This document will show you how to:
- Configure Dynamics 365 to make all processes work properly.
- Enable the integration between Dynamic D365 and Teams where you will create Groups, Teams, Channels and One Note.
- Enable associated SharePoint sites created in Teams integration to be linked to the Hub Site defined in TekStack settings.
Table of Contents
Set Up Sending Invoices by Email
Set Up Teams Integration
Configure a Hubsite for Account-related SharePoint sites
Set Up the Dynamics 365 Configuration Record
Enable SharePoint Integration on the Dynamics 365 Environment
Note: To do these tasks, you need to be an administrative user for Microsoft Teams, Azure and Dynamics 365.
Set Up Sending Invoices by Email
A. Create email Template to send invoices
- Go to your Dynamics 365 environment, open the Tekstack app and on the Configure area, choose Email Templates.
- Choose New to create a new template.
- Enter the information to create the e-mail template:
Template Name: Name for the template. For example, “Send Invoice By E-mail”.
Permission level: Organization
Category: User
Language: Choose the language for the template.
- Click Create.
- Fill in the remaining information for the template.
Subject: The subject for the email. For example: {!Invoice:Account;}Invoice - {!Invoice:Invoice Date;}
Note: The term {!Invoice:Account;} retrieves information from the invoice.
Body: Body for the email
- Click Save.
B. Configure Flow URL to Send Invoice by Email
- Go to https://make.powerapps.com/.
- Choose the environment for the Dynamics 365. For example, this is the name you give to your production environment and shows on the upper right side of the Command bar.
- Then select Solutions.
- Open the solution “06.3 TekStack Revenue Common Logic”.
- Filter by “Cloud Flow” and open the flow “Tekstack - Invoice – Send Invoice By Email”.
- Make sure that the flow is turned on and click Edit. The flow opens showing the steps.
- Go back to the solutions listed in Step 3.
- Open the solution “06.1 TekStack Revenue Variable and References”.
- Filter by “Environment Variable” and choose “FlowURLSendInvoices”.
- Paste the url value copied in Step 7 into the Current Value field of the environment variable ( FlowURLSendInvoices).
- Click Save.
Now the process to send Invoices by email is ready to work.
In this section, you will configure Dynamics 365 (D365) to connect to Microsoft Teams and SharePoint to automatically create Microsoft 365 (M365) Groups, Teams and Channels for TekStack entities.
This is accomplished by creating an application that will control which Microsoft APIs that D365 is permitted to access.
A user can also be created in Azure Active Directory that D365 can use to connect to Teams and SharePoint. The user would need to be added to the security groups so it can read and create files and channels in those groups.
We recommend using the app registration to establish the connection instead of a named user, because with a named user you may need to manage password expiration and ensure that the named user remains exempt from multi-factor authentication (MFA).
Section A outlines the steps for creating a named user to establish the connection if you choose to do so. Section B explains how to set up the app registration.
- In Azure Active Directory, create a new user for the D365/Teams/SharePoint integration.
- Call the user “D365 Teams Integration” or something similar.
- Set the user’s password to never expire (see https://docs.microsoft.com/en-us/office365/admin/add-users/set-password-to-never-expire?view=o365-worldwide).
- In a new browser, navigate to office.com and login as the new user.
- When prompted, update the user’s password. Keep the password for use in a later step.
- Under Licenses, add a license for Microsoft Teams with all services. It can be a Microsoft 365 (or Office 365) basic license as long as it allows access to SharePoint, Teams and One Note. You may already have a license that you can use.
Optional: If your organization uses multi-factor authentication (MFA), you will need to add D365 IPs to your trusted locations, so the account does not require MFA on sign in.
- Open Azure Active Directory. In the left navigation, select Conditional Access.
- In the left navigation, select Named Locations and then click New location.
- Add the IP ranges for your D365 geography available from Microsoft here: https://support.microsoft.com/en-ca/help/2728473/microsoft-dynamics-crm-online-ip-address-ranges
- In Azure Active Directory, select App registrations.
- Select New Registration.
- Choose a name for the new app, for example “D365 Teams SharePoint Integration”.
- Select Accounts in this organizational directory only (<organization name> only – Single tenant).
