Introduction: In this blog, we will see how to resolve HTTP Error 503 – The service is unavailable in Microsoft Dynamics 365 Finance and Operations Details:  For resolving these kinds of errors, we have 2 solutions as of now. One is to do from the front end that is LCS and the second is to do from the back-end that is from Visual Studio From LCS: Reset the IIS from the LCS. Steps: 1.     Go to LCS, login 2.     Select the respective project, full details   3.     Go to Maintain -> Restart service       4.     Select IIS and confirm it     5.     Wait till the service is being restarted                       From Visual Studio: From the back-end, open the VM and follow the below steps: 1.     Login to VM 2.     Open the Visual Studio 3.     Go to Dynamics 365 tab 4.     Click on Restart IIS Express That’s it. Build the project and go to the frontend and check the output how it looks like. Thanks for reading and stay connected with us for more updates!!! Jagdish Solanki | Senior Technical Consultant | CloudFronts Business Empowering Solutions Team “Solving Complex Business Challenges with Microsoft Dynamics 365 & Power Platform”

Introduction: In this blog we will learn how to filter regarding based on another option set field. Also, we shall understand how we can set the default view for regarding. Solution: The below script will run on field change of “Type”, this is the option set based on which the regarding will be filtered. Regarding: function (execContext) { var formContext = execContext.getFormContext(); if (formContext.getAttribute(“type”).getValue() != null) { Type = formContext.getAttribute(“type”).getValue(); switch (Type) { case 1: formContext.getControl(“regardingobjectid”).setEntityTypes([“contact”]); formContext.getControl(“regardingobjectid”).setDefaultView(“{00000ABC-0000-0000-00BG-000010000147}”); break; case 2: formContext.getControl(“regardingobjectid”).setEntityTypes([“quote”]); formContext.getControl(“regardingobjectid”).setDefaultView(“{00000ABC-0000-0000-00BG-000010000147}”); break; } } } Here, the Entity Type- will be entity you want to show in regarding and default view will be the view whose id is set in this script. Output:

