Looking for PowerObjects? Don’t worry, you’re in the right place! We’ve been part of HCL for several years, and we’ve now taken the final step in our acquisition journey: moving our website to the HCL domain. Nothing else is changing – we are still fanatically focused on Microsoft Business Applications!

PowerObjects Blog 

for Microsoft Business Applications


Using Office 365 Security Groups to Control Microsoft Dynamics CRM Online Access

Post Author: Joe D365 |

If you are a Microsoft Dynamics CRM Online system administrator, you probably know that initial CRM user setup is performed in the Office 365 portal and then configured within CRM. But you may not know that you can use the Security Groups feature in the Office 365 Portal to enable or disable CRM access to custom groups of users you can create.

This feature can be useful for different scenarios, including:

  • Limiting access for development or testing in non-production CRM Online instances
  • Restricting access to the CRM Online production environment to system administrators only when importing a new solution set or other system maintenance
  • Creating special groups for sales, service, or other business groups for more organized users management

There is actually a default security group that is pre-configured for Office 365 called System Administrators. This group includes all Office 365 users with global administrator rights.

Here's how it works. You must have global administrator rights in the Office 365 Portal.  If you do, log in to the Office 365 Portal with your credentials to the home page. Once logged in, do the following:

  1. On the home page, select the Users and Groups link on the navigation menu on the left side of the page.
  2. This will take you to the Active Users list. In the upper near left of the page near the top center of the home page, you will see a link for Security Groups. Click on the link to take you to the security groups management pages.
  3. Left click on the + (plus) symbol to create a new group. This will open up a new page where you can enter your new security group name.

Office 365 Security Groups

For this scenario, we will call our group Testing Users. This group will comprise of users that will have access to the CRM environment for testing new solutions. To create the group, do the following:

  1. On the entry page, enter the name of the group in the Display Name section.
  2. Next, left click on plus sign in the Members section to pop out the user selection tool to select the user(s) that will be part of this group.
  3. After entering the name, select Save in the bottom right corner to save your group.

security groups img 2

Voilà! Your new security group is created. Now, let's use it to limit access to Dynamics CRM Online to our Testing Users. Go to the Office 365 CRM Online Admin Center by first clicking on the Admin dropdown on the Office 365 navigation toolbar, then selecting CRM from the dropdown list. This will open the CRM configuration page.

security groups img 3

Next, select the CRM Online instance (if you have more than one) you want to edit and select the Edit button.

security groups img 4

In the edit screen in the security settings section, use the search tool to look up your new Testing Users security group and select it.   Click Save to save your selection and return to the main page in the Admin Center.

security groups img 5

security groups img 6

Then, click Save on the Admin Center page to save your CRM Online instance security settings.

That’s it! As long as the users in your group are licensed for CRM Online, access to the CRM Online instance will be restricted to the users in the security group. Other licensed users inside of CRM Online that are not in the security group will be disabled. To restore access, simply go back to the CRM Online Admin Center for that instance and clear the group name from the security settings.

Happy CRM'ing!

Joe CRM
By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

2 comments on “Using Office 365 Security Groups to Control Microsoft Dynamics CRM Online Access”

  1. Thank you for your post.
    Does it only work for the user member belong to the security group directly(don’t work for the group’s group)?
    I add some groups(which contain some users) to the security group.But the user can’t login into the sandbox.When the user belong to the security group,it works well.

    1. Correct. Nested groups is currently NOT supported, only direct group membership. We hope this will change in the future as we have seen many clients want support for nested groups.

PowerObjects Recommends