Most organizations today are using Azure AD and the absolute recommendation is to use 2FA in as many scenarios as possible… in some that is not possible… then there is an option to use an application password (this should be uses in special cases and you should never use it on an Admin Account). To create an App Password you do the following:
Log in to https://portal.office.com
In the upper right corner click your profile picture and select “My Account”
Go to “Security and Privacy” and click “Create and manage app passwords”
I am so sorry about the click bait title… I could not resist
Todays adventure consists of troubleshooting why Report Editor and Workflow Editor stopped working in our Dynamics 365 for Operations environment. First som history:
This all started in one of our environments where we noticed that Report Designer for Management Reporter (Financial Reports) was not working… after some troubleshooting we called MS Support and did two days of troubleshooting I got the suggestion to try this in another environment (I am a little annoyed that I did not do this before) and of course it worked. Well, that did not really provida a lead to the root cause. One day later I got a request to configure PowerBI in the environment where it worked and later that day once again tested in the “working” environment and low and behold… it did not work!!! What the_____? This got me thinking about what could have caused this… I installed PowerBI… could it be… Yes it could.
I remembered that I had read in the description of the PowerBI configuration that there was a caveat in the configuration of the Azure AD Application:
“App ID URI: This value is mandatory, but isn’t required for the workspace integration. Make sure that this App ID URI is a mock URI like https://contosoAX, since using the URL of your deployment can cause sign-in issues in other AAD applications such as the Excel Add-in.”
So I went back to Azure AD and I had unfortunately not done this…
I changed this in both environments and… Voilá… it worked.
Note: This has been changed in my original post on PowerBI
In AX 2012 and prior it was a little tricky to add external users. You basically could not, so you needed to add an Active Directory Account to your AD and import it as a AX user. You might not want to add external users in your AD.
This is much easier in AX7 (it should be Dynamics AX but it is much harder to search for on the internets)… much, much easier… you see AX 7 does not handle identity at all… it trusts Azure Active Directory for this. A requirement is that the external company uses Azure Active Directory.
Note (Added later): If you have set up the AX install in Azure using LCS the “default” Azure Active Directory is the one connected for your Azure tenant. These users are not treated as external users and do not need the modification below.
So, to add an external user to AX you go to System Administration – Users and click New to add a new user. The user we want to add in our example is Kalle Kula, Kalle has the email address firstname.lastname@example.org
The only thing missing is that we need to specify the Azure AD tenant in the domain field and set it to https://sts.windows.net/innoworks.com (which is not completely visible in the screenshot)