Skip to main content
McAfee Enterprise MVISION Cloud

Configure and Connect the Microsoft Dynamics API


The following prerequisites are required:

  • System Administrator access to a Microsoft Dynamics 365. 
  • Global Administrator access to Microsoft Azure.
  • Administrator access to Skyhigh CASB.

Step 1: Create Custom OAuth Application in Microsoft Azure

To create a Custom OAuth Application, refer to Custom OAuth Application for Office 365 and Azure API Integration and check the following notes before you begin.


DO NOT connect the Skyhigh CASB to Dynamics yet, we first need to complete the steps outlined below. Follow the Custom OAuth Application for Office 365 and Azure API Integration up until the Skyhigh CASB API Connection section, and then come back to this guide and complete the steps below.

  • You can't enable API access for Dynamics 365 using the Office 365 Global Admin account. To enable API access for Skyhigh CASB, you need to create a Custom OAuth application within Azure application registrations as described in Custom OAuth Application for Office 365 and Azure API Integration.
  • If you have already enabled Office 365 services such as OneDrive, SharePoint, Exchange, or Azure in Skyhigh CASB using the GA account, then you don't need to disable these connections. They can continue to use the access granted by the Global Admin. 
  • As you complete Custom OAuth Application for Office 365 and Azure API Integration make a note of the Application ID. You will need this to complete Step 4. Make a note of the .pem file uploaded under Certificates and Secrets, later you can use the .pem file as the private key in Step 6.  Also, make a note of the auto-populated Thumbprint ID located under Certificates and Secrets. Later, you can use this as Thumb Print in Step 6.

Step 2: Configure Global Audit Settings

To perform the following activities, you must have the system administrator or custom security role or equivalent permissions.

  1. Log in to the Microsoft Dynamics 365 account as admin or other equivalent roles.
  2. Go to Settings > Advanced Settings.
  3. On the Business Management page, select the Settings from the menu.
  4. Under System, click Auditing.
  5. On the Auditing page, click Global Audit Settings
  6. You are redirected to the System Settings dialog. Under the Auditing tab, configure the following:
    • Under Audit Settings, activate these checkboxes:
      • Start Auditing
      • Audit user access
      • Start Read Auditing. This option appears only when you activate Start Auditing.
    • Under Enable Auditing in the following areas, activate all the entity types that you wish to apply DLP on.
  7. To view the listed types in each entity,  hover over each entity type.

NOTE: Before you click OK, the Audit Entities type shows as disabled. After you click OK,  go back to Global Audit Settings and the entity type shows as enabled as per the following screenshot.

  1. Click OK.

Enable Audit for Specific Entity

Global Audit Settings are common entities and part of Sales, Marketing, or Customer Service Entities. If you want to choose the other entities, then perform the following activities:

  1. Log in to the Microsoft Dynamics 365 account as admin or other equivalent roles.
  2. Go to System > Auditing and click Entity and Field Audit Settings.
  3. The Power Apps dialog opens. Under Entities, select an entity to enable audit. For example, to enable audit for Note, scroll down in the Entities panel, click Note.
    NOTE: To enable files in NRT, select the Note entity to enable it for audit.
  4. Under the General tab > Data Services, activate the Auditing checkbox. 
  5. Click Save.

Step 3: Create an Application User in the Azure Portal

To create a new application user:

  1. Log in to the Microsoft Azure portal and go to Home > Users. 
  2. To create a new user, click +New user.
  3. Once the user is created, copy the User Name/Email of the newly created user. Later, you can use these details in Step 4.

Step 4: Create Application User in Dynamics 365

  1. Log in to Microsoft Dynamics 365 and go to Settings > Security > User and select Application Users from the menu. 
  2. To create a user, click + NEW.
  3. Under Summary, add the following information:

Step 5: Assign Security Role to the Application User

The following two security roles can be assigned to the Application User in Dynamics 365. You can either configure the application user to use a minimum permissions security role or for non-production environments Dynamics system administrator role.

Begin with any one of the following:

Minimum Permission Security Role

This is the recommended approach for production environments. You need to create a new security role and manually assign the permissions to all the corresponding entities you wish to scan using the ODS. If this is a sandbox environment, a shortcut is to use the System Administrator Security Role.

To create the minimum permissions security role and assign it to the application user: 

  1. Go to Settings > Security.
  2. On the Security page, click Security Roles.
  3. On the Security Roles page, click New.
  4. By default, the Details tab is displayed. Enter a Role Name. For example, McAfee Application User.
  5. For the tabs such as Core RecordsMarketingSalesServiceBusiness Management, Service Management, CustomizationMissing Entities, Business Process FlowsCustom Entities, assign the Organization Key clipboard_ea1c2e198a402ed5a2627b6fcd008730b.png) to all the entities listed in the tab with these privileges: ReadWrite, Delete Assign, and Share.
  6. In the Customization tab, for Service Endpoint, click Create
  7. In the Customization tab, for Sdk Message Processing Step, click create.
  8. Click Save and Close.

Minimum Entities and Privileges Requirement

If you do not want to assign all privileges to the list of entities as discussed in Minimum Permission Security Role > point 5, then provide the Read-only privilege for the following three entities in the Customization tab.

  • Entity
  • Field
  • Relationship

NOTE: When the above permission and entities are selectedthe DLP Policy supports only the "Incident" response action. This response action can be seen while defining the DLP Policy for On-Demand Scan.

System Administrator Security Role

TIP: Using the System Administrator role is not recommended in a production environment. Please use the Minimum Permissions Security Role for production.

To assign system administrator security role to the application user:

  1. Click MANAGE ROLES.
  2. Under Manage User Roles, activate the System Administrator checkbox and click OK.

Step 6: Enable Skyhigh CASB API Connection

To complete the final steps of this guide, connect to Skyhigh CASB with your Dynamics instance. To enable API for Microsoft Dynamics 365 in Skyhigh CASB:

  1. Log in to Skyhigh CASB with your tenant and go to Settings > Service Management.
  2. Click Add Service Instance, select Microsoft Dynamics 365.
  3. Enter a name for the instance and click Done.
  4. Select the Microsoft Dynamics 365 instance you created. 
  5. Go to the Setup tab and under API, click Enable.
  6. On the Enable API page, click Provide API Credentials.
  7. Continue from the  MVISION Cloud API Connection section.
  8. Once the API is enabled, a successful message is displayed. Click Done.
  9. You are redirected to the Overview tab. Now, you can see the enabled API Details.
  • Was this article helpful?