Setup overview for mobile apps

Your users can access their data stored in Microsoft Dataverse while they're out in the field by using either of the following apps:

  • Dynamics 365 for phones: With Dynamics 365 for phones, you can design your information architecture once and the customizations will automatically flow to all form factors. Much is shared with Dynamics 365 for tablets.

  • Dynamics 365 for tablets: With the same basic features as Dynamics 365 for phones, tablet users will appreciate the experience optimized for a larger screen.

Requirements

For hardware and software requirements for Dynamics 365 for phones and Dynamics 365 for tablets, see Support for Dynamics 365 for phones and Dynamics 365 for tablets.

Required privileges

Microsoft Dataverse uses security privileges to provide access to Power Apps mobile. The privilege is pre-configured for Sales roles, but not other security roles, so you may want to add to other roles for your teams.

The app should be shared for the security role that user has been assigned.

Follow these steps to check and assign the security privilege for a security role:

  1. Go to Settings > Security.

  2. Select Security Roles.

  3. Select a security role > Business Management tab.

  4. In the Privacy Related Privileges section, verify that Dynamics 365 for mobile is set to Organization. If not, select Dynamics 365 for mobile.

  5. Select Save and Close to save the changes to the security role.

  6. Send an email to mobile-enabled users to let them know they can download the mobile app from the app store. Include the organization URL and sign-in information in the email.

This applies to new installations of Microsoft Dataverse or Dynamics 365 Customer Engagement (on-premises). You can add or remove this privilege from custom or default security roles to meet your business needs. Users who do not have this privilege will see and see an empty app list or the following error: Contact your administrator for access your organization’s mobile apps

Note

Both Microsoft Dataverse and Dynamics 365 Customer Engagement (on-premises) include the ability to audit user access. Audit events are logged if a user accesses your Dynamics 365 apps organization through the Dynamics 365 mobile app. However, there isn't a new event type that indicates the access was through the mobile app. The audit sign-in events would appear as User Access via Web.

Required privileges for custom security roles

In addition, particularly if you have created a custom security role, validate that these entities have Read permission.

  1. Go to Settings > Security.

  2. Select Security Roles.

  3. Choose a security role > Customization tab. Verify that the Read permission is set for the following entities:

    • System Application Metadata

    • System Form

    • User Application Metadata

    • View

    • Model-driven App

  4. Choose a security role > Business Management tab. Verify that the Read permission is set for the following entity:

    • User Settings
  5. Select Save and Close to save the changes to the security role.

Note

To see a model-driven app in the list of apps on your mobile app, you need to have a predefined security role in the environment that the app is in. If a predefined security role is assigned to a user using a Dataverse team, you need to use an Azure Active Directory (AAD) group team. Users won't see model-driven apps if a predefined security role is assigned using a Dataverse owner team.

Required services

This list identifies all services to which Power Apps mobile talks and their usages. Your network must not block these services.

Domain(s) Protocols Uses
management.azure.com https Between versions 4.3.19022.10 and 4.3.19081.22 (Android) or 13.19022.10 and 13.19081.22 (iOS), used to fetch the list of apps to populate the app list.
Starting with version 13.19033.0 (for mobile app for Windows), used for email sign-in and the app list.
api.businessappdiscovery.microsoft.com https Between versions 4.3.19091.0 and 4.3.20081.1 (Android) or 13.19091.0 and 13.20081.1 (iOS), used to fetch the list of apps to populate the app list.
api.powerapps.com https Starting with version 4.3.20081.2 (Android) and 13.20081.2 (iOS), used to fetch the list of apps to populate the app list.
api.powerplatform.com https Starting with version 4.3.22113.19 (Android) and 13.22113.19 (iOS), used to fetch the list of apps to populate the app list.

login.microsoft.com

login.windows.net

login.microsoftonline.com

secure.aadcdn.microsoftonline-p.com
https Azure Active Directory - used for authentication (in all versions).

This list identifies all resources used by Dynamics 365 for phones and tablets. Your configuration (for example, Azure Active Directory or Intune) must not block these resources.

Resources(s) Uses
service.powerapps.com Starting with version 13.19091.20, used for email sign-in and the app list.
api.powerplatform.com Starting with version 4.3.22113.19 (Android) and 13.22113.19 (iOS), used for email sign-in and the app list.

Security privileges

Both Microsoft Dataverse and Dynamics 365 Customer Engagement (on-premises) use a security privilege, Dynamics 365 apps for mobile, to provide access to Dynamics 365 for phones and Dynamics 365 for tablets. This privilege is pre-configured for Sales roles, but not other security roles, so you might want to add to other roles for your teams. For more information on how to share apps in Microsoft Dataverse, see Share a model-driven app using Power Apps.

