Author: Nishant Rana

I love working in and sharing everything about Microsoft.NET technology !

How to – Create Administrative User Account for managing user / security roles, in Dynamics 365 / CRM


We recently wanted to create user accounts in CRM for managing users and their roles inside CRM, without accessing any of the data or functionality.

Below are the steps we can follow to achieve the same –

Login to Microsoft 365 Admin Center

https://admin.microsoft.com/#/homepage

Add a user

Temporarily assign the license to the user

In optional settings, specify either Global Admin or Dynamics 365 Administrator / Power Platform admin role.

And create the user.

Next,

Login to Power Platform Admin Center

https://admin.powerplatform.microsoft.com/

and navigate to [Environment] >> Settings >> Users

If the users is not yet synced try- https://nishantrana.me/2021/12/14/the-trick-to-force-trigger-user-sync-power-platform-dynamics-365/

Select the User and click on Client Access License (CAL) Information

Change it to Administrative and save the change.

Now back in Microsoft 365 Admin Center we can remove the license and the roles from the user’s account.

Back inside CRM the user will only have access to the Dynamics 365 – Custom app.

Inside app he gets the message No Read Privilege for data.

User will have access to following area within Settings

Inside Settings >> Security

The administrative user can see the users –

Basically when a Global or Power Platform admins having license are synced to the environment, they get the access mode of Read-Write and also System Administrator security role is assigned to them.

That is the reason why we need to change the access mode to Administrative after sync.

If they do not have license assigned, there access mode is still “Read-Write” after sync but no security roles assigned. Also the unlicensed Global and Power Platform admin will have access to the administrative areas.

Also we could create a new custom security role having access to “Security Role” table instead of assigning System Administrator or copy of system admin role.

https://docs.microsoft.com/en-us/power-platform/admin/prevent-elevation-security-role-privilege#assign-the-new-security-role-to-an-administrative-user

Get all the details here –

https://docs.microsoft.com/en-us/power-platform/admin/global-service-administrators-can-administer-without-license

Hope it helps..

Advertisements

How to – Share read-only links to records with any user in your organization – Dynamics 365 / CRM (Dataverse)


To enable quick sharing of the read-only link of the records to any users within the organization, log in to Power Platform Admin Center

Select the Environment > Settings > Privacy + Security


Switch On the Enable Sharing option


This option currently works on the Contact, Account, Opportunity, and Case table.

It enables the option of sending the link to the record with

  • People in the organization with the link
  • Specific People

apart from

  • People with existing access.

Clicking on the Copy link opens the below model dialog box –

Clicking on People with existing access opens the below options –

  • People in your organization with the link
  • Specific people (disabled)

Here we have selected “People in your organization with the link

This enables any user (even if he has no CRM License or Dynamics 365/ Power Platform Role assigned) with the link to open the record as read-only.

This is how the record has opened for the user having no access to CRM but having the link to the record. (read-only)

Similarly, Email Link opens the Send Link dialog box, which allows us to select either a User(s) or Team(s) and define the content of the message as shown below

Clicking on Send opens the email in the default Mail Client associated

Here also we have the option to select either People in your organization with the link and Specific People


Get more details –

https://docs.microsoft.com/en-us/power-platform-release-plan/2022wave1/power-apps/easy-record-sharing

Hope it helps..

Advertisements

Fixed – You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help


Recently one of the users, while accessing a few of the System User’s views, was getting the below error.

You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help.

There were a few System users’ views that were working fine.

The user had the Security Role = System Administrator, however, the Access Mode was set to Administrative.

Changing the Access Mode to Read-Write fixed the issue.

Hope it helps..

Advertisements

How to – Use Refresh Option to force user state synchronization in Power Platform Admin Center – Dynamics 365 / CRM


At times we would assign or update the licenses and roles assigned to the users in Microsoft 365 Admin Center, and these changes would take time to reflect inside the Dynamics 365 applications.

A background system process takes care of synchronizing the user state in Azure AD to the System User table in Dataverse.

However, here we can also use the Refresh
User option in Power Platform Admin Center to force the synchronization instead of waiting.

Inside Power Platform Admin Center – Navigate to Environment >> [Env]>> Settings >> Users and select the user and click on Refresh user option.

This will immediately start the synchronization process.

Hope it helps..

Advertisements

Fixed – Trusted Platform Module has malfunctioned, with Error Code 80090030 in Microsoft Teams


Recently while trying to login into Microsoft Teams we got the below error –


  • As suggested in the different articles – we didn’t find any Teams Account Credentials to be removed.


  • Windows update also didn’t fix the issue.
  • Neither updating the driver from Devic Manager.


 

 

 

 

 

 

 

  • Creating EnableADAL key with Value data 0 also didn’t work.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common

Expand the Common key and select the Identity subkey. Right-click on the space on the right side and go to “New > DWORD (32-bit) Value.”

Right-click on the newly created value and select Rename. Type EnableADAL.

By default, the Value Data of EnableADAL should be 0. If not, double-click on it and enter 0 in its Value Data. Click OK to save the changes.


  • tpm.msc è Prepare the TMP and Clear TPM also didn’t work.

Cryptographic Services were also running properly.

In our case, we were getting below additional error.

Eventually disconnecting the work account worked in our case.

https://nishantrana.me/2022/04/18/fixed-sign-in-required-your-device-is-having-problems-with-your-work-or-school-account-sign-in-again-to-access-your-organizations-resources/

The other solution that worked temporarily for us was to uninstall and reinstall the Microsoft Teams.

https://www.microsoft.com/en-ww/microsoft-teams/download-app

Hope it helps..

Advertisements

Fixed – Sign in required. Your device is having problems with your work or school account. Sign in again to access your organizations resources


Recently we were getting the below pop up in Windows every time after restart.

The fix was to Disconnect the work / school account.

Navigate to Accounts è Access work or school

Click on Disconnect the work or school acount.

That fixed the issue for us.

Hope it helps..

 

Advertisements