Articles in this section

Connect Teams and SharePoint

Avatar
Weston Packard
  • Edited

Connect Teams and SharePoint by creating a user in Azure Active Directory

A. User Setup

  1. In Azure Active Directory, create a new user for the D365/Teams/SharePoint integration.

  2. Call the user “D365 Teams Integration” or something similar.

  3. Set the user’s password to never expire (See here).

  4. In a new browser, navigate to Login to Microsoft 365 and login as the new user.

  5. When prompted, update the user’s password. Keep the password for use in a later step.

  6. Under Licenses, add a license for Microsoft Teams with all services. It can be a Microsoft 365 (or Office 365) basic license as long as it allows access to SharePoint, Teams and One Note. You may already have a license that you can use.

  7. Optional: If your organization uses multi-factor authentication (MFA), you will need to add D365 IPs to your trusted locations, so the account does not require MFA on sign in.

Open Azure Active Directory. In the left navigation, select Conditional Access.

In the left navigation, select Named Locations and then click New location.

Add the IP ranges for your D365 geography available from Microsoft here: Microsoft Dynamics CRM Online IP Address Ranges - Microsoft Support

In Azure Active Directory, select App registrations.

Select New Registration.

Choose a name for the new app, for example “D365 Teams SharePoint Integration”.

Select Accounts in this organizational directory only (<organization name> only – Single tenant).

Click Register.

On the overview of the new app, keep the Application (client) ID and Directory (tenant) ID for use in a future step.

In the left menu, select Certificates & secrets and then click + New client secret.

Add a description and choose the relevant time frame. The maximum for the expiry is 24 months and Custom allows a specific date as far out as 24 months.

Click Add.

Keep the value of the client secret for use in a future task. Note! This is your only opportunity to see this data.

In the left menu, select API Permissions and then click + Add a permission.

Select Microsoft Graph, click Delegated permissions, and then select:

  • Files: “Files.ReadWrite.All”
  • Group: “Group.ReadWrite.All”
  • Notes: “Notes.ReadWrite.All”
  • User: “User.Read”
  • User: “User.ReadBasic.All”

Click Add permissions.

Click Add a permission again.

Choose SharePoint, click Delegated permissions, and then select:

  • AllSites: “AllSites.Read”
  • AllSites: “AllSites.Write”

Click Add permissions.

  1.  Click Add a permission again.
  2.  Choose Dynamics CRM, click Delegated permissions, and then select:
  3. “user_impersonation”

Click Add permissions.

  1.  Click Add a permission again.
  2.  Choose Microsoft Graph, click Application permissions, and then select:
  3. “Directory.ReadWrite.All”
  4. “Files.ReadWrite.All”
  5. “Group.ReadWrite.All“
  6. “Notes.ReadWrite.All”
  7. “User.Read.All“

A list of your configured permissions is displayed. (The next image shows only one.)

Click Grant admin consent for <organization name>.  The name will default to your environment name.

Click Yes. Your permissions are approved.

In the left navigation, choose Overview,  click App Registrations and then click the name of your app. Click the name again of your app under “Managed application in local directory”.

In the left navigation, select Users and groups, then click Add user.

The Add Assignment opens.

Click None Selected.

Pick the user you created previously, give it default access and click Assign. Ensure the newly created user has the Groups Administrator role in Azure.

  

Your new user, D365 Teams Integration (or whatever you named it) is now set up.

Configure a Hubsite for Account-related SharePoint sites

A. Application Permissions Setup

In Azure Active Directory, select App registrations.

Select the app created before.

In the left menu, select API Permissions and click + Add a permission.

Choose SharePoint, click Application permissions, and then select Sites.FullControl.All.

Click Add permissions.

Click Grant admin consent for <organization name>.  The name will default to your environment name. The confirmation message appears. Click Yes.

B. Configure the App Certificate

A certificate is required to connect to the app. The public key (certificate) is uploaded to app registration in Azure. The private key is added the Configuration entity.

Now let’s configure the certificate for the app.

From the Windows search, open the Windows PowerShell console and choose Run as Administrator.

Execute the following script to generate a self-signed certificate.

Note: You must create a folder and store it in a relevant location so that it can be accessed for this process and where you will store the certificate. Use the file called “Create-SelfSignedCertificate.ps1” to create the certificate (public key).

Save the file in the same folder where you want to generate the certificate (public key).

  

At the end of this process, you will have the original file “Create-SelfSignedCertificate.ps1“ and two other files: the certificate (public key) file and the private key file.

 

Run the command: cd “<file path location for Create-SelfSignedCertificate.ps1>”. Example:

cd “C:\Users\Findmore Consulting\Desktop\Azure Certificate”

 

 Run the command: .\Create-SelfSignedCertificate.ps1 -CommonName "<Company name>" -StartDate <start date> -EndDate <End Date>.

