Dynamics 365

Best Practice:Dynamics 365 is no longer available when selecting Add Application on the Managed SaaS Applications page. Use instead the Microsoft 365, Microsoft 365 Certificate Based Authentication, or Microsoft 365 Client Credentials integration to view your organization’s Office 365, Dynamics 365, Power BI, Project, and Visio license usage data. To deactivate an existing integration, see Avoiding Duplicate Microsoft 365 Licenses between SaaS Management and IT Asset Management.

Dynamics 365 is an Enterprise Resource Planning (ERP) software that connects and manages an entire business, from financial and supply chain management and from manufacturing to operations.

The following sections explain prerequisites, resources, and instructions for integrating with SaaS Management.

Stored Dynamics 365 Information
Required Minimum Permissions for Dynamics 365
Dynamics 365 Authentication Method
Required Dynamics 365 Credentials
Data Anonymization for Dynamics 365
Integrating Dynamics 365 With SaaS Management
Dynamics 365 API Endpoints

Stored Dynamics 365 Information

The following table describes the available integration tasks and stored data within [ProductName].

Available Integration Tasks

Information Stored

Application Roster

User ID (User Principal Name)
Email
First Name
Last Name
Active Date

Application Access

User ID (User Principal Name)
Last Login

Note:The information stored is subject to change as enhancements are made to the SaaS application.

Required Minimum Permissions for Dynamics 365

The minimum API required permissions are based on the Required Application Permissions for Dynamics 365 and the Required User Role for Dynamics 365.

Required Application Permissions for Dynamics 365

Application Permission

Description

Integration Task Name

Directory.Read.All

Enables you to read the list of users in your Microsoft account.

Application Roster 

AuditLog.Read.All

Enables you to read the audit log details in your Microsoft account.

Application Access 

Offline_access

Enables you to generate the refresh token.

 

Required User Role for Dynamics 365

Note:The following SaaS application user role is not applicable to Flexera One roles.

User Role

Description

Application Administrator

To grant the application permissions, the user must have Application Administrator access. For more information, see Microsoft’s documentation topic, Application Administrator.

Note:Consider the following:

After the Authorization is completed and the integration tasks are executed successfully, the user role can be reduced to the Report Reader role.
After Authorizing, changing the password, or revoking the user roles for the user used for authorizing will result in an integration task failure.
To fetch sign-in events, you must have an Azure AD Premium P1 or Premium P2 license assigned per tenant (for more information, see Microsoft’s documentation topic, Microsoft Entra Plans & Pricing), and you must ensure the Office 365 audit log is turned on (for more information, see Microsoft’s documentation topic, Turn Auditing On or Off).

Dynamics 365 Authentication Method

The required authentication method is OAuth 2.0 With Authorize Flow. For more information, see Microsoft’s documentation topic, Microsoft Identity Platform and OAuth 2.0 Authorization Code Flow.

Required Dynamics 365 Credentials

The following credentials are required:

Username
Password.

Note:Username and password are required only for authorizing the application permissions. These values are not stored in SaaS Management.

Data Anonymization for Dynamics 365

Data anonymization is the processing technique that removes or modifies identifiable information. After the process is complete, data cannot be associated with a specific user. It helps protect private and sensitive data as well as private activities while maintaining its integrity.

Important:Before Integrating Dynamics 365 With SaaS Management, you must complete the following task to ensure that anonymized users are not imported from Dynamics 365 into SaaS Management. You will need to access reports that provide information about your organization’s use of applications and services.

Ensure that data anonymization is disabled in your Microsoft account. Otherwise, all activity data will end up in Suspicious SaaS Activities. For more information, see Microsoft’s documentation topic, Microsoft 365 Reports Show Anonymous User Names Instead of Actual User Names. If anonymized user data has been imported after integrating Azure with SaaS Management, submit a Flexera Support Case.

To view reports with anonymized user data:

1. Sign in to the Microsoft 365 Portal Admin Center.
2. In the menu, go to Settings > Org settings and click the Services link at the top.
3. Scroll down and click Reports.
4. In the window that is displayed, clear the Display concealed user, group, and site names in all reports box.
5. Proceed to Integrating Dynamics 365 With SaaS Management.

Integrating Dynamics 365 With SaaS Management

Note:If you are using both a stand alone Dynamics 365 license and an Office 365 enterprise package license, SaaS Management is not able to differentiate user activities between the two licenses due to the Microsoft Graph API limitations. As a result, Office 365 activities display as Suspicious Activities.

Complete the following steps to integrate Dynamics 365 with SaaS Management.

To integrate Dynamics 365 with SaaS Management:

1. Complete the prerequisite steps in Data Anonymization for Dynamics 365.
2. Add the Dynamics 365 application in SaaS Management. For more information, see Adding an Application.
3. In SaaS Management, click Authorize, which will redirect you to the Microsoft portal.
4. In the Microsoft portal, sign in with your Application Administrator username and password.
5. In the Microsoft Permissions requested window, click Accept to authorize and provide access to the account for the APIs used in the integration.

Note:All blocked users will be displayed as normal users in SaaS Management.

Dynamics 365 API Endpoints

Application Roster

https://graph.microsoft.com/v1.0/users

Application Access

https://graph.microsoft.com/v1.0/auditLogs/signIns