Fixed – You can’t delete this queue because it has items assigned to it – Dynamics 365 Customer Service Hub / CRM


Recently while trying to delete some of the Queue (Advanced Queue) in our case, we were getting the below error.

You can’t delete this queue because it has items assigned to it. Assign these items to another user/team, or queue and try again.

We checked and there were no queue items assigned to that queue.

Eventually what worked was to Deactivate that Queue first and then we were able to delete it.

Hope it helps..

Advertisements

How to – Create Administrative User Account for managing user / security roles, in Dynamics 365 / CRM


We recently wanted to create user accounts in CRM for managing users and their roles inside CRM, without accessing any of the data or functionality.

Below are the steps we can follow to achieve the same –

Login to Microsoft 365 Admin Center

https://admin.microsoft.com/#/homepage

Add a user

Temporarily assign the license to the user

In optional settings, specify either Global Admin or Dynamics 365 Administrator / Power Platform admin role.

And create the user.

Next,

Login to Power Platform Admin Center

https://admin.powerplatform.microsoft.com/

and navigate to [Environment] >> Settings >> Users

If the users is not yet synced try- https://nishantrana.me/2021/12/14/the-trick-to-force-trigger-user-sync-power-platform-dynamics-365/

Select the User and click on Client Access License (CAL) Information

Change it to Administrative and save the change.

Now back in Microsoft 365 Admin Center we can remove the license and the roles from the user’s account.

Back inside CRM the user will only have access to the Dynamics 365 – Custom app.

Inside app he gets the message No Read Privilege for data.

User will have access to following area within Settings

Inside Settings >> Security

The administrative user can see the users –

Basically when a Global or Power Platform admins having license are synced to the environment, they get the access mode of Read-Write and also System Administrator security role is assigned to them.

That is the reason why we need to change the access mode to Administrative after sync.

If they do not have license assigned, there access mode is still “Read-Write” after sync but no security roles assigned. Also the unlicensed Global and Power Platform admin will have access to the administrative areas.

Also we could create a new custom security role having access to “Security Role” table instead of assigning System Administrator or copy of system admin role.

https://docs.microsoft.com/en-us/power-platform/admin/prevent-elevation-security-role-privilege#assign-the-new-security-role-to-an-administrative-user

Get all the details here –

https://docs.microsoft.com/en-us/power-platform/admin/global-service-administrators-can-administer-without-license

Hope it helps..

Advertisements

How to – Share read-only links to records with any user in your organization – Dynamics 365 / CRM (Dataverse)


To enable quick sharing of the read-only link of the records to any users within the organization, log in to Power Platform Admin Center

Select the Environment > Settings > Privacy + Security


Switch On the Enable Sharing option


This option currently works on the Contact, Account, Opportunity, and Case table.

It enables the option of sending the link to the record with

  • People in the organization with the link
  • Specific People

apart from

  • People with existing access.

Clicking on the Copy link opens the below model dialog box –

Clicking on People with existing access opens the below options –

  • People in your organization with the link
  • Specific people (disabled)

Here we have selected “People in your organization with the link

This enables any user (even if he has no CRM License or Dynamics 365/ Power Platform Role assigned) with the link to open the record as read-only.

This is how the record has opened for the user having no access to CRM but having the link to the record. (read-only)

Similarly, Email Link opens the Send Link dialog box, which allows us to select either a User(s) or Team(s) and define the content of the message as shown below

Clicking on Send opens the email in the default Mail Client associated

Here also we have the option to select either People in your organization with the link and Specific People


Get more details –

https://docs.microsoft.com/en-us/power-platform-release-plan/2022wave1/power-apps/easy-record-sharing

Hope it helps..

Advertisements

Fixed – You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help


Recently one of the users, while accessing a few of the System User’s views, was getting the below error.

You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help.

There were a few System users’ views that were working fine.

The user had the Security Role = System Administrator, however, the Access Mode was set to Administrative.

Changing the Access Mode to Read-Write fixed the issue.

Hope it helps..

Advertisements

How to – Use Refresh Option to force user state synchronization in Power Platform Admin Center – Dynamics 365 / CRM


At times we would assign or update the licenses and roles assigned to the users in Microsoft 365 Admin Center, and these changes would take time to reflect inside the Dynamics 365 applications.

A background system process takes care of synchronizing the user state in Azure AD to the System User table in Dataverse.

However, here we can also use the Refresh
User option in Power Platform Admin Center to force the synchronization instead of waiting.

Inside Power Platform Admin Center – Navigate to Environment >> [Env]>> Settings >> Users and select the user and click on Refresh user option.

This will immediately start the synchronization process.

Hope it helps..

Advertisements

Security Enhancements – 24 hours maximum user session timeout in Dynamics 365 / CRM


With recent security enhancements in Customer engagement apps, the maximum user session timeout of 24 hours is removed.

https://docs.microsoft.com/en-us/power-platform/admin/user-session-management#user-session-timeout-management

Now it uses the Azure AD Session Policy to manage user session timeout, which by default has Azure AD refresh token expiration set as 90 days.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#refresh-and-session-token-lifetime-policy-properties

Refresh toke lifetime and expirationhttps://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#refresh-token-lifetime

Use Configuring sign-in frequency in Conditional Access to define the periods before a user is required to sign-in again – https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

Earlier the default session timeout used to be 24 hours with 20 minutes for warning the user – https://nishantrana.me/2017/11/17/configure-session-timeout-and-inactivity-timeout-dynamics-365/

However, we can still override the default Azure AD Session policy, by setting the session timeout and/or inactivity timeout for the individual environment.

To set the same navigate to –

Environments > [Environment] > Settings > Privacy + Security in Power Platform Admin Center.

Specify appropriate values and save the changes.

Get all the details here –

https://docs.microsoft.com/en-us/power-platform/admin/user-session-management#configure-session-timeout

Hope it helps..

 

Advertisements
%d bloggers like this: