# A Guide To Azure Management Groups For User Security in Dynamics 365 Finance & Operations

**Business Scenario:** CliffsNotes is a fictional company getting ready for its Business As Usual (BAU) processes as the production go-live for D365 Finance and Operations is scheduled for next week. However, looking at the number of entries of joiners and movers in the organization as well as the proper segregation of duties of each department an organization is looking at more control and a RBAC-driven solution in D365 Finance and Operations to manage the security roles.

**Solution:** A feature called Active directory security group can be leveraged as it allows AZURE AD groups driven access to a respective department.

Security should be top of mind for every D365 Finance and Operations Administrator.
One of the best parts of this feature is a one-time setup and the remaining steps can be executed by the Administrator in a well-controlled manner through the Azure portal.

To my mind, this is an underdiscussed or perhaps underutilized feature. Consultants are often familiar with normal processes, such as adding users to D365 FOs and directly assigning security roles.

In this blog post, I am going to describe step by step approach to enabling the Azure AD group functionality.

Before we deep dive into Azure AD groups feature in Dynamics 365 Finance and Operations, first understand

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661272815204/tBAx7rper.png align="center")

**What is the Azure AD group?**
An Azure AD group helps Administrators organize users making it easier to manage permissions. These groups let the resource owner, add a set of users to groups or assign a set of access permissions to all the members of the group.

**Azure AD groups support two unique types**  
A. Security: The purpose of this type of group is to manage member resources for a group of users. E.g., You can create a security group for a specific security policy.

B. Microsoft 365: This type of group allows collaboration options by giving members access to apps such as Outlook, files, etc.
Also, you add people outside of your organization access to the groups.

**Prerequisite:** A configuration key "Active Directory security group" is required to be enabled

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661272893473/McgA2n9VF.png align="center")
Here is a step-by-step explanation  
•	Add a new user with the Azure portal
![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273843664/cTt2qKHrt.png align="center")
•	Create new Azure Active directory group with the Azure portal  
![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273881471/IkJfxCAj6.png align="center")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273912092/tTsIJeujh.png align="center")
•	Select newly created Azure Active Directory groups

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273928966/GmOfOBLDd.png align="center")
•	Navigate to left pane and select Member option and then click on Add member  

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273951108/WSBOwpl-N.png align="center")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273974404/RfEoxgup2.png align="center")
•	Navigate to System administration > Users > Groups  

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661273987506/KP3Z98qBU.png align="center")
•	Click on Import groups option   
•	Select Azure Active Directory security, groups  
•	Click on “Import Groups” button

**Note:** Please enter unique ID for Azure directory group   

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661274009470/IfXztVJH-.png align="center")
•	Click on Assign roles  
•	Select the appropriate roles to assign to Azure groups that were imported earlier  
•	Click on OK  

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661274045592/ciclMqMVX.png align="center")
Note: Please ensure that the user has already been imported into the D365 Finance & Operations environment without any security roles assigned  

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1661274060560/5pgQYyHSf.png align="center")
And that's it, Isn't cool 😎

# Conclusion
By following the above step-by-step guide, you will be able to manage user role assignment in a controlled manner and provide end-to-end role traceability for Administrator personas.

# Thank you for Reading - Let's Connect!
Enjoy my blog? For more such awesome blog articles - follow, subscribe and let's connect on  [LinkedIn](https://www.linkedin.com/in/rakeshdarge/) ,  [Twitter](https://twitter.com/DargeRakesh?s=08) ,[YouTube](https://www.youtube.com/user/rakeshdarge/videos) 

Stay tuned!