- Click Register.
- On the overview of the new app, keep the Application (client) ID and Directory (tenant) ID for use in a future step. (See Step 5 in Set Up the Dynamics 365 Configuration Record.)
- In the left menu, select Certificates & secrets and then click + New client secret.
- Add a description and choose the relevant time frame. The maximum for the expiry is 24 months and Custom allows a specific date as far out as 24 months.
- Click Add.
- Keep the value of the client secret for use in a future task. Note! This is your only opportunity to see this data. (See Step 5 in Set Up the Dynamics 365 Configuration Record.)
- In the left menu, select API Permissions and then click + Add a permission.
- Select Microsoft Graph, click Delegated permissions, and then select:
- Files: “Files.ReadWrite.All”
- Group: “Group.ReadWrite.All”
- Notes: “Notes.ReadWrite.All”
- User: “User.Read”
- User: “User.ReadBasic.All”
- Click Add permissions.
- Click Add a permission again.
- Choose SharePoint, click Delegated permissions, and then select:
- AllSites: “AllSites.Read”
- AllSites: “AllSites.Write”
- Click Add permissions.
- Click Add a permission again.
- Choose Dynamics CRM, click Delegated permissions, and then select:
- “user_impersonation”
A list of your configured permissions is displayed. (The next image shows only one.)
- Click Grant admin consent for <organization name>. The name will default to your environment name.
The confirmation message appears.
- Click Yes. Your permissions are approved.
NOTE - If you have chosen to use the app registration to establish the connection and not a named user, the following steps are NOT REQUIRED.
- In the left navigation, choose Overview, click App Registrations and then click the name of your app. Click the name again of your app under “Managed application in local directory”.
- In the left navigation, select Users and groups, then click Add user.
The Add Assignment opens.
- Click None Selected.
- Pick the user you created previously, give it default access and click Assign. Ensure the newly created user has the Groups Administrator role in Azure.
Your new user, D365 Teams Integration (or whatever you named it) is now set up.
Configure a Hubsite for Account-related SharePoint sites
A. Application Permissions Setup
- In Azure Active Directory, select App registrations.
- Select the app created in Step 5, Part B, Application Setup, in Set Up Teams Integration.
- In the left menu, select API Permissions and click + Add a permission.
- Choose SharePoint, click Application permissions, and then select Sites.FullControl.All.
- Click Add permissions.
- Click Grant admin consent for <organization name>. The name will default to your environment name. The confirmation message appears.
- Click Yes.
Your permissions are approved.
B. Configure the App Certificate
A certificate is required to connect to the app. The public key (certificate) is uploaded to app registration in Azure. The private key is added the TekStack configuration.
Now let’s configure the certificate for the app.
- From the Windows search, open the Windows PowerShell console and choose Run as Administrator.
Execute the following script to generate a self-signed certificate.
Note: You must create a folder and store it in a relevant location so that it can be accessed for this process and where you will store the certificate. Use the file called “Create-SelfSignedCertificate.ps1” to create the certificate (public key).
Save the file in the same folder where you want to generate the certificate (public key).
At the end of this process, you will have the original file “Create-SelfSignedCertificate.ps1“ and two other files: the certificate (public key) file and the private key file.
- Run the command: cd “<file path location for Create-SelfSignedCertificate.ps1>”. Example:
cd “C:\Users\KateDauphinee\D365” |
- Run the command: .\Create-SelfSignedCertificate.ps1 -CommonName "<Company name>" -StartDate <start date> -EndDate <End Date>.
Note: The CommonName becomes the name of your public key file (.cer) and the private key file (.pfx). Use a logical name such as the name of your company. You can use as StartDate today’s date and for EndDate a date two years in the future. This is the time frame for your certificate. Example:
.\Create-SelfSignedCertificate.ps1 -CommonName "TekStack" -StartDate 2022-12-13 -EndDate 2024-12-12 |
You might see the following warning. Click R to run the script one time.
Note: When you try to run the command, the following error might appear, “File <file path> cannot be loaded because running scripts is disabled on this system (...)”.
Here, you must run the following command to enable running scripts in your system: “Set-ExecutionPolicy Unrestricted”. Example:
Set-ExecutionPolicy Unrestricted |
- Enter Y to accept the change of the execution policy.
This is a personal setting on your computer, and you can set it back to Restricted after running the scripts. Example:
Set-ExecutionPolicy Restricted |
- Enter Y to accept the change of the execution policy.
Back at the creating the self-signed certificate, you were asked to "Click R to run the script one time".
- After you click R to run the scripts once, and then click Enter, you will be asked for a password. Enter a password and save it because you’ll need it for the Dynamics 365 configuration. This is the Certificate Password. (See Step 6 of Set Up the Dynamics 365 Configuration Record.)
You will see the certificate files in the folder.
- Back in App Registrations in the Azure Portal, click the application you registered.
- In the left navigation. go to Certificates & secrets.
- Choose Certificates, and then Upload certificate.
- Choose the certificate (public key) created in Step 3 above.
- Click Add.
The certificate is configured.
- Return to Windows PowerShell.
- Run this command: “$pfx_cert = get-content '<path to the .pfx file (private key) created previously>' -Encoding Byte”. Example:
$pfx_cert = get-content 'C:\Users\KateDauphinee\D365\TekStack.pfx' -Encoding Byte |
This command is to get the content from the certificate.
- Next, run this command: “$base64 = [System.Convert]::ToBase64String($pfx_cert)”. Example:
$base64 = [System.Convert]::ToBase64String($pfx_cert) |
This command is to convert the content to Base64. (It converts the file into a string which will go into a field into Dynamics where it can be used.)
- And then run this command “$base64”. Example:
$base64 |
Copy and save the value (SharePoint Certificate) so you can use it later. ( See Step 6 in Set Up the Dynamics 365 Configuration Record.)
Set Up the Dynamics 365 Configuration Record
- Go to your Dynamics 365 Environment.
- Go to your Tekstack App and in the Configure area, open “Tekstack Configuration”.
- Go to the “Teams” tab.
- In the “Integration UserName” field and the Integration Password field, enter the information about the user created in Part A, User Setup, in Set Up Teams Integration.
- In App Registration Settings section of the record, configure:
Graph TenantId – Paste the value for Directory (tenant) ID saved in Step 6, Part B, Application Set Up, of Set Up Teams Integration.
Graph ClientId - Paste the value for Application (client) ID saved in Step 6, Part B, Application Set Up, of Set Up Teams Integration.
Graph Client Secret – Paste the value for secret saved in Step 10, Part B, Application Set Up, of Set Up Teams Integration.
D365 Auth App Id - Paste the value for Application (client) ID saved in Step 6, Part B, Application Set Up, of Set Up Teams Integration.
D365 Url – Paste the url of the dynamics instance. Example:
https://<companyname>.crm.dynamics.com) |
- In the SharePoint App Settings section of the record, configure:
SharePoint Client Id - Paste the value for Application (client) ID saved in Step 6, Part B, Application Set Up, of Set Up Teams Integration.
SharePoint Domain – Domain of SharePoint Tenant.
SharePoint Certificate – Paste the value for the certificate saved in Step 15, Part B, Configure the App Certificate, of Configure a Hubsite for Account-related SharePoint sites.
Certificate Password – Paste the value for the password saved in Step 4, Part B, Configure the App Certificate, of Configure a Hubsite for Account-related SharePoint sites.
Hub Site – Paste the url for the Hub Site to associate the SharePoint sites.
Enable SharePoint Integration on the Dynamics 365 Environment
A. Create Document Locations
- Go to your Dynamics 365 environment.
- On the Command bar on the right side, click Settings and then choose Advanced Settings.
- Click the arrow next to Settings to display options. Choose Document Management.
- Then choose Enable Server-Based SharePoint Integration.
- Click Next.
- Click Next, again.
- Enter the url for the SharePoint site and then click Next.
- Click Finish.
B. Set Up User Permissions
- Go back to Settings and choose Security.
- Choose Users.
- Select the user created previously and choose MANAGE ROLES.
- Give the user System Administrator permission.
- Click OK.
- Now the user has permissions in Dynamics 365.
You have just set up SharePoint integration on your Dynamics 365 Environment and given the Teams Integration user System Administration permissions.