Fastpath Blog- Articles on Security, Audit and Compliance

User License Types In Dynamics 365 For Finance & Operations

Written by Alex Meyer | Jul 18, 2024 1:00:00 PM

As more companies look to make the move from Microsoft Dynamics AX 2012 to Dynamics 365 for Finance & Operations, we thought the time was right for a primer on the differences between User License types in the two systems.

As you may know, what a user can or can’t do in AX or Dynamics 365 drives the type of license a user needs. The higher the license type, the higher the cost. 

Current State of D365FO User Licensing

Since I’ve written multiple posts on this topic in the past, I thought it would be a good idea to combine the different posts and create a place that I can continually update with the latest information. So going forward, while I will still have individual posts on user licensing as well, this post will always be updated with the latest information.

Where We Started

In AX 2012 and versions of D365FO prior to October 2019, the only licensing mechanism within the system was ‘Entry Point Based Licensing.’ In this methodology, each menu item had two separate parameters:

  • ViewUserLicense – user requires this license if they are assigned Read access to this object
  • MaintainUserLicense – user requires this license if they are assigned Update/Create/Delete to this object

The D365FO license types available were hierarchy-based (from highest to lowest):

  • Operations (will be listed as Enterprise in AOT)
  • Activity
  • Team Members (will be listed as Universal in AOT)

You could report on the licensing either from:

  • The user interface in the View Permissions area of System Administration -> Security Configuration

  • From the ‘View Related Objects and Licenses for All Roles’ report in the AOT.

The licensing model looked like the following:

Where We Are Now

The change that Microsoft made to user licensing in October 2019 was that the Operations level licensing is now broken out by application area into what are now called ‘license SKUs’. There was no overarching license for either Customer Engagement or Finance & Operations, there were different areas within each application that required a particular license.

 

The way to determine which license SKUs a user is now required to have is based on the privileges the user is assigned. These privileges come from the roles assigned to the user via the role -> duty -> privilege hierarchy structure of the security model.

So now there are two separate licensing models in use currently:

  • Entry Point Based Licensing (explained above)
  • Privilege Based Licensing

Base vs Attach Licenses

When licensing for a user there are two categories of license: Base and Attach.

And they have the following characteristics:

Base

  • Must be the first license assigned to a user
  • Must be the highest priced license
  • Every user must be assigned a ‘base’ license to access the application

Attach

  • Added on to a ‘base’ license
  • A user can have as many ‘attach’ licenses as needed
What is Privilege Based Licensing?

Microsoft designates certain privileges to be associated to one or more license SKUs and then determines if that license SKU is required or if any listed license SKU will meet the requirements. This is done from a static JSON file loaded into the LicensingServicePlansPrivilege table.

The PrivilegeIdentifier is the system name of the privilege, the SkuName is the license SKU, and the IsUnique column determines if that particular license is required to be assigned to the user or if any of the license SKUs associated to the privilege will meet the requirements. So an IsUnique value of 1 dictates that a user assigned that privilege is required to have that license SKU either as a base or an attach license, an IsUnique value of 0 means any of the listed license SKUs for that privilege will meet the licensing requirements.

November 2023 Update

In the 10.0.34 release, Microsoft silently released a new feature parameter that impacted how licensing is calculated. This update effectively made all ‘Read’ access assigned to any menu items require only a ‘Team Member’ license.

Full blog post on the update can be found here.

So How Does Entry Point Licensing and Privilege-Based Licensing Work Together?

I’ve created a Visio diagram to help with the process of showing how these two licensing methodologies work together:

Reporting Options

User License Estimator Report

This report shows the license SKUs required for each user based on their current access. It can be found at System Administration -> Inquiries -> License Reports.

One thing to note about this report is that it does not show possible base/attach combinations, it just shows if a user requires multiple licenses. It is up to the end user to know if certain licenses can be combined in a base/attach combination.

It also will not show users that require a base license of some sort but do not have any privilege that has an ‘IsUnique’ value of 1.

The User License Count report can be found at System Administration -> License -> User License Counts. This report shows the entry point based licensing requirement (Operations, Activity, Team Member) for each user broken out by the roles assigned to that user:

Security Configuration -> View Permissions

The View Permissions report now shows the licensing requirements for each role, duty, and privilege in the system. This report can be found in System Administration -> Security -> Security Configuration -> Selecting a role/duty/privilege -> View Permissions:

During Role Assignment

When assigning roles to a user, the license required for that role is shown in the Assign Role to User form:

Pricing Update Oct 1st 2024

Microsoft announced that they are planning on updating the pricing of all Dynamics 365 licensing on October 1st 2024.

Full overview of this update can be found here


Some content first appeared in Current State of D365FO User Licensing by Alex Meyer 
View full post