JohanPersson.nu

My Digital Brain

Being a BizApps MVP

About two years ago, I got that amazing email in my mailbox that started with “We’re pleased to present you with the Microsoft Most Valuable Professional (MVP) award,” which at the time (and still) was a bit surreal.

I have now had the title for two years, and I am writing this because I have just been traveling to my second MVP Global (in-person) Summit. This was an excellent time to reflect on what it means to be a BizApps MVP.

Microsoft MVP is a title you can get awarded for contributing to the community and helping others understand Microsoft products. You are awarded in one (or rare cases two, or even fewer cases three!!) award categories. My area is Business Applications since my main focus is on Dynamics 365 for Finance and Supply Chain; others are Azure, Development, Windows, and others. With the award comes access to multiple channels for Microsoft, such as email distribution lists and Teams channels, where we can ask questions to the different teams at Microsoft and our fellow MVPs.

Why I want to be an MVP

There are, of course, multiple reasons why I love being an MVP. Some of them are related to my work, and some of them are being part of a great community.

The Community

I have always been a huge fan of the “Community” and believe that together, we can be better and help each other. Being an MVP is a community title. Having a voice in the community is a great honor, and channeling the community feedback I get into the product groups and the product managers at Microsoft makes it all worth it. I truly believe that a good feedback loop between Microsoft and its customers benefits all. Being able to guide Microsoft to build a better product, making it more flexible where it makes sense, and helping them understand the customer challenges are important for customers and the product teams.

Meeting with the community at conferences and talking to end users and IT makes it possible to understand how the products are used. It also means that I get an opportunity to spread the best practices set in place by Microsoft.

In short, being an MVP means getting a voice and listening. You will listen to the users and consultants working in your area and be able to speak to (and be listened to by) Microsoft. It also works the other way; even though part of what we learn from Microsoft is under strict NDA, we can use it to understand and explain the direction Microsoft is taking the product we work with. Being a conduit between Microsoft and its customers is an important part of our work.

At work

As I mentioned above, the MVP title is not actually awarded for something you do in your line of work; in fact, paid work is not part of what is awarded. That does not mean that there is no connection to my work. When I talk to customers about challenges they are experiencing in projects with the product or when they need guidance on best practices, having the backing of the product groups at Microsoft and all the other fantastic MVPs is a great support.

This, however, is a two-way street. When my customers have challenges with implementing “their” Business Processes in Dynamics, being able to put the process in perspective together with Microsoft and give MS feedback around why this is not an optimal solution or helping them understand potential bugs also ensures that the product gets better for all Dynamics Customers.

Access to Product Groups

This brings us to the PGIs, or Product Group Interactions, another important part of the role. Microsoft Product Groups arrange regular meetings about the roadmap of new features; discussing design decisions, licensing, and what is coming down the line is valuable for understanding what is coming and for relaying issues, licensing mismatches, and general feedback, which is invaluable.

What is the Global MVP Summit?

As mentioned above, I just got home from the MVP Global Summit. One of my greatest experiences as an MVP was traveling to the Microsoft Campus in Seattle to experience three days of community, insight, and knowledge.

As if that was not enough, I also got to meet a lot of MVPs. Talking to everyone, not only with the ones in my group, and understanding how they leverage their knowledge and tools to help customers all day is an inspiration. It means I will have more perspectives on our everyday challenges.

Key takeaways

Apart from the community and being able to meet Product Teams and the other MVPs, I guess it comes as no surprise that this year’s MVP Summit had many sessions about Copilot, and with that many discussions on Data Governance, Ethical AI, and the best part according to me, the benefits of Copilot.

As for the sessions around Dynamics and Dataverse, there were many discussions on what is coming around Application Lifecycle Management and Security on Power Platform, which I look forward to digging into. On the Dynamics Finance and Supply Chain side, the highlights for me were a chance to look into the roadmap around the new environment strategy and the next chapter in the “One Dynamics, One Platform” story and, of course, Copilot.

In summary

Meeting many new people, reconnecting with friends, and experiencing the “MVP Summit Bubble” once again is a great honor. If it were possible to slow down time and forever stay in this, I would definitely do it. But all of this will remain in my heart and mind forever… I hope to be back once again for this experience.

2024-03-26
Unable to import users in Cloud Hosted Environment
At one of my customers I just set up a couple of new Cloud Hosted Environments (version 10.0.37 which turns out to be important) and when I tried to import the users from EntraID/AzureAD I got the following error
```
Cannot Find Thumbprint by Certificatename
```
After some troubleshooting och looking through Yammer I saw others that had the same issue. Apparently the issue had started happen after 15:th November (which also turned out to be important).

It turns out that Microsoft had discovered a potential security issue in the template used for creating the Cloud Hosted Environments. There used to be a connection in every Cloud Hosted Environment that allowed it to make lookups toi Azure AD/EntraID to be able to import users. For security reasons, this connection is no longer there by default. You will still be able to manually add users, but if you want to import users you will need to create the connection in the Virtual Machine.

