Exercise - Set up Microsoft Teams and Dataverse security

Completed

In this exercise, you'll set up Microsoft Dataverse security. In this exercise, you'll assume the role of Reed Smith, the System Administrator, and perform the following tasks:

Task: Create territories

You can use territories to group stores or business units in the same organizational hierarchy. In this task, you set up the territories for the Contoso Retail and Fabrikam Retail stores.

  1. Go to Microsoft Power Apps (we recommend that you use an Incognito or InPrivate browsing session). Ensure that you're in the correct environment.

  2. On the left navigation pane, select Apps. Select the play button that appears near Store operations.

    Screenshot of running Store operations.

  3. In Store operations, select App setup from the area list in the bottom left corner.

    Screenshot of selecting App setup.

  4. On the left navigation pane, select Territories.

    Screenshot of the navigation pane with Territories selected.

  5. Select New on the upper command bar to create a new territory.

    Screenshot of the New button on the All Territories page.

  6. Enter Redmond in the Territory Name field and then select Save.

    Screenshot of Redmond entered as the territory name.

  7. Repeat the previous steps to create the San Francisco and New York territories.

    Screenshot of the list of All Territories.

Task: Create business units

A business unit represents the hierarchy of a retail organization, from the headquarters down to the stores, such as Headquarters > District > Store > Department. With the Store operations solution, you can create any level of hierarchy that reflects your organizational structure.

Screenshot of the Contoso organizational hierarchy.

In this task, you create and import business units for various stores and regions and then assign them to appropriate territories and store managers. The business units data from the CSV file illustrates the organizational structure depicted in the organizational hierarchy.

Typically, regional managers are assigned to the respective regional business units, such as Redmond, New York, and San Francisco, so that they can access the data from the stores within their purview. The store managers, customer assistants, and store associates have access to the respective stores so that they can access the data only from their stores.

  1. On the left navigation pane, select Business units.

    Screenshot of the navigation pane with Business units highlighted.

  2. Copy the default business unit value displayed on the screen.

  3. Open the sample Business Unit.csv file. Download and extract the sample data from the Business unit zip file.

  4. Change the Parent Business value of the highlighted cells in that column to the default business unit value in your environment. This value displays when you open the business units on the left navigation pane. Similarly, change the Manager value in the highlighted cells in that column with the MCR IAD Manager value that you're using.

    Screenshot of the file open in Microsoft Excel.

  5. On the left navigation pane, select Business units.

  6. Select Edit columns > Add columns.

  7. Select Territory > Manager.

    Screenshot of selecting the territory.

  8. Select Close on the Add columns screen and then select Apply on the Edit columns screen.

  9. Select Export to Excel.

    Screenshot of the ellipsis button selected to reveal the Export to Excel option.

  10. Open the downloaded Microsoft Excel file, copy all rows from the sample Business Unit.csv file into the new Excel sheet, and then save the Excel file.

  11. On the Business units form, select the ellipsis (...) menu on the upper command bar and then select Import from Excel.

    Screenshot of the ellipsis button selected to reveal the Import from Excel option.

  12. Upload the Excel file from the local directory and then select Next.

    Screenshot of Import from Excel with the File Upload option selected.

  13. The Allow Duplicates option is set to No by default. Don't change this option.

  14. Select Finish Import in the lower-right corner of the screen.

  15. To track the progress of the import, go to Power Apps (we recommend that you use an Incognito or InPrivate browsing session).

  16. Sign in with Reed Smith's credentials.

    Note

    For instructor-led training, use the credentials that your instructor has provided; for self-paced learning, use the credentials that have been generated in the Training Environment preparation module.

  17. Select the correct environment from the Environment dropdown menu in the upper-right corner.

  18. Select the Settings gear icon and then select Advanced Settings in the upper-right corner of the ribbon.

  19. Select Settings > Data Management.

    Screenshot of the pop-up screen showing Data Management selected.

  20. Select Imports.

  21. If all records are successfully processed, then the Status Reason indicates Completed and the value in the Successes field is equal to Total Processed.

    Screenshot of the My Imports screen showing the number of successes and the status.

Task: Change the default business unit

In this task, you change the default business unit to Contoso Store 101.

  1. Go to Power Platform admin center.

  2. On the left pane, select Environments.

  3. Select your environment and then select Settings on the command bar.

  4. Select Users + permissions > Users.

    Screenshot of the navigation path to users.

