We use Dynamics 365 (Customer Service, Field Service, etc.) for both internal and external service delivery.

All users are managed in Microsoft Entra ID, and most have a Dynamics 365 or Team Member license assigned.

However, Dynamics 365 currently lacks proper integration with Entra ID for user and group provisioning. Specifically:

• A systemuser record in Dataverse is only created after the user signs in or is impersonated via the API.
• Changes to Entra ID group membership (e.g. security groups mapped to teams or business units in Dynamics) are not reflected automatically in Dynamics 365.
• Group-based security role assignments are not supported natively in Dataverse.
• This blocks pre-provisioning, centralized role governance, and dynamic access control.

🚫 Problems this causes:

• We cannot assign security roles, business units, or teams before a user signs in.
• Users added to or removed from Entra ID groups do not trigger updates in Dynamics.
• We must use PowerShell, custom Power Automate flows, or impersonation workarounds to simulate basic identity operations.
• This approach does not scale and adds risk to identity and access governance.

✅ What we expect:

We would like to see native support in Dynamics 365 / Dataverse for:

1. Automatic creation of systemuser records for any Entra ID user with a valid license or group membership.
2. Continuous synchronization of group memberships from Entra ID to Dataverse teams and security roles.
3. Group-based role assignment similar to what exists in Microsoft 365 and Intune.
4. SCIM 2.0 support for full HR-driven user provisioning.

🎯 Why this matters:

In enterprise environments, especially with Dynamics 365 being used for Enterprise Service Management (ESM), centralized identity and access control is critical.

Other Microsoft cloud platforms already support this — Dynamics 365 should too.