# Microsoft Dynamics 365 ERP Veza's integration with Microsoft Dynamics 365 ERP allows you to discover and visualize permissions data from your Dynamics 365 ERP environments, including Users, Groups, Application Users, and Security Roles. This integration shows connections between Azure AD Users, Groups, and Service Principals, and the roles they can assume within Dynamics 365 ERP. ### Prerequisites Before setting up the Dynamics 365 ERP integration: 1. Complete the [Microsoft Azure integration guide](/4yItIzMvkpAvMVFAamTf/integrations/integrations/azure.md). The integration will use the enterprise application created during setup. ### Finding the Dynamics 365 ERP Environment URL When configuring the Dynamics 365 ERP integration, you must provide the correct URL for your environment: For ERP environments, use the operations URL in the format: `https://xxx.operations.dynamics.com` > **Important**: URLs must include the `https://` protocol and must NOT include any trailing slashes at the end. For example, use `https://company.operations.dynamics.com` not `https://company.operations.dynamics.com/`. ### Grant Azure AD Enterprise Application access to Dynamics 365 ERP In order for Veza to extract Dynamics 365 ERP data, you need to grant your Azure AD Enterprise Application access to the Dynamics 365 ERP environments. To enable access to ERP: 1. In Azure, find the Enterprise App used for the [Veza-Azure integration](/4yItIzMvkpAvMVFAamTf/integrations/integrations/azure.md) and add the `Connector.FullAccess` permission under **Permissions > Dynamics ERP**![Dynamics ERP permissions](/files/g9jADJa1EFORt0YWX6Kz) 2. In Dynamics ERP, go to **Modules > System administration > Microsoft Entra ID applications** and add an entry that matches your Entra ID Enterprise App ID * You will need to assign the app to an existing user with a security role that grants permission to extract data using the `https:///data/` API endpoints![Dynamics ERP Entra ID applications](/files/4GPh0cDrJ2r8c1yZQhbQ) Enabling Enterprise App to access your Dynamics 365 ERP Environment does not use a paid license. ### Configure Dynamics 365 ERP in Veza 1. Log in to Veza and navigate to **Integrations** 2. Edit your existing Microsoft Azure integration (or add a new one) 3. In the **Dynamics 365 ERP Environments** field, enter a comma-separated list of environments to discover * Example: `https://company1.operations.dynamics.com,https://company2.operations.dynamics.com` * Addresses must include the `https://` protocol and omit any trailing `/` 4. Save the configuration. 5. Monitor the extraction progress in the Integrations dashboard 6. Verify successful extraction by checking that Dynamics 365 ERP entities appear in search results ### Integration Architecture The Dynamics 365 ERP integration operates as part of the Microsoft Azure integration rather than as a standalone connector. It leverages the same Enterprise Application credentials used for the Azure integration to access Dynamics 365 ERP environments. The integration discovers organizational structure and security role assignments within Dynamics 365 ERP environments and maps them to Azure AD identities. This allows you to visualize which Azure AD users, groups, and applications have access to Dynamics 365 ERP security roles. ### Supported Entities and Attributes Veza discovers the following entities in Dynamics 365 ERP: #### Environment The Dynamics 365 ERP environment serves as the top-level container for all ERP resources. * **Type**: `DynamicsERPEnvironment` * **Key Properties**: * `environment_url` - The URL used to access the environment * `azure_deployment_id` - Azure deployment ID associated with the environment * `aos_instance_name` - Name of the AOS (Application Object Server) instance * `tenant_id` - Azure AD tenant ID associated with the environment #### Users Users represent people who access the Dynamics 365 ERP system, mapped to Azure AD accounts, with permissions defined by their security roles. * **Type**: `DynamicsERPUser` * **Key Properties**: * `workflow_line_item_notification_format` - Format for workflow line item notifications * `document_handling_active` - Whether document handling is active for the user * `network_domain` - Network domain for the user * `company` - Company the user belongs to * `sqm_guid` - SQM GUID for the user * `alias` - User's alias * `email_provider_id` - ID of the email provider * `email` - User's email address * `default_country_region` - Default country/region for the user * `nickname` - User's nickname * `is_active` - Whether the user is active * `preferred_time_zone` - User's preferred time zone * `user_info_language` - User's preferred language * `auto_log_off` - Auto log-off time for the user * `account_type` - User's account type * `external_user` - Whether the user is an external user #### Groups Groups (Teams) are collections of users who share common access permissions. * **Type**: `DynamicsERPGroup` * **Key Properties**: * Standard group properties (name, description, etc.) #### Entra ID Applications Entra ID Applications represent Azure Entra ID applications that have programmatic access to Dynamics 365 ERP resources. * **Type**: `DynamicsERPEntraIDApplication` * **Key Properties**: * `user_id` - User ID associated with the application * `is_active` - Whether the application is active #### Security Roles Security Roles define permission sets that control what actions users can perform within Dynamics 365 ERP. * **Type**: `DynamicsERPSecurityRole` * **Key Properties**: * `context_string` - Context string for the security role * `description` - Description of the security role * `user_license_type` - License type required for the role * `access_to_sensitive_data` - Whether the role provides access to sensitive data ### Relationship Types The Dynamics 365 ERP integration discovers the following relationship types: | Relationship | Description | | --------------------- | ---------------------------------------------------------------------- | | Has environment | Connects Azure AD tenant to Dynamics 365 ERP Environment | | Has user | Connects Environment to User entities | | Has group | Connects Environment to Group entities | | Has service principal | Connects Environment to Entra ID Application entities | | In group | Connects Users to their Group memberships | | Has role assignment | Connects Users/Groups to their assigned Security Roles | | Assumes user | Maps Azure AD users to their corresponding Dynamics 365 ERP identities | | Has role | Connects Environment to Security Roles | ### Technical Limitations * The integration currently does not support custom entity types in Dynamics 365 ERP * Field-level security permissions are not currently extracted * Limited to API-accessible security metadata; does not include permissions managed through custom code --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/azure/dynamics-365-erp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.