When deploying a solution to production is there a way to lock down the system so users do not inadvertently log in and create transactions before the deployment check out is complete?. I searched but many discussions point to the on-premis version where you can disable users which is not an option in the online version.
Our user connect three ways
Jeff, there are two ways to accomplish this:
1) Active Directory Security Groupor2) Change Production Type to Sandbox1) Go into Microsoft 365 Admin Center and create an Active Directory security group and add only the users that will be deploying the solution and testing the solution once deployed. Then go to the Power Platform Admin Center and click the name of the production environment you are deploying too. From there you click edit and then you can add the security group you just created in AD. Once you save that change, no one but the users assigned to that AD group will be able to access D365 CE from any of the interfaces. When they attempt to login, or if they are in the system already and move to another area, a message will appear informing them that their user account has been disabled and to contact their system admin. The disable user message can make end users a little nervous, so if it is possible to change the default disabled user message you might want to. I have not looked into changing it so if you figure out if it is possible please post back here. If you look in the users area of CE you will see that all users but the ones assigned to the group have been disabled. It will appear that their security roles have been removed as well, but once you remove the security group from the instance the users will become active and their security roles will be back. It can take a little while for the CE users to become active again once the security group has been removed, so keep that in mind. It took about 30-45 minutes to reactivate 500-600 users the last time I used this method.2) The second option is to change your production instance Type to Sandbox instead of Production. Once you do that you can put the instance into Admin Mode, which will keep everyone out except users that are assigned the System Admin or System Customizer security role. This is also accomplished by going to the Power Platform admin Center and click the name of the production environment you are deploying too. From there you click edit and then you can update the instance Type from Production to Sandbox and the Admin Mode options should appear. Once you are done deploying and testing, change the instance Type back to Production.Image for referencing the areas in the Power Platform Admin Center for both options:
Hope this helps,
If you've found this thread useful, dive deeper into User Group community content by role