Note: The CommonName becomes the name of your public key file (.cer) and the private key file (.pfx). Use a logical name such as the name of your company. You can use as StartDate today’s date and for EndDate a date two years in the future. This is the time frame for your certificate. Example:

.\Create-SelfSignedCertificate.ps1 -CommonName "ClickDimensions" -StartDate 2023-01-01 -EndDate 2024-12-12

 

You might see the following warning. Click R to run the script one time.

Note: When you try to run the command, the following error might appear, “File <file path> cannot be loaded because running scripts is disabled on this system (...)”.

 

 Here, you must run the following command to enable running scripts in your system: “Set-ExecutionPolicy Unrestricted”. Example:

Set-ExecutionPolicy Unrestricted

 Enter Y to accept the change of the execution policy.

This is a personal setting on your computer, and you can set it back to Restricted after running the scripts.  Example:

Set-ExecutionPolicy Restricted

 

Enter Y to accept the change of the execution policy.

Back at the creating the self-signed certificate, you were asked to "Click R to run the script one time".

After you click R to run the scripts once, and then click Enter, you will be asked for a password. Enter a password.

You will see the certificate files in the folder.

  Back in App Registrations in the Azure Portal, click the application you registered

In the left navigation. go to Certificates & secrets.

Choose Certificates, and then Upload certificate.

 

Choose the certificate (public key) created in the step above.

  Click Add.

The certificate is configured.

Set Up the Dynamics 365 Configuration Record

Go to your Dynamics 365 Environment. 

Go to your [Environment Name] App and in the Configure area, open “[Environment Name] Configuration”.                                                                                                                                                 

  1. Go to the “Teams” tab.

In the “Integration UserName” field and the Integration Password field, enter the information about the user created in Part A, User Setup, in Set Up Teams Integration.

 

In App Registration Settings section of the record, configure:

 

Graph TenantId – Paste the value for Directory (tenant) ID saved in App Overview, of Set Up Teams Integration.

Graph ClientId - Paste the value for Application (client) ID saved in App Overview of Set Up Teams Integration.

Graph Client Secret – Paste the value for secret saved in Step 10, Client Secret, of Set Up Teams Integration.

D365 Auth App Id - Paste the value for Application (client) ID saved in App Overview, of Set Up Teams Integration.

In the SharePoint App Settings section of the record, configure:

  

SharePoint Client Id - Paste the value for Application (client) ID saved in App Overview of Set Up Teams Integration.

SharePoint Domain – Domain of SharePoint Tenant.

SharePoint Certificate – Paste the value for secret saved in Client Secret of Set Up Teams Integration.

Hub Site – Paste the url for the Hub Site to associate the SharePoint sites.

Enable SharePoint Integration on the Dynamics 365 Environment

A. Create Document Locations

  1. Go to your Dynamics 365 environment.
  2. On the Command bar on the right side, click Settings and then choose Advanced Settings.
  1. Click the arrow next to Settings to display options. Choose Document Management.
  1. Then choose Enable Server-Based SharePoint Integration.

  1. Click Next.

  1. Click Next, again.

a user in Azure Active Directory that D365 will use to connect to Teams and SharePoint.

Enter the url for the SharePoint site and then click Next.

Click Finish.

 

Make sure you also give the user you created System Administrator permissions.

 

Head to the Microsoft 365 admin center. (Admin Center)

Select the user you created and select Manage Roles

 

Grant the user the Sharepoint Administrator role.

Then open Windows PowerShell and run the following command:

 

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Then run this command to connect to the SharePoint Online Service:

 

Connect-SPOService -Url “https://”+name+”-admin.sharepoint.com”

Finally run this command:

 

set-spotenant -DisableCustomAppAuthentication $false

 

After, go to the appinv.aspx page on the tenant administration site. You can reach this site via https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx. Replace the “contoso“ with your sharepoint.

It should open this page:

 

The App Id is the Application (client) ID presented on the App Registration created in the begining. After pasting the App Id press “Lookup”. The Title should be populated automatically. The App Domain should be the “subdomain”.sharepoint.com, for example clickdimensionsdev.sharepoint.com. The Redirect URL can be https://www.localhost.com/. The App Permissions XML is:

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

It should look like this in the end:

 

Click Create.

After, click Trust It.

 

Go back to the Sharepoint admin and then Active Sites. Select the site you added as Hub Site on the Settings record in Dynamics and register it as Hub Site.

 

You have just set up SharePoint integration on your Dynamics 365 Environment and are ready to create Sharepoint pages, OneNote notes and Teams.

Was this article helpful?

Related articles