Dynamics 365
Best Practice:Flexera recommends creating the Microsoft 365 integration to view your organization’s Office 365, Dynamics 365, Power BI, Project, and Visio license usage data. Any existing Office 365, Dynamics 365, Power BI, Project, and Visio integrations in SaaS Management will be superseded by this new Microsoft 365 integration. To deactivate an existing integration, see Avoiding Duplicate Microsoft 365 Licenses between SaaS Management and IT Asset Management.
Dynamics 365 is an Enterprise Resource Planning (ERP) software that connects and manages an entire business, from financial and supply chain management and from manufacturing to operations.
| • | Information Stored |
| • | Minimum Permissions Required |
| • | Authentication Method |
| • | Credentials Required |
| • | Data Anonymization |
| • | Integrating Dynamics 365 with SaaS Management |
| • | API Endpoints |
The following table describes the available integration tasks and stored data.
|
Available Integration Tasks |
Information Stored |
|||||||||||||||
|
Application Roster |
|
|||||||||||||||
|
Application Access |
|
Note:The information stored is subject to change as enhancements are made to the SaaS application.
Minimum API required permissions are based on the Application Permission and User Role .
|
Application Permission |
Description |
Integration Task Name |
|
Directory.Read.All |
To read the list of users in your Microsoft account |
Application Roster |
|
AuditLog.Read.All |
To read the audit log details in your Microsoft account |
Application Access |
|
Offline_access |
This permission is necessary for the refresh token generation. |
|
|
User Role |
Description |
|
Application Administrator |
To grant the application permissions, the user must have Application Administrator access. For details, see Microsoft’s description of the Application Administrator. |
Note:the following:
| • | Once the Authorization is completed and the integration tasks are executed successfully, the user role can be reduced to the Report Reader role. |
| • | After Authorizing, changing the password, or revoking the user roles for the user used for authorizing will result in an integration task failure. |
| • | To fetch sign-in events, you must have an Azure AD Premium P1 or Premium P2 license assigned per tenant (for details, see Azure Active Directory editions), and you must ensure the Office 365 audit log is turned on (for details, see Turn Office 365 audit log search on or off). |
OAuth2 with Authorize flow. For details, see Microsoft’s instructions in Microsoft identity platform and OAuth 2.0 authorization code flow.
| • | Username |
| • | Password |
Note:Username and password are required only for authorizing the application permissions. These values are not stored in SaaS Management.
Data anonymization is the processing technique that removes or modifies identifiable information. Once the process is complete, data cannot be associated with a specific user. It helps protect private and sensitive data as well as private activities while maintaining its integrity.
When adding the Dynamics 365 application, it is important to make sure that anonymized users are not imported from Dynamics 365 into SaaS Management. You will need to access reports that provide information about your organization’s use of applications and services.
The following procedure is important as a prerequisite to ensure that anonymized user data is not imported when integrating Dynamics 365 with SaaS Management.
To view reports with anonymized user data:
| 1. | Sign in to the Microsoft 365 Portal Admin Center. |
| 2. | In the menu, go to Settings > Org settings and click the Services link at the top. |
| 3. | Scroll down and click Reports. |
| 4. | In the window that is displayed, clear the Display concealed user, group, and site names in all reports box. |
| 5. | Proceed to Integrating Dynamics 365 with SaaS Management. |
Note:Ensure that data anonymization is disabled in your Microsoft account. Otherwise, all activity data will end up in Suspicious SaaS Activities. For more information, see the Microsoft documentation regarding Showing Anonymous User Names. If anonymized user data has been imported after integrating Dynamics 365 with SaaS Management, submit a Support Case.
Integrating Dynamics 365 with SaaS Management
To integrate Dynamics 365 with SaaS Management, perform the following steps.
Note:If you are using both a stand alone Dynamics 365 license and an Office 365 enterprise package license, SaaS Management is not able to differentiate user activities between the two licenses due to the Microsoft Graph API limitations. As a result, Office 365 activities display as Suspicious Activities.
To integrate Dynamics 365 with SaaS Management:
| 1. | Add the Dynamics 365 application in SaaS Management. See Adding an Application. |
| 2. | In SaaS Management, click Authorize, which will redirect you to the Microsoft portal. |
| 3. | In the Microsoft portal, enter your Application Administrator username and password to sign in. |
| 4. | In the Microsoft Permissions requested window, click Accept to authorize and provide access to the account for the APIs used in the integration. |
Note:All blocked users will be displayed as normal users in SaaS Management.
Application Roster
https://graph.microsoft.com/v1.0/users
Application Access
https://graph.microsoft.com/v1.0/auditLogs/signIns