Part 4: Testing using Developer Portal and JWT Policy Configuration Introduction Configuring OAuth 2.0 for your APIs hosted in Azure API Management adds an extra layer of security and prevents unauthorized access. This is a very important configuration form Security point of view for your Endpoints and is provided out of the box by Azure. This is the second part of a series of Blogs on Securing your API using OAuth 2.0 in Azure API Management. Please go through all the parts to find easy and detailed steps that will help you configure the OAuth 2.0 Authentication. Successfully call the API from the developer portal Note: This section is new to the Developer Portal and is under changes. So sometimes it might give Un-Authorized or CORS error. Hopefully, this bug gets resolved in future soon. Now that the OAuth 2.0 user authorization is enabled on your API, the Developer Console will obtain an access token on behalf of the user, before calling the API. Browse to any operation under the API in the developer portal and select Try it. This brings you to the Developer Console. Note a new item in the Authorization section, corresponding to the authorization server you just added. Select Authorization code from the authorization drop-down list, and you are prompted to sign in to the Azure AD tenant. If you are already signed in with the account, you might not be prompted. After successful sign-in, an Authorization header is added to the request, with an access token from Azure AD. Sign in to the portal Click on accept Note an Authorization header is added to the request The following is a sample token (Base64 encoded): Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImppYk5ia0ZTU2JteFBZck45Q0ZxUms0SzRndyJ9.eyJhdWQiOiJkMTYyODJhYy05N2RlLTRlNGYtODVkZi0xNmVlZDUwNjNjNWUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vMjZjNGIyZTQtZWMwNy00YzdiLTkyZTUtOTdmNTI4NjVlOThiL3YyLjAiLCJpYXQiOjE2MDEyOTIxODYsIm5iZiI6MTYwMTI5MjE4NiwiZXhwIjoxNjAxMjk2MDg2LCJhaW8iOiJBVlFBcS84UkFBQUE4RmJoME4rOHFhVVpZSVRDY1hBVXVNOXZMOVNleUhHWnJnSUtiOUJkNW9HWEpBS1ArMEl5Q1FmUGx2NWo0amIxL0tKa0dLeHFOeWRDZlk3cTN3NGMzbHZsK3ovSFl3VmljNHJKMTBPakFsYz0iLCJhenAiOiIzYzcyZjU3ZC04M2YxLTQxMzktOTIzMi05YWFlODNjZTY2NjQiLCJhenBhY3IiOiIxIiwibmFtZSI6IlJ1c2hhbmsgS2FyZWthciIsIm9pZCI6IjU3Mzc4NTNkLTVhZTEtNDU4Ni05YjUzLTE5OWI0NDcyYWVkNyIsInByZWZlcnJlZF91c2VybmFtZSI6InJrYXJla2FyQGNsb3VkZnJvbnRzLmNvbSIsInJoIjoiMC5BQUFBNUxMRUpnZnNlMHlTNVpmMUtHWHBpMzMxY2p6eGd6bEJrakthcm9QT1ptUlVBQTQuIiwic2NwIjoiRmlsZXMuUmVhZCIsInN1YiI6IjY5UGhwWTFKNm1qS3ZhT1FaeDdaNm1jM2hpV2RVUXFoVTZpczZPdVdmZXMiLCJ0aWQiOiIyNmM0YjJlNC1lYzA3LTRjN2ItOTJlNS05N2Y1Mjg2NWU5OGIiLCJ1dGkiOiI5UTB0S1hBWkFreWpMdGw5TE9nNUFBIiwidmVyIjoiMi4wIn0.S-Wx7iH8TK4aW2Wi2msP6wu__oAmUdvpFAaAZi3_n_by2C7ElJRSeBvjYwVImsEzw4gg1zGm6ssH0xUcj2YJ3tZ5ddFW8IZR1DICHvT_sUXFCrRg6ZDlj_VPzeyLor_RmabgSE4ZfMQOmrfCET51AnQHS96-lIp_cB6SkddWQielfQMebhMMVPNyjLsBcSmFxY4gk0e3cEWnGPQHQRRMxwnJnJeqv8Gfm4fMD_xwD05nGyQ3M_mZt3H0UZiLjvVwsRlS9t7MPhVJCZPZBxEIkg0U_2IOE9OQEmuKwdyBLjVM8dNFUxfEOFUvoYUvJ-hd8hwxB5CXBYdQG9kLiAJpOg Select Send, and you can call the API successfully. Configure a JWT validation policy to pre-authorize requests At this point, when a user tries to make a call from the Developer Console, the user is prompted to sign in. The Developer Console obtains an access token on behalf of the user and includes the token in the request made to the API. 1. However, what if someone calls your API without a token or with an invalid token? For example, try to call the API without the Authorization header, the call will still go through. The reason is that API Management does not validate the access token at this point. It simply passes the Authorization header to the back-end API. You can use the Validate JWT policy to pre-authorize requests in API Management, by validating the access tokens of each incoming request. If a request does not have a valid token, API Management blocks it. For example, add the following policy to the <inbound> policy section of the Echo API. It checks the audience claim in an access token, and returns an error message if the token is not valid. For information on how to configure policies, see Set or edit policies. <validate-jwt header-name=”Authorization” failed-validation-httpcode=”401″ failed-validation-error-message=”Unauthorized. Access token is missing or invalid.”>     <openid-config url=”https://login.microsoftonline.com/{aad-tenant}/.well-known/openid-configuration” />     <required-claims>         <claim name=”aud”>             <value>{Application ID of backend-app}</value>         </claim>     </required-claims> </validate-jwt>  Note This openid-config URL corresponds to the v1 endpoint. For the v2 openid-config endpoint, use https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration. For our scenario the XML Policy is as follows: <validate-jwt header-name=”Authorization” failed-validation-httpcode=”401″ failed-validation-error-message=”Unauthorized. Access token is missing or invalid.”>     <openid-config url=”https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration” />     <required-claims>         <claim name=”aud”>             <value>d16282ac-97de-4e4f-85df-16eed5063c5e</value>         </claim>     </required-claims> </validate-jwt> Now go back to the developer console and without selecting the Authorization Code try to click on send. The Error Message is displayed. Reference Link: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad Part 1: Configuration of Applications in Azure AD  Part 2: Configuration of an Application (Client App) in Azure AD for Consumer  Part 3: OAUTH 2.0 Server setup  Part 4: Testing using Developer Portal and JWT Policy Configuration

At times you will get an error while creating positions for employees such as this: The assignment end date must not be earlier than the assignment start date Here even if you put an Assignment end date you wont be able to create a position because the actual error is on the below form. Once you make changes to it and add date to available for assignment field, you will be able to create a position successfully Hope this helps !

Part 2: Configuration of an Application (Client App) in Azure AD for Consumer Introduction Configuring OAuth 2.0 for your APIs hosted in Azure API Management adds an extra layer of security and prevents unauthorized access. This is a very important configuration form Security point of view for your Endpoints and is provided out of the box by Azure. This is the second part of a series of Blogs on Securing your API using OAuth 2.0 in Azure API Management. Please go through all the parts to find easy and detailed steps that will help you configure the OAuth 2.0 Authentication. Grant permissions in Azure AD Now that you have registered two applications to represent the API and the Developer Console, you need to grant permissions to allow the client-app to call the backend-app. Go to the Azure portal to grant permissions to your client application. Search for and select APP registrations. Choose your client app. Then in the list of pages for the app, select API permissions. Select Add a Permission. Under Select an API, select My APIs, and then find and select your backend-app. Under Delegated Permissions, select the appropriate permissions to your backend-app, then select Add permissions. Optionally, on the API permissions page, select Grant admin consent for <your-tenant-name> to grant consent on behalf of all users in this directory. Part 1: Configuration of Applications in Azure AD  Part 2: Configuration of an Application (Client App) in Azure AD for Consumer  Part 3: OAUTH 2.0 Server setup  Part 4: Testing using Developer Portal and JWT Policy Configuration

Part 1: Configuration of Applications in Azure AD Introduction Configuring OAuth 2.0 for your APIs hosted in Azure API Management adds an extra layer of security and prevents unauthorized access. This is a very important configuration form Security point of view for your Endpoints and is provided out of the box by Azure. This is the first part of a series of Blogs on Securing your API using OAuth 2.0 in Azure API Management. Please go through all the parts to find easy and detailed steps that will help you configure the OAuth 2.0 Authentication.Open Xrm Toolbox and add Tool “PowerBI option-Set Assistant” Register an application (Backend App) in Azure AD to represent the API To protect an API with Azure AD, the first step is to register an application in Azure AD that represents the API. Go to the Azure portal to register your application. Search for and select APP registrations. Select New registration. When the Register an application page appears, enter your application’s registration information: In the Name section, enter a meaningful application name that will be displayed to users of the app, such as backend-app. In the Supported account types section, select an option that suits your scenario Leave the Redirect URI section empty. Select Register to create the application. On the app Overview page, find the Application (client) ID value and record it for later. Select Expose an API and set the Application ID URI with the default value. Record this value for later. Select the Add a scope button to display the Add a scope page. Then create a new scope that’s supported by the API (for example, Files.Read). Finally, select the Add scope button to create the scope. Repeat this step to add all scopes supported by your API. When the scopes are created, make a note of them for use in a subsequent step. Register Consumer application in Azure AD to represent a client application (Client App) Every client application that calls the API needs to be registered as an application in Azure AD as well. In this example, the client application is the Developer Console in the API Management developer portal. Here’s how to register another application in Azure AD to represent the Developer Console. Go to the Azure portal to register your application. Search for and select APP registrations. Select New registration. When the Register an application page appears, enter your application’s registration information: In the Name section, enter a meaningful application name that will be displayed to users of the app, such as client-app. In the Supported account types section, select option as required. In the Redirect URI section, select Web and leave the URL field empty for now. Select Register to create the application. On the app Overview page, find the Application (client) ID value and record it for later. Now, create a client secret for this application to use in a subsequent step. From the list of pages for your client app, select Certificates & secrets, and select New client secret. Under Add a client secret, provide a Description. Choose when the key should expire, and select Add. When the secret is created, note the key value for use in a subsequent step. Part 1: Configuration of Applications in Azure AD  Part 2: Configuration of an Application (Client App) in Azure AD for Consumer  Part 3: OAUTH 2.0 Server setup  Part 4: Testing using Developer Portal and JWT Policy Configuration

