Skip to main content
McAfee Enterprise MVISION Cloud

Configure and Connect the Microsoft Dynamics API

Prerequisites

The following prerequisites are applicable to this procedure:

  • System Administrator access to a Microsoft Dynamics 365. 
  • Global Administrator access to Microsoft Azure.
  • Administrator access to MVISION Cloud.

Step 1: Create Custom OAuth Application in Microsoft Azure

To create a Custom OAuth Application, refer to Custom OAuth Application for Office 365 and Azure API Integration and check the below note before you begin.

IMPORTANT:

DO NOT connect the MVISION Cloud to Dynamics yet, we first need to complete the steps outlined below. Follow the Custom OAuth Application for Office 365 and Azure API Integration up until the MVISION Cloud API Connection section, and then come back to this guide and complete the steps below.

  • You can't enable API access for Dynamics 365 using the Office 365 Global Admin account. To enable API access for MVISION Cloud, you need to create a Custom OAuth application within Azure application registrations as described in Custom OAuth Application for Office 365 and Azure API Integration.
  • If you have already enabled Office 365 services such as OneDrive, SharePoint, Exchange, or Azure in MVISION Cloud using the GA account, then you don't need to disable these connections. They can continue to use the access granted by the Global Admin. 
  • As you complete Custom OAuth Application for Office 365 and Azure API Integration make a note of the Application ID. You will need this to complete Step 4. Make a note of the .pem file uploaded under Certificates and Secrets, later you can use the .pem file as the private key in Step 6.  Also, make a note of the auto-populated Thumbprint ID located under Certificates and Secrets. Later, you can use this as Thumb Print in Step 6.

Step 2: Configure Global Audit Settings

To perform the following activities, you must have the system administrator or custom security role or equivalent permissions.

  1. Log in to the Microsoft Dynamics 365 account as admin or other equivalent roles.
  2. Go to Settings > Advanced Settings.
    clipboard_ecfd1796ec05794fb877a6a8c75cf72b2.png
  3. On the Business Management page, select the Settings from the menu.
  4. Under System, click Auditing.
    clipboard_e2e56c596015e6b4da52179f5d9e208be.png
  5. On the Auditing page, click Global Audit Settings
    clipboard_ebebbdc91d5217b1be6f2caedf6341184.png
  6. You are redirected to the System Settings dialog. Under the Auditing tab, configure the following:
    clipboard_e8eecc9414914e3b507ce824bceaa6fef.png
    • Under Audit Settings, activate these checkboxes:
      • Start Auditing
      • Audit user access
      • Start Read Auditing. This option appears only when you activate Start Auditing.
    • Under Enable Auditing in the following areas, activate all the entity types that you wish to apply DLP on.
  7. To view the listed types in each entity,  hover over each entity type.

NOTE: Before you click OK, the Audit Entities type shows as disabled. After you click OK,  go back to Global Audit Settings and the entity type shows as enabled as per the below screenshot.
clipboard_e0e6f2e8ac77b09bed7d23e835a699905.png

  1. Click OK.

Enable Audit for Specific Entity

Global Audit Settings are common entities and part of Sales, Marketing, or Customer Service Entities. If you want to choose the other entities, then perform the following activities:

  1. Log in to the Microsoft Dynamics 365 account as admin or other equivalent roles.
  2. Go to System > Auditing and click Entity and Field Audit Settings.
    clipboard_ea3795a1e530e48a9e60382a346c6e720.png
  3. The Power Apps dialog opens. Under Entities, select an entity to enable audit. For example, if you want to enable audit for Note, scroll down in the Entities panel, click Note.
  4. Under the General tab > Data Services, activate the Auditing checkbox. 
  5. Click Save.
    clipboard_e6b95834d87c1f63027c2f5d781940699.png

Step 3: Create Application User in the Azure Portal

To create a new application user:

  1. Log in to the Microsoft Azure portal and go to Home > Users. 
  2. To create a new user, click +New user.
    clipboard_e3ce58eb0a49a643a195c46d26961c8a5.png
  3. Once the user is created, copy the User Name/Email of the newly created user. Later, you can use these details in Step 4.

Step 4: Create Application User in Dynamics 365

  1. Log in to Microsoft Dynamics 365 and go to Settings > Security > User and select Application Users from the menu. 
  2. To create a user, click + NEW.
    clipboard_ea1756de741f1f2ec42812c8e6b547921.png
  3. Under Summary, add the following information:

Step 5: Assign Security Role to the Application User

The following two security roles can be assigned to the Application User in Dynamics 365. You can either configure the application user to use a minimum permissions security role or for non-production environments Dynamics system administrator role.

Begin with any one of the following:

Minimum Permission Security Role

This is the recommended approach for production environments. You need to create a new security role and manually assign the permissions to all the corresponding entities you wish to scan using the ODS. If this is a sandbox environment, a shortcut is to use the System Administrator Security Role.

To create the minimum permissions security role and assign it to the application user: 

  1. Go to Settings > Security.
    clipboard_ee1d97db4bf4e00a3e752cf093d228775.png
  2. On the Security page, click Security Roles.
    clipboard_e39f84214b543b05e48404dcc4f68e374.png
  3. On the Security Roles page, click New.
    clipboard_eb0962353117a3a79b238d36315fe8f13.png
  4. By default, the Details tab is displayed. Enter a Role Name. For example, McAfee Application User.
    clipboard_ec12c26614e64820dc36b907bf56f1777.png
  5. For the tabs such as Core RecordsMarketingSalesServiceBusiness Management, Service Management, CustomizationMissing Entities, Business Process FlowsCustom Entities, assign the Organization Key clipboard_ea1c2e198a402ed5a2627b6fcd008730b.png) to all the entities listed in the tab with these privileges: ReadWrite, Delete Assign, and Share.
    clipboard_eeee2f4bbd10fa43d1bee68494dc40aed.png
  6. Click Save and Close.

System Administrator Security Role

TIP: Using the System Administrator role is not recommended in a production environment. Please use the Minimum Permissions Security Role for production.

To assign system administrator security role to the application user:

  1. Click MANAGE ROLES.
    clipboard_e4c3c577658376804cb6311e6de9f3d11.png
  2. Under Manage User Roles, activate the System Administrator checkbox and click OK.
    clipboard_e09ef3dbf1c2379640d75602050da5b41.png

Step 6: Enable MVISION Cloud API Connection

To complete the final steps of this guide, connect to MVISION Cloud with your Dynamics instance. To enable API for Microsoft Dynamics 365 in MVISION Cloud:

  1. Log in to MVISION Cloud with your tenant and go to Settings > Service Management.
  2. Click Add Service Instance, select Microsoft Dynamics 365.
  3. Enter a name for the instance and click Done.
    qa1.png
  4. Select the Microsoft Dynamics 365 instance you created. 
  5. Go to the Setup tab and under API, click Enable.
  6. On the Enable API page, click Provide API Credentials.
    qa2.png
  7. Continue from the  MVISION Cloud API Connection section.
  8. Once the API is enabled, a successful message is displayed. Click Done.
    qa3.png
  9. You are redirected to the Overview tab. Now, you can see the enabled API Details.
    qa4.png
  • Was this article helpful?