  5. To change the default business unit for the store manager and store associate user ID to Contoso Store 101, search for Monica on the search bar and then select Change business unit. Select Contoso Store 101 from the business units list.

    Note

    If you're in an instructor-led training, use the store manager user ID that your instructor has provided. If you're in self-paced learning, use the store manager user ID that's created in the training environment section.

    If you don't find Monica in the users list, sign in with Monica's credentials into Store operations so that Monica's record is auto created in the Users table in the environment.

    Screenshot of the Users page with focus on the Change business unit button and the search for Monica.

  6. Similarly for the store associate’s user name, search by entering the user name in the search bar and then select Change business unit. Select Contoso Store 101 from the business units list.

    Screenshot of the Users page with focus on the Change business unit button and the search for the user name.

  7. Go to Store operations, select Business units in the left navigation pane, and then select Contoso Store 101. Update the value in the Manager field to Monica Rodriguez.

    Screenshot of the Business Unit dialog showing the Manager field filled in.

You successfully changed the default business units for store manager and store associate in Contoso Store 101.

Task: Create teams in Microsoft Teams

In this task, you create three Microsoft Teams: Contoso Store 101 Managers, Contoso Store 101 Associates, and Contoso Retail Managers. Ideally, a system administrator sets up the team hierarchy before creating the teams in Microsoft Teams. However, in this task, you have to manually create the Microsoft Teams.

Note

If you're in instructor-led training, set your user number as a prefix in the team name to make it unique.

  1. Go to Microsoft Teams in an InPrivate or Incognito browser session.

    Note

    If you're in instructor-led training, use the provided credentials for the store manager to sign in to Microsoft Teams.

  2. Select the + sign near the Teams and then select Create team.

    Screenshot of options Join or create a team with focus on the Create team menu.

  3. Select From scratch.

    Screenshot of Create a team showing the From scratch and From a group or team options.

  4. Select Public.

    Screenshot of What kind of team will this be with options for Private and Public.

  5. Enter Contoso Store 101 Managers as the Team name and then select Create.

    Note

    If you're in instructor-led training, set your user number as a prefix (for example: 001) in the team name to make it unique.

    Screenshot of the Some quick details about your public team page with the team name filled in.

  6. Search for store manager Monica Rodriguez and then select Add.

    Screenshot of Add members to Contoso Store 101 Managers with Monica added.

  7. Repeat these steps to create the Contoso Store 101 Associates team and add Frontline worker user as a member in the team.

    Note

    If you're in instructor-led training, set your user number as a prefix (for example: 001) in the team name to make it unique and then add the user account of the front-line worker that your instructor has provided for you.

  8. Repeat these steps to create the Contoso Retail Managers team and add Retail data manager as a member in the team.

In this task, you create three Microsoft Power Platform teams directly from Microsoft Teams to manage access rights for licensed Microsoft Dataverse users.

  • Assign the Contoso Store 101 Managers user group to Retail Store Manager.
  • Assign the Contoso Store 101 Associates user group to Retail Customer Assistant and Retail Operations Associate.
  • Assign the Contoso Retail Managers user group to Retail Data Manager.
  1. Go to Power Platform admin center in an InPrivate or Incognito browser session.

    Note

    If you're in instructor-led training, use the store manager user account.

  2. On the left pane, select Environments.

    Screenshot of the navigation pane showing Environments.

  3. Select your environment.

  4. Select Settings on the command bar.

    Screenshot of the command bar with focus on the Settings command.

  5. Select Users + permissions > Teams.

    Screenshot of Users and permissions expanded with focus on Teams.

  6. Select Create Team.

  7. Enter the following details and then select Next.

    • Team name - XXX-Contoso Store 101 Manager

      Note

      If you're in instructor-led training, set your user number as a prefix for the team name to make it unique. Replace XXX in the team name with your user number.

    • Business unit - Select Contoso Store 101 from the dropdown menu

    • Administrator - Select your admin user ID from the dropdown menu

    • Team type - Microsoft Entra ID Office Group

    • Group name - XXX-Contoso Store 101 Managers (enter the Microsoft Teams name that you previously created; it should appear in the dropdown menu)

      Note

      If you're in instructor-led training, set your user number as a prefix in the team name to make it unique. Replace XXX in the group name with your user number.

    • Membership type - Members and guests; select this option so that all members and guests within the selected Microsoft team get access to Store operations

    Screenshot of the New team form with all values filled in.

  8. In the role assignment, select the Retail Store Manager, Retail Data Manager, and Retail District Ops Manager roles and then select Save.

