Use AAD Groups to set up your PowerApps / Dynamics teams

By | August 23, 2019

 

Have you tried creating a team lately? If not, give it a try, and you may see a couple of team types that were not there before and that might actually get your AD admins excited:

clip_image002

Now imagine that there is a group in AAD which you want to use to set up a team in PowerApps. Previously, it would be a relatively complicated task that would require some kind of integration to be set up. Now you can do it out of the box. Setup the teams in PowerApps, assign security roles, and let AD/Office admins manage the membership outside of Dynamics.

Here is an AAD group:

clip_image006

Here is a team in PowerApps that’s using the ID of the AAD group above:

clip_image004

 

Here is something important that I did not realize first: any Azure AD group membership maintenance done on the team member in Azure AD will not be reflected until the next time the team member logs in or when the system refreshes the cache (after 8 hours of continuous log-in).

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/manage-teams

But, once I’ve logged out and logged in under each of the user accounts above, I can see them added to the team:

clip_image008

And, once it happens, the users will get their permissions derived from the team. Which means that the next time you need to create a Sales Person user account in Dynamics, you might probably just add that user to the corresponding AD group.

8 thoughts on “Use AAD Groups to set up your PowerApps / Dynamics teams

  1. Benedikt

    Hej Alex,
    nice article. I try to run a plugin when a user will be added to a Team of the type “AAD Security Group”. But unfortunately the messages i tried (AddMember, AddMembers, AddMembersBul and Associate) will not get triggered. Do you know which Message should be used?

    Reply
    1. Ben Hosking

      in the documentation

      Team members are maintained in each group team at run-time and the operation is done at the database level; therefore, the update to group team event is not available for plugin.

      Reply
      1. Pierluc SS

        I am facing the same challenge as Benedikt, is there an event available any other way through the PowerPlatform?

        Reply
  2. Django Lohn

    Great blog!
    You happen to know how and where to assign Security Roles to an AAD Security Group Connected Team??
    When selecting Owner Team the Manage Roles button shows, but for an AAD Security Group Connected Team it disappears…

    Reply
  3. Niels

    Alex,

    Have you experienced, that AAD Security Group Teams are created automatically in Dynamics 365? After I created my first team, suddenly three teams were created automatically corresponding with the names of AAD Security Groups. The weird thing though is, that Object ID doesn’t match ?

    Reply
  4. Thomas

    “Here is something important that I did not realize first: any Azure AD group membership maintenance done on the team member in Azure AD will not be reflected until the next time the team member logs in or when the system refreshes the cache (after 8 hours of continuous log-in).”

    Thank you 😀

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *