Recently, I was performing a migration from AX 2012 CU 11 to D365 for operation. I have a valid azure subscription from Visual Studio Ultimate with MSDN. The AAD tenant administrator is based on Microsoft Hotmail id.
For a D365 for operation partner trial, I have signed up using the link below which creates an O365 account to access Lifecycle services (LCS).
To be noted, the tenant administrator for azure and tenant for LCS are two AAD instance. At this point, there is no directory integration between them.
MSDN
“A tenant can be defined as a client or organization that owns and manages a specific instance of that cloud service. With the identity platform provided by Microsoft Azure, a tenant is simply a dedicated instance of Azure Active Directory (Azure AD) that your organization receives and owns when it signs up for a Microsoft cloud service such as Azure or Office 365.
Each Azure AD directory is distinct and separate from other Azure AD directories. This means that users and administrators of one Azure AD directory cannot accidentally or maliciously access data in another directory.”
As a part of the migration process for hosting environments in the cloud, we need some perform authorization and later add an azure connector.
First, the azure tenant administrator that owns the azure subscription must grant access to “Dynamics 365 for Operations” applications on the tenant. To do this, go to the project setting page under Azure connector tab we need to click authorize the LCS Deployment Service (DSU) to work on the Azure subscription as below screens shot.
But, this authorization may not take place successfully as we have two different azure subscriptions, one for Microsoft Hotmail account used for azure cloud and other for an O365 account used for D365 for operation in LCS. Therefore, we need to manage the directory that was created for an Office 365 subscription in Azure using the below link
After this, we will assign the Contributor role to the
- Dynamics Deployment Services [wsfed-enabled] application
- An O365 account used in LCS.
In the azure portal, select your subscription, browse to Access control (IAM). Select Roles and highlight Contributor and Add.
Now, you click on the authorize link which will take you to a login page to key in credentials using your Hotmail id.
MSDN
“The Azure Resource Manager (ARM) is the service used to provision resources in your Azure subscription.”
Secondly, we need to add an azure connector to the LCS project. In the project setting page under Azure connector tab, click add and enter the azure subscription id. Enable “Yes” to Configure to use Azure Resource Manager (ARM).
Enter Azure subscription AAD Tenant Domain (or ID) which is domain name of azure such as “xxxxxxhotmail.onmicrosoft.com”
Click next for validation.
Afterward, you will find that ARM is enabled for the Azure connectors as follows.
No comments:
Post a Comment