1. To-Increase Dynamics 365 for Finance & Operations
  2. Security and compliance studio
  3. Manage security

Manage groups imported from Azure Active Directory

In Azure Active Directory (Azure AD), you can create groups and users. To each Azure AD group, you can add users as members.

You can import Azure AD groups to D365 FO. Synchronize Azure AD group members to load the imported groups to Security and compliance studio.
If a member of an imported Azure AD group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Azure AD groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.
In D365 FO, you can assign roles to groups that are imported from Azure AD. These roles are inherited by the users that are linked to these groups in Security and compliance studio.
With Security and compliance studio, you can:
  • Synchronize the Azure AD group members with the D365 FO users who are linked to the imported groups.
  • Monitor the groups, as imported from Azure AD, and the linked D365 FO users.


Security administrator Security administrator Start Start Synchronize group users with Azure Active Directory group members Synchronize group users with Azure Active Directory group members You can import Azure AD groups to D365 FO. Synchronize Azure AD group members, to load the imported groups to Security and compliance studio. If a member of an imported Azure AD group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Azure AD groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.After you imported an Azure AD group, changes can be made to its members on the Azure Portal. Members can be added to or removed from the Azure AD group. Usually, it is required that these changes are also applied to the imported groups in D365 FO. To keep the setup in Security and compliance studio up to date, you are advised to daily synchronize the Azure AD group members.On synchronize of Azure AD group members:Groups that are imported from Azure AD are loaded to the Security and compliance studio.Members who are added to an Azure AD group, are also added to the related group in the Security and compliance studio. An Azure AD group member is only added to an imported group if it exists as a user in D365 FO.Members who are removed from an Azure AD group, are also removed from the related group in the Security and compliance studio. An Azure AD group member is only removed from an imported group if it exists as a user in D365 FO.If a previously imported Azure AD group is deleted in Azure AD, the related group is disabled in D365 FO on synchronization of imported groups. On synchronization of Azure AD group members, the linked users are disabled for this group in the Security and compliance studio. Procedure 1. Go to Security and compliance > Periodic tasks > Synchronize group users. 2. Expand the Run in the background section. 3. Select Yes in the Batch processing field. 4. Click Recurrence. 5. Click OK. 6. Click OK. Do you want to monitor  groups and linked users  as imported from Azure  Active Directory groups? Do you want to monitor  groups and linked users  as imported from Azure  Active Directory groups? Monitor groups imported from Azure Active Directory Monitor groups imported from Azure Active Directory You can import Azure AD groups to D365 FO. On synchronize Azure AD group members, the imported groups are loaded to Security and compliance studio. If a member of an imported Azure AD group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Azure AD groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.With Security and compliance studio, you can monitor the groups, as imported Azure AD, and the linked D365 FO users. Procedure 1. Click Security management. 2. Click the Groups tab. 3. In the list, find and select the desired record. 4. The Users pane shows the D365 FO users who are linked to the selected group. Notes You can view to which groups (as imported from Azure AD) a user is linked. To do so, on the Security management workspace, on the Users tab, select a user and open the Groups tab.These group-related changes to the security configuration are logged in the security history:Import of Azure AD groupDeletion of imported groupAssignment of roles to the users that are linked to an imported group. If a role is assigned to an imported group, the role is indirectly assigned to the linked D365 FO users. End End Yes No

Activities

Name Responsible Description

Synchronize group users with Azure Active Directory group members

Security administrator
You can import Azure AD groups to D365 FO. Synchronize Azure AD group members, to load the imported groups to Security and compliance studio. If a member of an imported Azure AD group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Azure AD groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.
After you imported an Azure AD group, changes can be made to its members on the Azure Portal. Members can be added to or removed from the Azure AD group. Usually, it is required that these changes are also applied to the imported groups in D365 FO. 
To keep the setup in Security and compliance studio up to date, you are advised to daily synchronize the Azure AD group members.
On synchronize of Azure AD group members:
  • Groups that are imported from Azure AD are loaded to the Security and compliance studio.
  • Members who are added to an Azure AD group, are also added to the related group in the Security and compliance studio. An Azure AD group member is only added to an imported group if it exists as a user in D365 FO.
  • Members who are removed from an Azure AD group, are also removed from the related group in the Security and compliance studio. An Azure AD group member is only removed from an imported group if it exists as a user in D365 FO.
If a previously imported Azure AD group is deleted in Azure AD, the related group is disabled in D365 FO on synchronization of imported groups. On synchronization of Azure AD group members, the linked users are disabled for this group in the Security and compliance studio.

Monitor groups imported from Azure Active Directory

Security administrator
You can import Azure AD groups to D365 FO. On synchronize Azure AD group members, the imported groups are loaded to Security and compliance studio. If a member of an imported Azure AD group exists as a user in D365 FO, the user is linked to the group in Security and compliance studio. So, members of Azure AD groups who do not exist as a user in D365 FO, are not shown in the Security and compliance studio.
With Security and compliance studio, you can monitor the groups, as imported Azure AD, and the linked D365 FO users.

Provide feedback