1. Data Management
  2. Security and Compliance Studio
  3. Manage security

Manage groups imported from Microsoft Entra ID

In Microsoft Entra ID, you can create groups and users. To each Microsoft Entra ID group, you can add users as members.

You can import Microsoft Entra ID groups to D365 FO. Synchronize Microsoft Entra ID group members to load the imported groups to Security and compliance studio.
If a member of an imported Microsoft Entra ID group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Microsoft Entra ID groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.
In D365 FO, you can assign roles to groups that are imported from Microsoft Entra ID. These roles are inherited by the users that are linked to these groups in Security and compliance studio.
With Security and compliance studio, you can:
  • Synchronize the Microsoft Entra ID group members with the D365 FO users who are linked to the imported groups.
  • Monitor the groups, as imported from Microsoft Entra ID, and the linked D365 FO users.
 


Security administrator Security administrator The security administrator (SysSecSecurityAdministrator) maintains user and security setup in D365 F&SCM, grants the ability to create and maintain security roles, duties, and privileges and the ability to assign users to roles, define role assignment rules, and maintain data security policies. Synchronize group users with Microsoft Entra ID group members Synchronize group users with Microsoft Entra ID group members You can import Microsoft Entra ID groups to D365 FO. Synchronize Microsoft Entra ID group members, to load the imported groups to Security and compliance studio. If a member of an imported Microsoft Entra ID group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Microsoft Entra ID groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio. After you imported a Microsoft Entra ID group, changes can be made to its members on the Azure Portal. Members can be added to or removed from the Microsoft Entra ID group. Usually, it is required that these changes are also applied to the imported groups in D365 FO.  To keep the setup in Security and compliance studio up to date, you are advised to synchronize the Microsoft Entra ID group members daily. On synchronize of Microsoft Entra ID group members: Groups that are imported from Microsoft Entra ID are loaded to the Security and compliance studio. Members who are added to a Microsoft Entra ID group, are also added to the related group in the Security and compliance studio. A Microsoft Entra ID group member is only added to an imported group if it exists as a user in D365 FO. Members who are removed from a Microsoft Entra ID group, are also removed from the related group in the Security and compliance studio. A Microsoft Entra ID group member is only removed from an imported group if it exists as a user in D365 FO. If a previously imported Microsoft Entra ID group is deleted in Microsoft Entra ID, the related group is disabled in D365 FO on synchronization of imported groups. On synchronization of Microsoft Entra ID group members, the linked users are disabled for this group in the Security and compliance studio. Procedure 1. Go to Security and compliance > Periodic tasks > Synchronize group users. 2. Expand the Run in the background section. 3. Select Yes in the Batch processing field. 4. Click Recurrence. 5. Click OK. 6. Click OK. Start Start Monitor groups imported from Microsoft Entra ID Monitor groups imported from Microsoft Entra ID You can import Microsoft Entra ID groups to D365 FO. On synchronize Microsoft Entra ID group members, the imported groups are loaded to Security and compliance studio. If a member of an imported Microsoft Entra ID group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Microsoft Entra ID groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio. With Security and compliance studio, you can monitor the groups, as imported Microsoft Entra ID, and the linked D365 FO users. Procedure 1. Click Security management. 2. Click the Groups tab. 3. In the list, find and select the desired record. 4. The Users pane shows the D365 FO users who are linked to the selected group. Notes You can view to which groups (as imported from Microsoft Entra ID) a user is linked. To do so, on the Security management workspace, on the Users tab, select a user and open the Groups tab. These group-related changes to the security configuration are logged in the security history: Import of Microsoft Entra ID group Deletion of imported group Assignment of roles to the users that are linked to an imported group. If a role is assigned to an imported group, the role is indirectly assigned to the linked D365 FO users. Do you want to monitor  groups and linked users  as imported from  Microsoft Entra ID groups? Do you want to monitor  groups and linked users  as imported from  Microsoft Entra ID groups? End End Yes No

Activities

Name Responsible Description

Synchronize group users with Microsoft Entra ID group members

Security administrator
You can import Microsoft Entra ID groups to D365 FO. Synchronize Microsoft Entra ID group members, to load the imported groups to Security and compliance studio. If a member of an imported Microsoft Entra ID group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Microsoft Entra ID groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.
After you imported a Microsoft Entra ID group, changes can be made to its members on the Azure Portal. Members can be added to or removed from the Microsoft Entra ID group. Usually, it is required that these changes are also applied to the imported groups in D365 FO. 
To keep the setup in Security and compliance studio up to date, you are advised to synchronize the Microsoft Entra ID group members daily.
On synchronize of Microsoft Entra ID group members:
  • Groups that are imported from Microsoft Entra ID are loaded to the Security and compliance studio.
  • Members who are added to a Microsoft Entra ID group, are also added to the related group in the Security and compliance studio. A Microsoft Entra ID group member is only added to an imported group if it exists as a user in D365 FO.
  • Members who are removed from a Microsoft Entra ID group, are also removed from the related group in the Security and compliance studio. A Microsoft Entra ID group member is only removed from an imported group if it exists as a user in D365 FO.
If a previously imported Microsoft Entra ID group is deleted in Microsoft Entra ID, the related group is disabled in D365 FO on synchronization of imported groups. On synchronization of Microsoft Entra ID group members, the linked users are disabled for this group in the Security and compliance studio.

Monitor groups imported from Microsoft Entra ID

Security administrator
You can import Microsoft Entra ID groups to D365 FO. On synchronize Microsoft Entra ID group members, the imported groups are loaded to Security and compliance studio. If a member of an imported Microsoft Entra ID group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Microsoft Entra ID groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.
With Security and compliance studio, you can monitor the groups, as imported Microsoft Entra ID, and the linked D365 FO users.

Provide feedback