Dynamics 365 SaaS projects
Information required for onboarding & kick-off

Whenever an organisation purchases any cloud service or subscription, Microsoft provision a tenant (and a default domain name) on your business' behalf. This tenant is unique to your business and acts as a central and isolated container for different subscriptions and licenses. Each tenant will have a unique Tenant ID.  

Entra ID (previously Azure Active Directory) is a Microsoft Cloud based identity management service. It’s essentially a directory where all your users, licenses and security policies are managed.  

All customers with any kind of Microsoft 365 service or subscription will have a Tenant and Entra ID directory. 

Once we know your tenant ID we know where to deploy Business Central and/or CRM to so that it works with your existing Microsoft systems. 

Every Microsoft tenant will have its own unique Tenant ID and be given a built-in, default Domain ID. The default domain name will be appended by ‘onmicrosoft.com’. it is also sometimes referred to as the primary domain. 

The easiest way to find this is to navigate to https://entra.microsoft.com/ and from there, under ‘Overview’, then Basic Information’ you should see both the tenant ID and domain name that are required. 

Historically when an organisation chose a Microsoft Partner to resell a product/subscription or to help implement a solution, that partner would be given Delegated Administrator Privileges (DAP). This meant that the partner had full admin access to an organisation’s entire Microsoft tenant. 

For partners and customers, this raised many concerns. In situations where an organisation has several partners (typically providing different subscriptions and services), each partner has complete control over all Microsoft cloud services, even if they don’t need it. This has the potential to create confusion and increased risk for the customer.  

To mitigate this, Microsoft has introduced Granular Delegated Admin Privileges (GDAP) to replace DAP. GDAP allows the customer to delegate only the roles and permissions that each partner needs to provide their specific services and subscriptions. It also works on the principle of least privilege, i.e., each partner is granted the minimum system roles needed to perform their responsibilities. 

No two customers are the same, each have their own needs and requirements. Different customers will require different levels of user identity and management support from Tecman – see below the two roles you need to select from: 

1. Dynamics 365 admin only role: Tecman provide the Dynamics 365 product delivery and support only.  

This means you will look after all aspects of Entra ID yourselves or have another partner handle this. 

You will either have your own internal IT team managing the Entra ID (and all other elements of user and identity management, license assignment, password resets, authentication/access troubleshooting) or you will have another Microsoft 365 partner doing this on your behalf.  

2. Dynamics 365 admin role, plus additional roles that allow Tecman to provide Entra ID Support (AAD User and Identity Management Service) 

Tecman provide normal product delivery and support for Dynamics 365, plus the services listed below: 

• User Account Creation and Management: Creating and managing user accounts, resetting passwords, assigning roles, permissions, and licenses. 
• Multi-Factor Authentication (MFA): Configuring and managing MFA to add an extra layer of security to user authentication for Business Central & CRM users. 
• Creating, managing, and troubleshooting App Registrations and Enterprise Applications required for 3rd party API integration using modern authentication (S2S, Oauth) 
• Troubleshooting sign in and connectivity issues with Business Central & CRM. 
• Management and support for Conditional Access Policies assigned to effecting Business Central* 
• Azure AD B2B and B2C: Managing external user access to Business Central & CRM using Azure AD B2B and B2C. 
• Support for Integration with Other Cloud Services: Configuring and managing integration with other cloud services such as Microsoft 365 (aka Office 365) and Power Platform. 
• Password Policies: Enforcing password policies to ensure that user passwords are strong and secure. 
• Management of Security groups for Business Central & CRM users and device licenses* 
• Basic Mailbox management and support for Business Central & CRM email integration* 
• Basic SharePoint management and support for Business Central & CRM storage integration* 
• Basic AAD Tenant management (Managing partner relationships, GDAP and security roles for other partners) 

(* only in conjunction with Business Central & CRM Apps, as Tecman cannot offer support for other Dynamics 365 or cloud services) 

There is an additional support cost for AAD User and Identity Management Service. You will need to purchase prepaid support hours (at a discounted rate on top of our standard consultancy services).  Depending on the size and complexity of your business you can select the number of hours to purchase: 

• Up to 4 hours - £580 
• Up to 10 hours - £1,400 
• Up 20 hours - £2,600 

Please note that this pre-paid service hours need be purchased and paid for in advance and must be consumed within 1 year. 

The automation API app is an application that Tecman host in our own tenant which allows us to carry out proactive administrative and housekeeping tasks (such as monitoring storage quotas’, automating telemetry and automating the provisioning of environments) on your behalf. In order to do this, we need you to grant us access to some of the Dynamics 365 Business Central APIs in your tenant. We will send your Global Administrator a link, where they will be prompted and taken through the consent process. 

It's essential to clarify that this app neither accesses any data nor grants additional access beyond the previously specified GDAP roles. Its sole function is to enable a degree of automation that assists in service delivery.