How to – Create Administrative User Account for managing user / security roles, in Dynamics 365 / CRM

We recently wanted to create user accounts in CRM for managing users and their roles inside CRM, without accessing any of the data or functionality.

Below are the steps we can follow to achieve the same –

Login to Microsoft 365 Admin Center

Add a user

Temporarily assign the license to the user

In optional settings, specify either Global Admin or Dynamics 365 Administrator / Power Platform admin role.

And create the user.


Login to Power Platform Admin Center

and navigate to [Environment] >> Settings >> Users

If the users is not yet synced try-

Select the User and click on Client Access License (CAL) Information

Change it to Administrative and save the change.

Now back in Microsoft 365 Admin Center we can remove the license and the roles from the user’s account.

Back inside CRM the user will only have access to the Dynamics 365 – Custom app.

Inside app he gets the message No Read Privilege for data.

User will have access to following area within Settings

Inside Settings >> Security

The administrative user can see the users –

Basically when a Global or Power Platform admins having license are synced to the environment, they get the access mode of Read-Write and also System Administrator security role is assigned to them.

That is the reason why we need to change the access mode to Administrative after sync.

If they do not have license assigned, there access mode is still “Read-Write” after sync but no security roles assigned. Also the unlicensed Global and Power Platform admin will have access to the administrative areas.

Also we could create a new custom security role having access to “Security Role” table instead of assigning System Administrator or copy of system admin role.

Get all the details here –

Hope it helps..


How to – Use Refresh Option to force user state synchronization in Power Platform Admin Center – Dynamics 365 / CRM

At times we would assign or update the licenses and roles assigned to the users in Microsoft 365 Admin Center, and these changes would take time to reflect inside the Dynamics 365 applications.

A background system process takes care of synchronizing the user state in Azure AD to the System User table in Dataverse.

However, here we can also use the Refresh
User option in Power Platform Admin Center to force the synchronization instead of waiting.

Inside Power Platform Admin Center – Navigate to Environment >> [Env]>> Settings >> Users and select the user and click on Refresh user option.

This will immediately start the synchronization process.

Hope it helps..


Security Enhancements – 24 hours maximum user session timeout in Dynamics 365 / CRM

With recent security enhancements in Customer engagement apps, the maximum user session timeout of 24 hours is removed.

Now it uses the Azure AD Session Policy to manage user session timeout, which by default has Azure AD refresh token expiration set as 90 days.

Refresh toke lifetime and expiration

Use Configuring sign-in frequency in Conditional Access to define the periods before a user is required to sign-in again –

Earlier the default session timeout used to be 24 hours with 20 minutes for warning the user –

However, we can still override the default Azure AD Session policy, by setting the session timeout and/or inactivity timeout for the individual environment.

To set the same navigate to –

Environments > [Environment] > Settings > Privacy + Security in Power Platform Admin Center.

Specify appropriate values and save the changes.

Get all the details here –

Hope it helps..



How to – Provision Unified Routing in Dynamics 365 Customer Service Hub

Unified Routing can be configured in Customer Service Hub or Omnichannel Admin Center.

To configure it for Dynamics 365 Customer Service, navigate to

Service Management >> Service Configuration Settings >> Unified routing

(requires Tenant administrator’s consent – click on Provide Consent link)

Accept the permissions requested and provide the consent.

In case unified routing remains disabled  –

Unified Routing once switched on, cannot be disabled from the application, and we need to contact Microsoft Support to turn it off.

The provisioning starts

After a couple of hours, we can see Unified Routing configured for the Customer Service app.

We can see the following solution – Anchor solution for UnifiedRoutingForCS in Dynamics 365 solutions installed in the environment.

Hope it helps..



Sample Code to Test and Enable Mailbox programmatically C# (Dynamics 365/CRM)

Suppose we want to Test & Enable Mailbox of the below user programmatically.

We can see the below notification for the disabled mailbox.

This mailbox is disabled for email processing. For more information, see the alerts.

Below is the sample code –

On running the code, we can see the notification removed and the mailbox for the user enabled successfully.

C# Code –

      CrmServiceClient svc = new CrmServiceClient(ConnectionString);

            if (svc.IsReady)
                var mailBox = new Entity("mailbox", new Guid("C88A539A-F493-EC11-B400-000D3A4F37D3"));

                // testemailconfigurationscheduled = Indicates if the email configuration test has been scheduled for a mailbox record
                mailBox.Attributes["testemailconfigurationscheduled"] = true;


Hope it helps..


Mind Map – Power Platform 2022 Release Wave 1 Overview

Check out the Mind Map for the 2022 Release Wave 1 Power Platform by Khoa Nguyen

%d bloggers like this: