Overview of Synapse Link for Dynamics 365 Finance and Operations

Azure Synapse Link enables seamless integration allows for continuous data export from Dynamics 365 to Azure Synapse Analytics and Azure Data Lake Storage Gen2, facilitating advanced analytics and insights.

Practical Applications (A Youtube video is always a good start to have the right understanding)

• Analytics and Reporting: By exporting data to Azure Synapse Analytics, organizations can leverage powerful analytics tools to gain insights and make data-driven decisions.

• Data Integration: Synapse Link facilitates the integration of Dynamics 365 data with other data sources, enabling comprehensive data analysis.

Here are some individual links providing additional information:

• Azure Synapse Link for Dataverse: This article explains how to use Azure Synapse Link to connect Microsoft Dataverse data to Azure Synapse Analytics. It covers prerequisites, how to connect Dataverse to a Synapse workspace, manage table data, and monitor the link. The guide also includes steps to unlink and relink the Synapse Link and view data in Azure Synapse Analytics.
  
  
• Export Data from D365 FO using Synapse Link: This blog post details the process of exporting data from Dynamics 365 Finance and Operations (D365 FO) using Azure Synapse Link. It highlights the benefits of continuous data export to Azure Synapse Analytics and Azure Data Lake Storage Gen2, and provides a step-by-step guide on setting up the export, managing data, and troubleshooting common issues. 
  
  
• Set Up Access Control for Azure Synapse Workspace: This article provides a comprehensive guide on setting up access control for an Azure Synapse workspace. It discusses various access control mechanisms, including Azure roles, Synapse roles, SQL permissions, and Git permissions. The guide also includes steps to secure a Synapse workspace by configuring security groups, preparing ADLS Gen2 storage accounts, and assigning roles.
  
  
• Azure Synapse Link with Managed Identities: This document explains how to use managed identities for Azure with Azure Synapse Link. It covers the prerequisites, steps to enable enterprise policy for Azure subscriptions, and how to grant reader access to the enterprise policy. The guide also provides instructions on creating and configuring managed identities to secure access to Azure Data Lake Storage accounts.
  
  
• Azure Synapse RBAC Roles: This article describes the built-in role-based access control (RBAC) roles in Azure Synapse Analytics. It details the permissions granted by each role, the scopes at which they can be used, and how to review and assign Synapse RBAC roles. The guide also includes a table summarizing the roles and their associated permissions.
  
  
• Grant Permissions to Managed Identity in Synapse Workspace: This guide teaches how to grant permissions to the managed identity in an Azure Synapse workspace. It explains the steps to assign the Storage Blob Data Contributor role to the managed identity for accessing ADLS Gen2 storage accounts. The article also covers the process of granting permissions during and after workspace creation.
  
  
• Synapse Link Lake Database Permissions: This blog post discusses the permissions required for using Synapse Link with lake databases in Azure Synapse Analytics. It highlights the security model for lake databases, including Azure role-based access control (RBAC) and Microsoft Entra ID (formerly Azure AD) permissions. The post also provides tips on managing permissions for lake databases and troubleshooting common issues.
  
  
• Common Azure Synapse Link for SQL Storage Permission Issues: This blog post addresses common permission issues encountered when using Azure Synapse Link for SQL storage. It provides solutions for resolving access problems to Azure Data Lake Storage Gen2 accounts, including steps to refresh access tokens and assign the correct permissions. The post also offers troubleshooting tips for both new and existing Synapse Link setups.

Integration Key Patterns and Best Practices from MSFT sessions

Microsoft Dynamics 365 FastTrack TechTalks are a must-attend series for those who look to deepen their knowledge on Dynamics. These TechTalks are designed to provide in-depth knowledge and practical guidance directly from Microsoft experts, helping you to maximize the potential of your Dynamics 365 solutions. One such series is related to Integration patterns and related best practices. 

1. Dynamics 365 Integration General Guidance | October 2, 2023:
   https://community.dynamics.com/blogs/post/?postid=13b3efef-ee69-ee11-9ae7-000d3a574bff 
   This video provides an overview of general integration strategies and best practices for Dynamics 365. It covers various integration scenarios, tools, and techniques to ensure seamless data flow and system interoperability. Key topics include the use of APIs, data connectors, and middleware solutions to integrate Dynamics 365 with other applications and services.
   
   
2. Integration Patterns for Dynamics 365 Finance and Operations Applications | October 30, 2023:
   https://community.dynamics.com/blogs/post/?postid=27adb1ef-d19d-ee11-be37-000d3a4e511f
   This session focuses on specific integration patterns for Dynamics 365 Finance and Operations applications. It discusses synchronous and asynchronous integration methods, the use of web application programming interfaces (APIs), and data integration scenarios. The video aims to help developers and solution architects understand the best practices for integrating finance and operations apps with other systems.
   
