Configure and Connect the Microsoft Dynamics API
Prerequisites
The following prerequisites are applicable to this procedure:
- System Administrator access to a Microsoft Dynamics 365.
- Global Administrator access to Microsoft Azure.
- Administrator access to MVISION Cloud.
Step 1: Create Custom OAuth Application in Microsoft Azure
To create a Custom OAuth Application, refer to Custom OAuth Application for Office 365 and Azure API Integration and check the below note before you begin.
IMPORTANT:
DO NOT connect the MVISION Cloud to Dynamics yet, we first need to complete the steps outlined below. Follow the Custom OAuth Application for Office 365 and Azure API Integration up until the MVISION Cloud API Connection section, and then come back to this guide and complete the steps below.
- You can't enable API access for Dynamics 365 using the Office 365 Global Admin account. To enable API access for MVISION Cloud, you need to create a Custom OAuth application within Azure application registrations as described in Custom OAuth Application for Office 365 and Azure API Integration.
- If you have already enabled Office 365 services such as OneDrive, SharePoint, Exchange, or Azure in MVISION Cloud using the GA account, then you don't need to disable these connections. They can continue to use the access granted by the Global Admin.
- As you complete Custom OAuth Application for Office 365 and Azure API Integration make a note of the Application ID. You will need this to complete Step 4. Make a note of the .pem file uploaded under Certificates and Secrets, later you can use the .pem file as the private key in Step 6. Also, make a note of the auto-populated Thumbprint ID located under Certificates and Secrets. Later, you can use this as Thumb Print in Step 6.
Step 2: Configure Global Audit Settings
To perform the following activities, you must have the system administrator or custom security role or equivalent permissions.
- Log in to the Microsoft Dynamics 365 account as admin or other equivalent roles.
- Go to Settings > Advanced Settings.
- On the Business Management page, select the Settings from the menu.
- Under System, click Auditing.
- On the Auditing page, click Global Audit Settings.
- You are redirected to the System Settings dialog. Under the Auditing tab, configure the following:
- Under Audit Settings, activate these checkboxes:
- Start Auditing
- Audit user access
- Start Read Auditing. This option appears only when you activate Start Auditing.
- Under Enable Auditing in the following areas, activate all the entity types that you wish to apply DLP on.
- Under Audit Settings, activate these checkboxes:
- To view the listed types in each entity, hover over each entity type.
NOTE: Before you click OK, the Audit Entities type shows as disabled. After you click OK, go back to Global Audit Settings and the entity type shows as enabled as per the below screenshot.
- Click OK.
Enable Audit for Specific Entity
Global Audit Settings are common entities and part of Sales, Marketing, or Customer Service Entities. If you want to choose the other entities, then perform the following activities:
- Log in to the Microsoft Dynamics 365 account as admin or other equivalent roles.
- Go to System > Auditing and click Entity and Field Audit Settings.
- The Power Apps dialog opens. Under Entities, select an entity to enable audit. For example, if you want to enable audit for Note, scroll down in the Entities panel, click Note.
- Under the General tab > Data Services, activate the Auditing checkbox.
- Click Save.
Step 3: Create Application User in the Azure Portal
To create a new application user:
- Log in to the Microsoft Azure portal and go to Home > Users.
- To create a new user, click +New user.
- Once the user is created, copy the User Name/Email of the newly created user. Later, you can use these details in Step 4.
Step 4: Create Application User in Dynamics 365
- Log in to Microsoft Dynamics 365 and go to Settings > Security > User and select Application Users from the menu.
- To create a user, click + NEW.
- Under Summary, add the following information:
- User Name. Enter the User Name copied from Create Application User in the Azure Portal.
- Application ID. Paste the Client ID/ Application ID of your custom OAuth application. You can get the Application ID when you perform the steps in Custom OAuth Application for Office 365 and Azure API Integration.
- Application ID URI and Azure AD Object ID. Once the user is saved, the details are auto-populated.
Step 5: Assign Security Role to the Application User
The following two security roles can be assigned to the Application User in Dynamics 365. You can either configure the application user to use a minimum permissions security role or for non-production environments Dynamics system administrator role.
Begin with any one of the following:
- Minimum Permissions Security Role (recommended)
- System Administrator Security Role (non-production environments only)
Minimum Permission Security Role
This is the recommended approach for production environments. You need to create a new security role and manually assign the permissions to all the corresponding entities you wish to scan using the ODS. If this is a sandbox environment, a shortcut is to use the System Administrator Security Role.
To create the minimum permissions security role and assign it to the application user:
- Go to Settings > Security.
- On the Security page, click Security Roles.
- On the Security Roles page, click New.
- By default, the Details tab is displayed. Enter a Role Name. For example, McAfee Application User.
- For the tabs such as Core Records, Marketing, Sales, Service, Business Management, Service Management, Customization, Missing Entities, Business Process Flows, Custom Entities, assign the Organization Key (
) to all the entities listed in the tab with these privileges: Read, Write, Delete Assign, and Share.
- Click Save and Close.
System Administrator Security Role
TIP: Using the System Administrator role is not recommended in a production environment. Please use the Minimum Permissions Security Role for production.
To assign system administrator security role to the application user:
- Click MANAGE ROLES.
- Under Manage User Roles, activate the System Administrator checkbox and click OK.
Step 6: Enable MVISION Cloud API Connection
To complete the final steps of this guide, connect to MVISION Cloud with your Dynamics instance. To enable API for Microsoft Dynamics 365 in MVISION Cloud:
- Log in to MVISION Cloud with your tenant and go to Settings > Service Management.
- Click Add Service Instance, select Microsoft Dynamics 365.
- Enter a name for the instance and click Done.
- Select the Microsoft Dynamics 365 instance you created.
- Go to the Setup tab and under API, click Enable.
- On the Enable API page, click Provide API Credentials.
- Continue from the MVISION Cloud API Connection section.
- Once the API is enabled, a successful message is displayed. Click Done.
- You are redirected to the Overview tab. Now, you can see the enabled API Details.