365 Client Credentials.
Required Application Permissions for Dynamics 365 Client Credentials
|
|
|
|
|
Directory.Read.All
|
Enables you to read the list of users in your Microsoft account.
|
Application Roster
|
|
AuditLog.Read.All
|
Enables you to read the audit log details in your Microsoft account.
|
Application Access
|
Required User Role for Dynamics 365 Client Credentials
Note:The following SaaS application user role is not applicable to Flexera One roles.
|
|
|
|
Global Administrator
|
To grant the application permissions, the user must have Global Administrator access. For more information, see Microsoft’s documentation topic, Microsoft Entra Built-In Roles.
|
Note:To fetch Dynamics 365 sign-in events:
|
•
|
You must have an Azure AD Premium P1 or Premium P2 license assigned per tenant. For more information, see Microsoft’s documentation topic, Microsoft Entra Plans & Pricing. |
|
•
|
You must ensure the Office 365 audit log is turned on. For more information, see Microsoft’s documentation topic, Turn Auditing On or Off. |
Dynamics 365 Client Credentials Authentication Method
The required authentication method is OAuth 2.0 With Client Credentials. For more information, see Microsoft’s documentation topic, Microsoft Identity Platform and the OAuth 2.0 Client Credentials Flow.
Required Credentials for Dynamics 365 Client Credentials
The following credentials are required:
Obtaining Client Credentials and Tenant ID for Dynamics 365 Client Credentials
Before Integrating Dynamics 365 Client Credentials With SaaS Management, you need to obtain the client credentials and tenant ID from your Microsoft account by completing the following steps.
To obtain Client Credentials and Tenant ID:
|
1.
|
Sign in to your Microsoft Azure Portal. |
|
2.
|
In the Search box at the top of the page, enter App registrations and click App registrations in the search results to select it. The App registrations page opens. |
|
3.
|
Click New Registration. The Register an application page opens. |
|
4.
|
Enter a Name and choose the Accounts in this organizational directory only option. |
|
7.
|
To generate a Client secret, do the following: |
|
a.
|
Click the Certificates & secrets tab. |
|
b.
|
Under Client secrets, click New client secret. The Add a client secret dialog box opens. |
|
c.
|
In the Description field, enter a name for the new secret. |
|
d.
|
Under Expires, choose an expiration value. |
|
8.
|
Click the API permissions tab and do the following: |
|
a.
|
Click Microsoft Graph. The Request API permissions panel opens. |
|
b.
|
Click Application permissions. |
Note:Do not select Delegated permissions. Delegated permissions will not work.
|
c.
|
In the Select permissions search box, enter AuditLog and then click the arrow to expand AuditLog, and select the AuditLog.Read.All permission checkbox. |
|
d.
|
In the Select permissions search box, enter Directory and then click the arrow to expand Directory, and select the Directory.Read.All permission checkbox. |
|
e.
|
Click Update permissions. |
|
9.
|
After the permissions are added, grant admin consent. |
Data Anonymization for Dynamics 365 Client Credentials
Data anonymization is the processing technique that removes or modifies identifiable information. After the process is complete, data cannot be associated with a specific user. It helps protect private and sensitive data as well as private activities while maintaining its integrity.
Important:Before Integrating Dynamics 365 Client Credentials With SaaS Management, you must complete the following task to ensure that anonymized users are not imported from Dynamics 365 Client Credentials into SaaS Management. You will need to access reports that provide information about your organization’s use of applications and services.
Ensure that data anonymization is disabled in your Microsoft account. Otherwise, all activity data will end up in Suspicious SaaS Activities. For more information, see Microsoft’s documentation topic, Microsoft 365 Reports Show Anonymous User Names Instead of Actual User Names. If anonymized user data has been imported after integrating Azure with SaaS Management, submit a Flexera Support Case.
To view reports with anonymized user data:
|
1.
|
Sign in to the Microsoft 365 Portal Admin Center. |
|
2.
|
In the menu, go to Settings > Org settings and click the Services link at the top. |
|
3.
|
Scroll down and click Reports. |
|
4.
|
In the window that is displayed, clear the Display concealed user, group, and site names in all reports box. |
Integrating Dynamics 365 Client Credentials With SaaS Management
Note:If you are using both a stand alone Dynamics 365 Client Credentials license and an Office 365 enterprise package license, SaaS Management is not able to differentiate user activities between the two licenses due to the Microsoft Graph API limitations. As a result, Office 365 activities display as Suspicious Activities.
Complete the following steps to integrate Dynamics 365 Client Credentials with SaaS Management.
To integrate Dynamics 365 Client Credentials with SaaS Management:
|
1.
|
Complete the steps in the prerequisite sections: |
|
2.
|
Add the Dynamics 365 Client Credentials application in SaaS Management. For more information, see Adding an Application. |
|
3.
|
In the Add Application page for Dynamics 365 Client Credentials: |
|
a.
|
Select the Application Roster and Application Access checkboxes located under Integration Tasks. |
Note:All blocked users will be displayed as normal users in SaaS Management.
Dynamics 365 Client Credentials API Endpoints
Application Roster
https://graph.microsoft.com/v1.0/users
Application Access
https://graph.microsoft.com/v1.0/auditLogs/signIns