   
3. Integration Patterns for Dataverse | November 6, 2023:
   https://community.dynamics.com/blogs/post/?postid=388a6e70-738d-ee11-8179-00224827e5da
   This video explores various integration patterns for Microsoft Dataverse. It covers inbound and outbound integration methods, including the use of APIs, Power Automate, Logic Apps, and Azure Data Factory. The session also highlights best practices for handling large data volumes, real-time data integration, and ensuring data security and scalability.

There is also a fourth video "Session 4 - Complex integration scenarios - aimed to be delivered on December th 4th 2023. However, I couldn't find the link to that video. So, if you were able to find it, please do post it in here. Thanks. 

Extensible Data Security (XDS) in D365FO

 Let’s break down Extensible Data Security (XDS) in Dynamics 365 Finance and Operations (D365FO) in a way that’s easy to understand.

What is Extensible Data Security (XDS)?

XDS is a feature in D365FO that adds an extra layer of security to your data. It goes beyond the basic role-based security by allowing you to control access to specific records in your database based on certain conditions or policies.

How Does It Work?

1. Constrained Tables: These are the tables where you want to restrict access. For example, if you want to limit access to customer transactions, the table containing these transactions would be a constrained table.

2. Primary Tables: These tables are used to define the conditions for access. They have a direct relationship with the constrained tables. For instance, if you want to restrict access based on customer groups, the table containing customer group information would be a primary table.

3. Policy Query: This is a query that sets the conditions for access. It filters the data in the constrained tables based on the criteria defined in the primary tables. For example, you might create a policy that only allows access to transactions for customers in a specific group.

4. Context: This determines when the policy is applied. There are two main types:

   • Role Context: Applies the policy based on the user’s role. For example, only users with a specific role can access certain data.
   • Application Context: Applies the policy based on conditions set by the application itself.

Why is XDS Important?

• Enhanced Security: It provides more granular control over who can see what data, ensuring sensitive information is only accessible to authorized users.
• Flexibility: You can create complex security policies tailored to your business needs.
• Compliance: Helps in meeting regulatory requirements by ensuring data is accessed appropriately.

Example Scenario

Imagine you have a sales team, and you want each salesperson to only see their own customers’ orders. You can set up an XDS policy where:

• The constrained table is the table with sales orders.
• The primary table is the table with salesperson information.
• The policy query filters sales orders to only show those related to the logged-in salesperson.

This way, each salesperson only sees the orders relevant to them, enhancing data security and privacy.

I hope this gives you a clear understanding of Extensible Data Security in D365FO! Sure! Below are brief summaries of some related blogs available out there:

1. Extensible Data Security (XDS) Framework in D365FO by Alex Meyer
   This blog explains the basics of the XDS framework in D365FO, highlighting its evolution from record-level security in previous versions of Dynamics AX. It covers key concepts such as constrained tables, primary tables, policy queries, and contexts (role and application). The blog also provides a step-by-step example of setting up an XDS policy to restrict access to sales orders based on customer groups.
   
   
2. Extensible Data Security Examples - Secure by Warehouse on Dynamicspedia 
   This post focuses on using XDS to secure access to warehouses in D365FO. It discusses the challenges of creating policies for multiple warehouses and suggests using a custom table to link users with their allowed warehouses. The blog provides a detailed example of setting up such a policy, including technical details and considerations for implementation.
   
   
3. Record Level Security on Sami's Blog 
   This blog discusses various aspects of record-level security in D365FO. It provides examples and scenarios where record-level security can be applied to restrict access to specific records or tables in the database. The blog walks you through a simple example on how to implement XDS.
   
   
4. Record Level Security on Raziq D365FO's Blog 
   This blog covers the use of record-level security to set restrictions on specific records or tables in AX 2012 (Previous version of D365FO). It includes examples demonstrating how to use record-level security to control data visibility in reports and forms. The blog highlights the practical applications of record-level security in various business scenarios and provides possibility to compare the framework between versions.

Enhancing Security with Azure Conditional Access for Dynamics 365

In today’s digital landscape, securing access to critical business applications is paramount. Azure Conditional Access provides a robust solution to ensure that only authorized devices and users can access your Dynamics 365 environments. In this post, we’ll explore two insightful articles that delve into the application of Azure Conditional Access for Dynamics 365 CRM and Dynamics 365 for Finance and Operations.

The first article from Inogic, titled “Use of Conditional Access to Restrict Access to Dynamics 365 CRM by Operating System,” offers a detailed guide on setting up Azure Conditional Access policies to restrict CRM access based on the operating system. This ensures that only Windows-based devices can access the CRM, enhancing security by blocking non-Windows operating systems.

The second article, “Azure Conditional Access Support for Dynamics 365 for Finance and Operations,” by Peter Dahl, discusses how to extend conditional access support to Dynamics 365 for Finance and Operations. Although specific conditional access rules for Dynamics 365 are not available, defining a policy for “All cloud apps” can effectively secure access to this critical application.

By implementing these strategies, organizations can significantly bolster their security posture, ensuring that sensitive data remains protected and accessible only to authorized users.