Tip #846: Duplicate security roles in Dynamics 365

In Dynamics 365 Customer Engagement(8.2), if you change a Business Unit’s parent BU, custom security roles in the Business Unit may be duplicated.

duplicate roles

If you then change the parent BU a second time, a third copy of the roles will be created. This is a known issue. If it happens to you, open a ticket with Microsoft support, or alternatively, recreate your custom security roles.

Thanks to Eric Labashosky for bringing this to our attention.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #845: Store Dynamics 365 file attachments in Azure Blob storage

Apparently our friends at Microsoft Research have heard Neil Benson’s eloquent explanation of storage costs in Tip #553, as they have released a solution called Attachment Management in AppSource. This solution moves note and email attachments to Azure blob storage, where storage costs are cheaper than Dynamics 365 storage.

The solution includes a plugin called AzureAttachments which handles creation of the attachment in Azure when a note or email attachment is added to Dynamics 365, deletion of the file in Dynamics after the file has been created in Azure blob storage, deletion of the attachment from Azure blob storage if the corresponding note or activity are deleted from Dynamics 365, and retrieval of the attachments when the attachment is requested in Dynamics 365.

Deploying the solution requires an Azure storage account and registration of plugin steps, so be sure that you have the necessary licenses and access to the plugin registration tool.

So now that this solution is available, is there still a place for third party attachment extractor tools? The answer is yes–if you want to store attachments someplace else than Azure Blob storage (such as SharePoint), or if you have many existing attachments that you wish to move to a different location (not just new attachments going forward). Also, keep in mind that this is the first release of this solution, so there may be some rough edges.

But it is great to have a standard Microsoft option that leverages Azure Blob storage, and the solution has some nice functionality, such as an optional web resource to allow users to upload multiple attachments simultaneously.

For more information, see the Attachment Management user guide.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #844: Administer Dynamics 365 Online Without Being a Global Admin

Back in Tip 276 we talked about the challenges of administering CRM Online/Dynamics 365 without being a global admin. There really hasn’t been a good answer for companies that don’t want their deployment admin to be a global administrator.

The good news is this has changed with the introduction of the Dynamics 365 Service Admin role. This new Office 365 role allows you to grant users permission to administer Dynamics 365 tenants without having to be an Office 365 administrator. Users with the Dynamics 365 Service Admin role can perform the following tasks:

  • Configure new instance
  • Backup and restore
  • Sandbox copy
  • Approve email addresses
  • Create and access support requests
  • Access the service health
  • Access message center

You can also restrict Dynamics 365 Service Admins to specific organization instances by assigning a security group for which the admin is not a member to the instances you do not want them to access. Also, Dynamics 365 Service Administrators do not consume a Dynamics 365 user license.

While this will be welcome news for many, keep in mind that you still have to be nice to your Office 365 Global Admin, as you will still need him or her to:

  • Test and enable mailboxes
  • Add licenses to users
  • Access service settings for other Office 365 apps, like SharePoint or Exchange.

For more details see “Use the Dynamics 365 Service admin role to manage your tenant” on TechNet.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #842: Strange security results? Check teams

I created two dashboards and assigned each one to a different security role. However, users without the roles assigned to the dashboards are seeing both dashboards. What’s going on?

Whenever I come across an unexplainable security test result in Dynamics 365, the first thing I do is check the teams assigned to the users in question. In most cases, the unexpected result is caused by user being a member of a team that has a security role that grants the user access to application components to which their user roles do not.


  • Don’t use the same roles for team security and user security.
  • Limit the team role permissions to only the privileges needed by the team.
  • Consider separating the roles used by users and teams from the roles used to grant access to role based forms and dashboards–this will prevent unintentional sharing of the role based components with users and teams that should not see them.
Tweet about this on TwitterShare on FacebookShare on Google+

Tip #840: Shared personal views and charts on mobile

One of the limitations of the Dynamics 365 (and 2016) mobile app is personal charts and views shared with another user do not display in that user’s mobile app. Saved personal views and charts that I own (or that a team on which I’m a member owns) do display in the mobile app.