Configure customer engagement apps in Dynamics 365

You must configure apps that will be available for Dynamics 365 for phones and tablets mobile app.

Charts

All the charts you can create in the Chart Designer, such as Bar, Line, Pie, and Funnel charts, are viewable in Dynamics 365 for phones and Dynamics 365 for tablets.

Some more things to note:

  • Open a chart from the Sales Dashboard to get a page with a chart and the records used to generate the chart.

  • Choose the chart sections to see the records filtered for that part of the chart.

  • Charts aren't available offline in the Dynamics 365 mobile app.

  • You can add charts to dashboards and chart pages only.

Dashboards

The mobile app has multiple dashboards are available for users. After you set up standard or custom dashboards for mobile access, users can easily modify which dashboards appear and how they appear on their phones or tablets.

  1. Go to Settings > Customizations.

  2. Select Customize the System.

  3. Under Components, select Dashboards.

  4. Double-click or press and hold the dashboard you want to enable for phone or tablet access.

  5. Select Properties > Enable for mobile > OK.

    Enable for mobile ..

  6. Select Save.

    Show your users how to set and view the enabled dashboards on their phones or tablets. More information: User Guide for Dynamics 365 for phones and tablets

You can assign security roles to a dashboard, so the dashboard appears only to users with certain security roles. For example, to set who has access to the Sales Dashboard.

  1. Select Settings > Customizations > Customize the System > Components > Dashboards.
  2. Select the Sales Dashboard, and then select Enable Security Roles.

Forms

Forms in the Dynamics 365 mobile app are based on the development principle of Design once and deploy across clients.

Sales form in Dynamics 365 apps.

Forms in the Dynamics 365 mobile app use the Main form type. The main form is used by all model-driven apps. This form provides a consistent user experience whether someone is using a web browser or the Dynamics 365 mobile app.

To further simplify forms, you can hide components from appearing in the phone app. You can hide tabs, sections, subgrids, fields, and charts. For example, to hide the Details tab in the Contact form.

  1. Select Settings > Customizations > Customize the System > Components.

  2. Expand Entities > expand the Contact entity > Forms and then select the Contact form.

    Mobile contact form.

  3. Select Change Properties.

    Mobile contact form change properties.

  4. Clear the Available on phone check box to hide the Detail tab from appearing on the Contact form for phone users.

    Available on phone.

Enable entities for the mobile app

You can enable a limited set of entities for the mobile app. To see if an entity is enabled or to enable an entity.

  1. Go to Settings > Customizations > Customize the System.

  2. Expand Entities in the left pane.

  3. Select the entity you want to enable for mobile app (for example, Account).

  4. Under Outlook & Mobile, select Enable for Unified Client.

    Note

    The Enable for Phone Express option refers to a deprecated mobile app and doesn't apply anymore.

    Enable mobile entities..

Things to note:

  • All custom entities can be enabled for Dynamics 365 for phones and Dynamics 365 for tablets.

  • You can use the Lookup for entities that aren't enabled for Dynamics 365 for phones and Dynamics 365 for tablets from a record that is enabled and see the data. However, you won’t be able to edit the entity.

    Entities that are visible and read/write in the mobile app

Entity Name Visibility Property Read-only Property
Account Modifiable Modifiable
Activity Not modifiable Not modifiable
Appointment Modifiable Modifiable
Case Modifiable Modifiable
Competitor Modifiable Modifiable
Connection Not modifiable Modifiable
Contact Modifiable Modifiable
Invoice Modifiable Modifiable
Lead Modifiable Modifiable
Note Not modifiable Not modifiable
Opportunity Modifiable Modifiable
Order Modifiable Modifiable
Phone Call Modifiable Modifiable
Quote Modifiable Modifiable
Social Activity Modifiable Modifiable
Social Profile Modifiable Modifiable
Task Modifiable Modifiable

Entities that are visible and read-only in the mobile app

Entity Name Visibility Property Read-only Property
Attachment Not modifiable Not modifiable
Email Modifiable Not modifiable
Entitlement Not modifiable Not modifiable
Knowledge Article Modifiable Not modifiable
Price List Not modifiable Not modifiable
Product Modifiable Not modifiable
Queue Modifiable Not modifiable
Sharepoint Document Not modifiable Not modifiable
SLA KPI Instance Not modifiable Modifiable
Team Not modifiable Not modifiable
User Not modifiable Not modifiable
Web Resource Not modifiable Not modifiable

Authentication

Dynamics 365 for phones and Dynamics 365 for tablets authenticate users with browser-based authentication, which means no credentials are stored on the phone.

