Integrating Microsoft Entra ID with Dynamics 365 to Sync, Create, and Manage Users

This post outlines how to integrate Microsoft Entra ID (formerly Azure Active Directory) with Microsoft Dynamics 365 using Power Automate. The integration allows you to retrieve a list of enabled or disabled users from Entra ID and sync them into the Contacts table in Dynamics 365. Additionally, it enables creating or deactivating Entra ID users from within your Power Platform environment.

Use Case

Organizations often need to sync their Entra ID users (active or inactive) with internal systems like Dynamics 365 for communication, licensing, HR, or access control purposes. This integration ensures user data is always up-to-date and accessible within your CRM environment. You can also create new users in Entra ID or deactivate them as part of your automated business processes.

Properties

The integration allows for sharing employees’ properties, as listed below.

Property Name	Description
id	Entra ID GUID
displayName	Full name
userPrincipalName	Login/email
mail	Primary email address
jobTitle	Job title
department	Department name
accountEnabled	Whether the user is active
createdDateTime	Date the user account was created
mobilePhone	Mobile number
officeLocation	Office location
businessPhones	List of business phone numbers
preferredLanguage	Preferred language of the user
employeeId	Custom employee ID (if populated)
companyName	Company name
assignedLicenses	List of licenses assigned

Note: Fields like lastSignInDateTime and signInActivity are available via the beta Graph API.

Limitations to Consider:

• Pagination Limit: Graph API returns a maximum of 999 users per request. If your organization has more than 999 users, you’ll need to handle pagination using the @odata.nextLink value in the response.
• Permission Scope: To create, update, or deactivate users, your registered app must have the User.ReadWrite.All application permission granted and consented by an admin.
• API Throttling: Microsoft Graph imposes throttling limits, especially when working with large organizations. It’s important to add retry policies in your HTTP steps if you’re processing a large number of users.

Step 1: Entra ID App Registration

1. Go to the Azure Portal.
2. Navigate to Microsoft Entra ID > App registrations > New registration.
3. Name the app (e.g., “Graph User Sync”), and register it.
4. Once created, go to Certificates & Secrets, and create a new client secret. Save it securely.
5. Go to API Permissions > Add a permission > Microsoft Graph > Application Permissions.
6. Add the following permissions:
   • User.Read.All
   • Directory.Read.All
   • User.ReadWrite.All (required to create/update users)
7. Click Grant admin consent.
8. Save the Client ID, Tenant ID, and Client Secret.

Step 2: Power Automate Flow Overview Create a Power Automate flow that:

1. Authenticates to Microsoft Graph API.
2. Retrieves users (enabled or disabled).
3. Parses and loops through user records.
4. Creates, updates, or deactivates users in Entra ID or Dynamics 365 Contacts.

Flow Breakdown:

Trigger: Scheduled or Manual (based on how frequently you want to sync or push updates)

Step 1: Get Access Token

• HTTP POST to:

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

• Headers:
  • Content-Type: application/x-www-form-urlencoded
• Body:

client_id=xxx&client_secret=xxx&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&grant_type=client_credentials

Step 2: Get Users from Graph API

• HTTP GET to:

https://graph.microsoft.com/v1.0/users?$filter=accountEnabled%20eq%20true&$select=id,displayName,mail,userPrincipalName,jobTitle,department,mobilePhone,officeLocation,businessPhones,preferredLanguage,employeeId,companyName&$top=999

• Headers:
  • Authorization: Bearer {access_token from previous step}

To get disabled users, use: accountEnabled eq false

Step 3: Parse JSON

Use the output from the Graph API response to extract user info.

Step 4: Loop Through Users

Use “Apply to each” loop to iterate through each user record.

Inside the Loop:

• Check if the Contact exists (using aad_user_id or email).
• If yes: Update the Contact.
• If no: Create a new Contact record in Dynamics.

You can create custom fields in the Contact table like aad_user_id, last_synced, etc.

Step 5: Create or Deactivate Users in Entra ID (Optional Advanced Steps)

• To create a new Entra ID user: Use HTTP POST to https://graph.microsoft.com/v1.0/users with a body containing the new user’s info.
• To deactivate a user: Use HTTP PATCH to the user’s Graph endpoint and set accountEnabled to false.

Note: These actions require User.ReadWrite.All permission and should be used carefully within admin-controlled environments.

Bonus: Delta Sync (Optional) Use the /users/delta endpoint to get only changed users since your last sync. Save the @odata.deltaLink for future runs.

Conclusion: This integration helps keep your Dynamics 365 Contacts in sync with Microsoft Entra ID using Microsoft Graph and Power Automate. It also allows you to programmatically create or deactivate users in Entra ID, making it a powerful and scalable solution for user lifecycle management.