    Screenshot of the selected roles.

  9. Repeat steps 6 and 7 to create a Microsoft Power Platform team for Contoso Store 101 Associates.

  10. In role assignment, select the Retail Customer Assistant and Retail Operations Associate roles and then select Save in the last step.

  11. Sign in and then sign out of the Store operations environment (environment prefix.crm.dynamics.com) by using the MCR IAD FLW and Monica Rodriguez user accounts. This step ensures that you can create users automatically in the Users entity.

  12. Repeat steps 6 and 7 to create a Microsoft Power Platform team for Contoso Retail Managers. For business unit, select your organization. Keep the rest of the information as the teams that you created earlier.

  13. In role assignment, select the Retail Data Manager role and then select Save in the last step.

  14. Sign in and then sign out of the Store operations environment (environment prefix.crm.dynamics.com) by using the MCR IAD Manager account.

Task: Assign security roles to all Microsoft Dataverse teams

When the system automatically creates business units, a corresponding Dataverse team of the Owner team type is also created. The Plan publish process validates whether at least one security role is assigned to all teams in the environment.

In this task, you assign the Retail Operations Associate security role to the automatically created Dataverse team.

  1. Go to Power Platform admin center in an InPrivate or Incognito browser session.

  2. On the left pane, select Environments.

  3. Select your environment and then select Settings on the command bar.

  4. Select Users + Permissions > Teams.

    Screenshot of the Users and permissions and Teams options selected.

  5. Select Contoso Store 101 and then select Manage security roles.

    Screenshot of selecting security roles for Contoso.

  6. Select the Retail Operations Associate security role and then select Save.

  7. Repeat the previous steps to update the security roles on the remaining store teams as listed for type Owner.

    • Contoso Store 102
    • Contoso Store 103
    • Contoso Store 104
    • Contoso Store 105
    • Contoso Store 106
    • Fabrikam Store 401
    • Fabrikam Store 402
    • Fabrikam Store 403
    • Fabrikam Store 404
    • Fabrikam Store 405
    • Fabrikam Store 406

Task: Create and assign an app setup policy

To create an app setup policy to provide Store operations in Microsoft Teams to the retail data managers, follow these steps:

  1. Go to Microsoft Power Apps (we recommend that you use an Incognito or InPrivate browsing session). Ensure that you're in the correct environment.

  2. On the left navigation pane, select Apps.

  3. Select Store operations. Select More Commands (...), and then select Share > Add to Teams from the dropdown menu.

    Screenshot of sharing a new app to Teams.

  4. The Add to Teams panel opens on the right side of the screen. Select Download app.

    Screenshot of downloading the Store operations zip file.

  5. The Store operations.zip file is downloaded. Note the path of the file because you need it later in this exercise.

  6. Sign in to Microsoft Teams admin center in a new tab page in the same InPrivate or Incognito browser.

  7. Expand Teams apps in the left navigation pane, select Manage apps, and then select Actions > Upload new app from the top right corner.

    Screenshot of uploading the Store operations zip file.

  8. On the pop-up window, select Upload.

    Screenshot of the popup window confirming upload of the Store operations zip file.

  9. Select the Store operations.zip file that you downloaded in a previous step. After it's uploaded, you'll get a notification that the new app is added. Close that pop up.

  10. Expand Teams apps in the left navigation pane, select Setup policies, and then select Add.

    Screenshot of adding app setup policies.

  11. Enter ContosoDataManagers as the policy name. Under Installed apps, select Add apps.

    Screenshot of assigning apps to app setup policies.

  12. In the right pane, search for Store operations from the dropdown menu, and select Add.

    Screenshot of adding Store operations app setup policies.

  13. Select Add again and then select Save. You're redirected to the App setup policies page in the Teams admin center. The policy that you created should display on this page under the Manage policies tab.

  14. Select the Group policy assignment tab and select Add.

    Screenshot of adding policy assignment to group.

  15. The Assign policy to a group panel opens on the right side of the screen. In the Select a group field, search for the Contoso Retail Managers group, and select Add.

    Screenshot of selecting group to apply policy.

  16. Under Select a policy field, select the ContosoDataManagers policy. Then select Apply.

    Screenshot of applying policy to group.

  17. Select Confirm.

    Screenshot of confirming policy assignment.

Your policy is now assigned for all the retail data managers at Contoso. Hence, they can access Store operations from their Microsoft Teams.