As a workaround, if you have personal views or charts that you want to be available on mobile for a group of people, instead of sharing the views and charts with them, create a team, add all of the people to the team, and assign the personal views and charts to the team. That will make these items available on the team members’ mobile devices. And don’t forget to add yourself to the team, otherwise you will lose access to your views and charts.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #839: Convert workflow into action

HomeomorphismMy friend Mehmet “Sputnik” Ozdemir is insane. When he asked me how to convert a long and tedious workflow into an action, instead of painstakingly reproducing it step-by-step, I told him that it’s not possible, he’s dreaming and the only sensible thing to do is to call that workflow from the newly minted action.

Did I mention he’s insane? Because he managed to come up with the instructions on how to convert a workflow into an action. Sounds too good to be true? Well, actually it does work every time in 83% of the cases. Readers digest version:

  • Start with a realtime workflow. Convert an asynchronous into a realtime. Less chances of failure.
  • Backup the orgs
  • Create a temp solution (let’s call it: Workflow To Action Conversion)
  • Add the existing Workflow that you want to convert to an action into this solution (eg: Generate Sales Metrics)
  • Create an empty action in the temp solution (eg: Generate Sales Metrics Action)
  • Export the solution (WorkflowToActionConversion.zip)
  • Extract WorkflowToActionConversion.zip and browse to Workflow folder
  • If everything has gone to plan you should have two files in here that correspond the workflow and the empty action. Open both *.xaml files into a tabbed editor (I like Notepad++)
  • In the Action*.xaml file search for: <mva:VisualBasic.Settings>Assembly references and imported namespaces for internal implementation</mva:VisualBasic.Settings>
    Select this line and everything below it and replace it with the same section from the Workflow*.xaml file. Save the Action*.xaml file.
  • Put the Action*.xaml file back into the WorkflowToActionConversion.zip
  • Import the WorkflowToActionConversion.zip
Tweet about this on TwitterShare on FacebookShare on Google+

Tip #838: Fantasy Sales Team vs. Gamification

When looking at solutions available for my Dynamics 365 organization, I saw that there were two solutions available for Gamification. “Fantasy Sales Team” and “Gamification.”

So what is the difference between these solutions? Does “Gamification” include all of the functionality in Fantasy Sales Team?

Scott Durow to the rescue:

FST was essentially a preview and should no longer be used – Gamification replaces FST and is fully supported. There are some nice UI improvements but the biggest thing for me is that logins are now controlled using O365 rather than a separate username/password.

Other reasons to use the new Gamification solution:

  • Total players (sum of all games): From 250 in FST to 15 Simultaneous Games with 500 players each in Gamification
  • Expanded Roles:  From a user being locked into a Player or Fan role to determining the role by game (e.g. Player in one game, fan in another)
  • KPI Manager Role in CRM:  The ability for a non-admin user (e.g. Sales Manager) to create KPIs
  • Default KPIs: 10 default KPIs to get from install to first game in minutes
  • Quick Setup: From install to active in minutes rather than the 24-48 delay in FST
  • Enabling Public Stream in StreamTV
  • Upgraded User Interface including responsive UI for mobile devices
  • Single Sign On with Office 365 / Dynamics 365
  • Multi Language Support
Tweet about this on TwitterShare on FacebookShare on Google+

Tip #837: How to find out what’s new in portals

Wanted to know what’s in the latest Microsoft Portals release but were afraid to ask? Fear no more and point your browser to a kb article Portal Capabilities for Microsoft Dynamics 365 Releases.

Now we only need to pursuade the other teams like Field Services and PSA to do the same.

And I’m out of words at this point – that must be my shortest tip ever.

Tweet about this on TwitterShare on FacebookShare on Google+