Introduction:  In this blog, we will see how we can synchronize the database through PowerShell in Microsoft Dynamics 365 Finance and Operations Steps:  K:\AOSService\webroot\bin\Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir “K:\AosService\PackagesLocalDirectory” metadatadir “K:\AosService\PackagesLocalDirectory” -sqluser “axdbadmin” -sqlserver “.” -sqldatabase “AxDB” -setupmode “sync” -syncmode “fullall” -isazuresql “false” -sqlpwd “*” -logfilename “H:\MSSQL_LOGS\AxDB_log.log” Example: K:\AOSService\webroot\bin\Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir “K:\AosService\PackagesLocalDirectory” metadatadir “K:\AosService\PackagesLocalDirectory” -sqluser “axdbadmin” -sqlserver “.” -sqldatabase “AxDB” -setupmode “sync” -syncmode “fullall” -isazuresql “false” -sqlpwd “AOSWebSite@123” -logfilename “H:\MSSQL_LOGS\AxDB_log.log” Thanks for reading and stay connected with us for more updates!!! Jagdish Solanki | Senior Technical Consultant | CloudFronts Business Empowering Solutions Team “Solving Complex Business Challenges with Microsoft Dynamics 365 & Power Platform”

Your Organization might have a requirement to change the Microsoft Teams recording storage mode from Stream to OneDrive for Business and it has some advantages as well. You have had tried working on sharing and permission on Microsoft Streams and it is not much effective so why not use our OneDrive for Business and we can easily set permissions on the recordings. Currently there is no option to share the recording to external users from MS Stream in this case OneDrive for Business helps additionally you can provide shared links as well. This recording option is a setting that is available at Teams policy level and in this article, we will see how to achieve that. Pre-requisites: You need to have the Teams PowerShell Module installed. Microsoft 365 license is required which includes OneDrive for Business. Installing Teams PowerShell module: Open Windows PowerShell as an Administrator. Enter the command “Install-Module MicrosoftTeams”. Install the Skype for Business Online Connector: Skype for Business Online Connector is currently a part of Teams PowerShell Module. Enter below commands“Import-Module -Name MicrosoftTeams”“$userCredential = Get-Credential” – Enter Admin Credentials.“$sfbSession = New-CsOnlineSession -Credential $userCredential”“Import-PSSession $sfbSession” Set Teams Meeting Policy to transition from the Stream storage to OneDrive for Business or SharePoint. Once you are connected to SfB Connector using the above steps, you can use the below command to set the transition.“Set-CsTeamsMeetingPolicy -Identity Global -RecordingStorageMode “OneDriveForBusiness“ To check if the setting successfully applied, get the Teams Policy Settings using the below command and the “Recording Storage Mode” status, it should be OneDrive for Business.“Get-CsTeamsMeetingPolicy”. You might think that it will take huge storage and OneDrive for Business only has 1 TB of storage, in that case I recommend increasing the storage for OneDrive for Business. You can increase your OneDrive for Business storage to up to 5TB. Please refer this blog for more information – https://www.cloudfronts.com/how-to-increase-onedrive-for-business-storage-up-to-5tb/ Where will the recordings get stored? For non-Channel meetings, the recording will get stored in OneDrive for Business under a folder named “Recording”. This OneDrive will be of the person who started the meeting. For Channel meetings, the recording will get stored in the Team Site document library in SharePoint Online in a folder names Recording.

Introduction: Here is JavaScript code that you can use to  make the required field show only system user records and also in case you have a requirement to the set the owner of record as default required attendee. Solution: Add below function to your web resource on load event. Conclusion: On load of form the Required attendee will be owner of record and we can add new attendee easily as the dropdown will show only user records. Instead of users, if you need contact records, just change the set entity type->  formContext.getControl(“requiredattendees”).setEntityTypes([“contacts”]);

Introduction: While using Power apps, we might come across situation where we do not want the user to click on the Save button and then move to next screen to fill in child records. In such case we can use timer control to auto save the form and navigate to new screen. Solution: In my Use Case, I have  Order which will be auto saved and then the screen to fill in  order lines will open. Add the timer control on  order form. I have set auto start to yes and the duration to 2seconds, so when my form will load the timer will auto start and run for 2seconds after which it will execute the action OnTimerEnd. 2. I want to submit the form only when the fields have data. So in the formula,  if data is empty, the user will be notified and timer will reset else the form will be submitted, its id will be saved in variable, the form will reset and user will be navigated to next screen. You can modify the formula based on your requirements. I have saved the last submit, so that I can open the same form for further editing on the new screen. Conclusion: You can implement the auto save functionality of CRM in PowerApp by using timer and submit form on timer end.