Best practices for securing app data on the mobile app

Consider the following when planning security for Dynamics 365 for tablets:

  • Data transmission. Dynamics 365 for tablets requires an Internet-facing deployment (IFD), so when your organization’s mobile devices synchronize Dynamics 365 apps data with your Microsoft Dataverse environment or Dynamics 365 Customer Engagement (on-premises) organization, the data is encrypted with Transport Layer Security (TLS) or Secure Sockets Layer (SSL).

  • Cached data. Dynamics 365 for phones and Dynamics 365 for tablets only cache records and lists that you’ve recently accessed in the app. To clear cached data, users can either sign out or reconfigure.

  • Encrypting cached data. By default, data aren't encrypted but can be encrypted through several mechanisms:

    • You can use Intune's MDM capabilities to enforce device-wide encryption.
    • The mobile application also implements and enforces Intune's application policies. This allows you to encrypt data at the application level.
    • You can use BitLocker to encrypt the entire hard drive on a Windows 8 or later device.

Other features

Save

Records are saved in Dynamics 365 for tablets based on how you configured AutoSave in your organization settings.

  1. To view your save settings, select Settings > Administration > System Settings.
  2. On the General tab and view the settings under Select the default save option for forms.

If AutoSave is:

  • Enabled for the organization, changes to forms are saved when users leave forms.

  • Disabled for the organization, users must use the command bar and select Save to save form changes.

Images

The mobile app honors the server's caching policies and won't store the content locally unless it's permitted to do so by the server.

Privacy notice

The Dynamics 365 for Customer Engagement for tablets and phones, and Project Finder for Project Finder for Dynamics 365 (the "App") enables users to access their Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement instance from their tablet and phone device. In order to provide this service, the App processes and stores information, such as user's credentials and the data the user processes in Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement. The App is provided for use only by end users of Microsoft customers who are authorized users of Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement. The App processes user's information on behalf of the applicable Microsoft customer, and Microsoft may disclose information processed by the App at the direction of the organization that provides users access to Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement. Microsoft does not use information users process via the App for any other purpose.

If users use the App to connect to Microsoft Dynamics CRM (online) or Dynamics 365 for Customer Engagement, by installing the App, users consent to transmission of their organization's assigned ID and assigned end user ID, and device ID to Microsoft for purposes of enabling connections across multiple devices, or improving Microsoft Dynamics CRM (online), Dynamics 365 for Customer Engagement or the App.

Location data. If users request and enable location-based services or features in the App, the App may collect and use precise data about their location. Precise location data can be Global Position System (GPS) data, as well as data identifying nearby cell towers and Wi-Fi hotspots. The App may send location data to Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement. The App may send the location data to Bing Maps and other third party mapping services, such as Google Maps and Apple Maps, a user designated in the user's phone to process the user's location data within the App. Users may disable location-based services or features or disable the App's access to user's location by turning off the location service or turning off the App's access to the location service. Users' use of Bing Maps is governed by the Bing Maps End User Terms of Use available at https://go.microsoft.com/?linkid=9710837 and the Bing Maps Privacy Statement available at https://go.microsoft.com/fwlink/?LinkID=248686. Users' use of third party mapping services, and any information users provide to them, is governed by their service specific end user terms and privacy statements. Users should carefully review these other end user terms and privacy statements.

The App may include links to other Microsoft services and third party services whose privacy and security practices may differ from those of Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement.  IF USERS SUBMIT DATA TO OTHER MICROSOFT SERVICES OR THIRD PARTY SERVICES, SUCH DATA IS GOVERNED BY THEIR RESPECTIVE PRIVACY STATEMENTS. For the avoidance of doubt, data shared outside of Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement is not covered by users' Microsoft Dynamics CRM or Dynamics 365 for Customer Engagement agreement(s) or the applicable Microsoft Dynamics Trust Center. Microsoft encourages users to review these other privacy statements.

Licensed Dynamics 365/Common Data Service users with specific Security Roles (CEO – Business Manager, Sales Manager, Salesperson, System Administrator, System Customizer, and Vice President of Sales) are automatically authorized to access the service by using Dynamics 365 for tablets, as well as other clients.

An administrator has full control (at the user security role or entity level) over the ability to access and the level of authorized access associated with the tablet client. Users can then access Dynamics 365 or Common Data Service by using Dynamics 365 for tablets, and Customer Data will be cached on the device running the specific client.

Based on the specific settings at the user security and entity levels, the types of Customer Data that can be exported from Dynamics 365 or Common Data Service and cached on an end user’s device include record data, record metadata, entity data, entity metadata, and business logic.

See Also

Secure and manage Dynamics 365 for phones and tablets
What's supported
Troubleshooting
Install Dynamics 365 for tablets and phones
Dynamics 365 for phones and tablets User's Guide