Some weeks back I discussed with a customer whether Microsoft Dynamics 365 for Finance and Operations could be protected by using Microsoft Azure Conditional Access instead of just configuring a specific IP range whitelist within the Microsoft Dynamics 365 environment. Utilizing Microsoft Conditional Access would provide a more modern workplace approach for accessing Microsoft Dynamics 365, which was the solution the customers was hoping to achieving with the new ERP provided from the Microsoft Azure Cloud.
As we knew that Microsoft Dynamics 365 fo Finance and Operations uses Microsoft Azure Active Directory (AAD) as a primary identity provider (sts.windows.net). We checked the Microsoft Azure Active Directory (AAD) for the Azure AD application that the solution was relying on for authentication within the Azure Active Directory. We found a application called “Microsoft Dynamics ERP” under Azure Sign-In activity, but this application is not listed under “Azure Enterprise Applications”, which also will make it impossible to define specific conditional access rules for this application specifically. The only possible solution would be to define a conditional access policy for “ALL cloud apps” that rely on Azure Active Directory for authentication. This will also extend conditional access support to Microsoft Dynamics 365 for Finance and Operations.
Protecting Dynamics 365 for Finance and Operations with Azure Conditional Accees
Use the following steps to define a policy for all your Dynamics 365 users.
- Go to Azure Conditional Acccess
- Click the button “+ New policy”
- Under “Assignments”,
- Select the users and groups that should be covered by this policy
- Under “Cloud apps” make sure to select “All cloud apps”, which will add conditional access to Dynamics 365.
- Select your conditions for access the application.
- Under “Access Control” defined your requirements for grating access.
Note: Please consult with your enterprise mobility architect before defining your policies!