Simplifying Addition of New Users

Correct Answer: D

The Dataverse security defines the three types of teams: Owner - this team owns the record and gives direct access to the team's members.

Access - this team helps members to share a row in a form.

Azure AD group - this team's membership is controlled by Azure AD.

It has a similar behavior as the Owner team.

All users accessing Dataverse data are authenticated by Azure AD.

The Dataverse provides a robust security model using business units, RBAC, and teams.

Azure AD groups take the team membership control on the Azure AD level.

The use of the Azure AD groups significantly simplifies adding or removing the Power Platform users.

There are two types of Azure AD groups: Security and Office.

The Security group members can be users, devices, service principals, and other AD objects.

This group type provides access to the applications, resources, and assigns licenses to the group's members.

The Office group members are users only.

This type is created for a collaboration using mailboxes, calendars, SharePoint, etc.

You can use both of these groups for registration within the Dynamic 365 team.

You can create an Azure AD group using Microsoft Office 365 Admin Center or Azure portal.

In the Azure portal, open the Azure Active Directory and select the Groups item in the Manage section.

On the next screen, select the New Group and create a new group.

After you create a new group, open it, and on the Overview screen (Number 1), copy the Object ID GUID (Number 2).

Then open the classic Power Apps interface by selecting the Advanced settings under the Settings icon.

On the classic screen, select the Security item from the Settings dropdown and, next, select the Teams.

Then click on the New button from the toolbar.

The portal opens a new screen for New Team.

You need to provide a Team name (Number 1), select an administrator (number 2), select the Team Type (Number 3)

The team type should be the same as the type you selected when created the Azure AD group.

And, finally, you need to provide an ObjectID GUID for the Azure AD group (Number 4)

This will link the Dynamics 365 (Dataverse) team with the Azure AD group.

After creating the Dataverse security team, you can create a role and assign it to the team.

All other options are incorrect.

For more information about Azure AD group security, please visit the below URLs:

The first step that you would advise the company to take to accomplish the requirement of providing access to sales tables and records for new salesperson is to create a new security role with access to sales data. Therefore, the correct answer is B.

Here's why:

Creating a new security role with access to sales data is the most appropriate first step to meet the requirement because it allows the company to define a set of permissions for users who belong to the sales team. A security role is a collection of privileges that determines what data and actions a user can access within the Power Platform. By creating a new security role with access to sales data, the company can ensure that new salespeople are given access to the relevant sales tables and records without compromising the security of the entire system.

Creating a new Dynamics 365 Sales team (answer A) is not the correct first step because it does not address the security requirements. A sales team is simply a group of users who share common goals and objectives, and creating a new team does not automatically provide access to the relevant sales data.

Setting the ownership of the sales tables to Organization (answer C) is also not the correct first step because it does not specify the level of access that new salespeople should have. Ownership refers to who can edit, delete or share a record, but it does not specify what data users can see or what actions they can perform.

Creating an Azure AD group (answer D) is also not the correct first step because it does not define the level of access that new salespeople should have within the Power Platform. An Azure AD group is a collection of users who share common access requirements, but it does not define the specific permissions that should be granted to those users.

Assigning a new role to the Sales team (answer E) is not the correct first step because it assumes that a suitable security role already exists. Before a role can be assigned, it must first be created with the appropriate set of privileges to meet the security requirements.