1. Create a new App Registration in EntraID

2. In the Cloud Hosted VM run the following PowerShell Snippet (in an elevated Powershell prompt, aka Run as Administrator) to create a new Certificate.
```
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "CHECert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -KeySpec Signature -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotBefore (Get-Date -Year 2020 -Month 5 -Day 1) -NotAfter (Get-Date -Year 2033 -Month 12 -Day 31)
```
3. Start “Manage Computer Certificates” and find your newly created Cert. It should be in Local Computer – Personal – Certificates and it should be called “CHECert”. Export the certificate with default settings (Right-Click – All Tasks – Export) and save it in a folder you remember.

4. Go back to the App Registration you created in Step one, Go to Certificates and Secrets. Under Certificated, click upload certificate and choose you exported certificate

5. You need to add an Redirect URI to the AppRegistration. Go to Authentication, click Add a platform – Web and past the URL for the Cloud Hosted Dynamics environment

6. Add the following permissions to API Permissions and then click Grand admin concent…

7. In the Cloud Hosted VM, go back to “Manage Computer Certificates” and Right-Click (the Certificate) – All Tasks – Manage Private Keys. Give NETWORK SERVICE permissions to use the Certificate

8. In the Cloud Hosted VM, start Notepad as Admin and edit K:\AOS service\Webroot\web.config file. Edit the following keys:
```
<add key="Aad.Realm" value="spn:[TheAppIDfromStep1]" />
<add key="Infrastructure.S2SCertThumbprint" value="[YTheThumbPrintfromStep2]" />
<add key="GraphApi.GraphAPIServicePrincipalCert" value="[YTheThumbPrintfromStep2]" />

9. In the Cloud Hosted VM, start an elevated Command Prompt and run and iisreset

Validate by trying to import users
```
Links
Secure one-box development environments
2023-12-12
Cannot access form Sales charge codes

I had an issue today at a customer… We were not able to open the Charge code form in one of our environments.

When we tried to open the form we also got a couple more error messages. tThe first saying that we could not read Retail Headquarter Parameters which lead us to try that form and we got an error which looks like: Parameter record does not exist.

Turns out that this was a bug introduced in 10.0.37 and which will be fixed in 10.0.38 related to the feature called Enable proper tax calculation for returns with partial quantity. When this feature is enabled the system is not able to create a line in the parameter table for Retail Headquarters due to a default value is not allowed.

The workaround is to disable the feature temporarily, initiate the creation of Retail parameters in the affected companies and then re-enable the feature.

Good luck

Links
Details for issue 849710 (dynamics.com)

2023-11-30
Issues with DBsync step during deploy
Today, when I was deploying customization package to a newly deployed config environment, I had an issue with a step not working correctly. The environment had not yet been used for anything so I hadn´t even copied a database to it. When I deployed the customization package to it I got the following error in the runbook log and the deploy failed:
```
Table Sync Failed for Table: SQLDICTIONARY. Exception: System.NotSupportedException: TableID not yet generated for table: AmcBankReconciliations
```
The sync step in the runbook is failing because there is no TableID for the table AmcBankReconciliations. And I thought that was exactly what the sync process was supposed to do (??).

Having no clue about why this happened I first turned to Google (as one does) and when I could not find anything there I asked my awesome colleagues and one of the said:

“I have seen newly deployed environments behaving strangely and my solution usually is to start Visual Studio and perform a DB Sync”

This was a bit strange since it was the Sync Step that failed but I thought I would give it a try. Since this was a config environment that is not going to use Visual Studio, I instead opted for using the amazing [d365fo.tools](GitHub – d365collaborative/d365fo.tools: Tools used for Dynamics 365 Finance and Operations) to do the sync
```
Invoke-D365DBSync -Verbose
```
When the sync had finished I tried resuming the deploy and to my surprise it finished perfectly… Nice 🙂
2023-11-16
Interview – André Arnaud de Calavon
This time we interview Community Legend André Arnaud de Calavon. André has been Microsoft Business Applicartions MVP for the latest 10 years and has also supplied more than 33000 answers on the Microsoft Dynamics Community over the years.

We discussed why the community is important for Dynamics 365 and how you can engage and give back to the community.
2023-10-27
Authentication Method deprecation D365FO WMS
NOTE: “Deprecated. As of July 15, 2024, Microsoft will discontinue support for using service-based authentication methods (certificate and shared secret) to connect the Warehouse Management mobile app to Supply Chain Management.”
https://learn.microsoft.com/en-gb/dynamics365/supply-chain/get-started/removed-deprecated-features-scm-updates#service-based-authentication-methods-for-the-warehouse-management-mobile-app

I got an email from a customer the other day explaining the he got an error message from his WMS mobile app saying:

