Customer Engagement & Dynamics CRM Forum

Expand all | Collapse all

Locking down Dynamics 365 Sales (Online) for maintenance

  • 1.  Locking down Dynamics 365 Sales (Online) for maintenance

    Posted 20 days ago

    When deploying a solution to production is there a way to lock down the system so users do not inadvertently log in and create transactions before the deployment check out is complete?. I searched but many discussions point to the on-premis version where you can disable users which is not an option in the online version.


    Our user connect three ways

    1. Web Interface using the model-driven app
    2. Mobile client using the D365 phone App
    3. Dynamics 365 App for Outlook

    Jeff Botts
    Sempra Global
    San Diego CA

  • 2.  RE: Locking down Dynamics 365 Sales (Online) for maintenance

    Posted 19 days ago
    Hi Jeff, you can change your Production instance to a Sandbox and then put it into Administration Mode as described here:

    Neil Benson, MVP
    Brisbane, QLD, Australia
    Take my free mini-course Agile Foundations for Microsoft Business Apps

  • 3.  RE: Locking down Dynamics 365 Sales (Online) for maintenance

    Posted 19 days ago

    Jeff, there are two ways to accomplish this:

    1) Active Directory Security Group
    2) Change Production Type to Sandbox

    1) Go into Microsoft 365 Admin Center and create an Active Directory security group and add only the users that will be deploying the solution and testing the solution once deployed. ​Then go to the Power Platform Admin Center and click the name of the production environment you are deploying too. From there you click edit and then you can add the security group you just created in AD. Once you save that change, no one but the users assigned to that AD group will be able to access D365 CE from any of the interfaces. When they attempt to login, or if they are in the system already and move to another area, a message will appear informing them that their user account has been disabled and to contact their system admin. The disable user message can make end users a little nervous, so if it is possible to change the default disabled user message you might want to. I have not looked into changing it so if you figure out if it is possible please post back here. If you look in the users area of CE you will see that all users but the ones assigned to the group have been disabled. It will appear that their security roles have been removed as well, but once you remove the security group from the instance the users will become active and their security roles will be back. It can take a little while for the CE users to become active again once the security group has been removed, so keep that in mind. It took about 30-45 minutes to reactivate 500-600 users the last time I used this method.

    2) The second option is to change your production instance Type to Sandbox instead of Production. Once you do that you can put the instance into Admin Mode, which will keep everyone out except users that are assigned the System Admin or System Customizer security role. This is also accomplished by going to the Power Platform admin Center and click the name of the production environment you are deploying too. From there you click edit and then you can update the instance Type from Production to Sandbox and the Admin Mode options should appear. Once you are done deploying and testing, change the instance Type back to Production.

    Image for referencing the areas in the Power Platform Admin Center for both options:

    Editing D365 CE Instance using Power Platform

    Hope this helps,  

    Rob Pike
    Minneapolis, MN

If you've found this thread useful, dive deeper into User Group community content by role