This device uses an authentication method that will soon be discontinued. Your organization should prepare to move to device code flow authentication before then.
Here is a short step by step guide on what needs to be done to switch
1. In the Azure Portal, find the App registration that you are using for authentication and make sure Enable the following mobile and desktop flows is set to Yes
1. In Application Registration go to API Permissions and verify these settings:
1. Still in the Azure Portal, go to Microsoft Entra ID – Enterprise Applications. Find the same Client ID as above and open it. Make sure that the Assignment Required and Visible to users is set as below
1. Click Users and Groups, add all users (or groups of users) that will have permission to register new new WMS Devices
I noticed you also need to delete the existing connection from the WMS app and create a new one. The simplest way is to create a new connection file and import it or generate a new QR code. Use this file as a template:
```
{
    "ConnectionList": [
        {
            "ActiveDirectoryClientAppId":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
            "ConnectionName": "Tier2 Warehouse",
            "ActiveDirectoryResource": "https://xxxx.sandbox.operations.dynamics.com/",
            "ActiveDirectoryTenant": "https://login.windows.net/tenantdomain.com",
            "Company": "USMF",
            "IsEditable": false,
            "IsDefaultConnection": true,
            "ConnectionType": "devicecode"
        }
    ]
}
```
Links:

User-based authentication – Supply Chain Management | Dynamics 365 | Microsoft Learn

QR Generator
2023-10-25
10.0.37

Hi…

Time for a new episode. This time we discuss the news in 10.0.37:

– Payment Reporting (PAIN)
– Approved By on Invoice Register (non mandatory)
– Electronic Reporting
– Feature Recommendations
– Calculate Line ammount
– File Bugs!!!
– Onhand in Commerce

Links

https://www.linkedin.com/pulse/how-does-new-feature-recommendation-notifications-work-hylke-britstra%3FtrackingId=k1Tbn8DuRkuHNdlEp5iZVw%253D%253D/

https://learn.microsoft.com/en-us/dynamics365/commerce/get-started/whats-new-commerce-10-0-37

https://learn.microsoft.com/en-us/dynamics365/supply-chain/get-started/whats-new-scm-10-0-37

https://learn.microsoft.com/en-us/dynamics365/finance/get-started/whats-new-changed-10-0-37

https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/get-started/whats-new-platform-updates-10-0-37

2023-10-06
Interview – Elif Item

In this episode we speak to Elif Item, CEO and founder of Item by Item, and Microsoft Business Applications MVP. We talk about the importance of training in a project, what the different ways we can manage training and the importance of continous learning.

We also ask the eternal question: “Why is the training budget the first we cut and why is Canada better?”.

You can find more information about Elif here:
https://www.linkedin.com/in/elifitem/

https://www.itembyitem.co/

2023-09-14
10.0.36
Back again after Vacation with the following topics:
- Issues in the first version of 10.0.36
- Inventory Visibility
- Loyalty Cards
- Bundles
- Archiving
- One Dynamics One Platform
- Reciept Number Sequences
- DMF Job history cleanup
- Warehouse WiFi Strength in App Insights
- Automatic Import of Bank Statement
- DMF Staging Cleanup
- Financial Tags on Sales Orders
- Dataverse interoperability
2023-08-25
Troubleshooting issues with access to Azure Storage Accounts

Hi All…

I have been in IT for more then 25 years and I still manage to feel extremely stupid way too often… This is definetely one of those moments.

Disclamer: I am not an Azure expert… so thi might be obvious, just not to me 😀

Background

A customer that I am working with is starting to build their integration story for communicating with Dynamics 365 fo Finance and Supply Chain. One of the patterns is to send files through SFTP then would like to do that natively to an Azure Storage account. In order to enable SFTP in Azure you need hierarchical namespaces which in turn requires Azure Data Lake Storage Gen2.

So far so good… I set up a ADLS Gen2 storage account in the customers Azure and to follow best practices I enabled the firewall on the Storage and added my own IP adress. I was able to access it from my computer using Azure Storage Explorer and everything worked great. So I told our developer and he told me “It does NOT work!”… What?? Apparently he used tha Storage account name and the access key, so I tried that from my laptop… it worked.

I logged in to the D365FO dev machine and tried to access it from there using name and access key and it did not work. Of course I figured it had to do with the firewall, so I added the Public IP of the Dev VM. It still did NOT work!!

I tried to access the Storage account using my Azure AD account, and it worked (I still do not understand why).

After a LOT of troubleshooting (and a vacation to forget everything) I came back and came back and I started looking into this. With some awesome troubleshooting help from Jonas, I finally stumble on this little nugget:

If the storage account and the VM are in the same region, traffic goes over the Azure backbone network. I tried it with a VM in a different region then whitelist the static public IP of Azure VM to the firewall of the storage account, it worked!

Which eventually led me to this:

So the issue is that if you access an Azure Resource from another Azure Resource, in the same region, the traffic is not routed through the Public IP, it is routed throuh the Azure Backbone. You are however not able to add IP rules for the internal IP address of an Azure VM so you need to add the Azure Virtual Network that hosts the VM.

Although it took way too long to figure out, I learned a lot 🙂

Bye for today

Links
https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support
https://learn.microsoft.com/azure/storage/common/storage-network-security?tabs=azure-portal#grant-access-from-an-internet-ip-range

2023-08-03