Connect your Microsoft Azure Function to Dynamics 365 using Server to Server authentication within a Single Tenant

If you are using Microsoft Azure Functions in your Dynamics 365 and Power Platform projects (and you should be), then you should never use a simple username and password authentication to your Dynamics 365. The same applies if you have a web application, website, or any other external solution accessing your common data services (CDS).

You should instead consider using single-tenant server-to-server authentication. This is different from a multi-tenant situation where your web application where the application resides on a different tenant to where your CDS is.

For Single-tenant server to server (S2S) authentication, the process is a bit lengthy but pretty straight forward. Here is a link to the official documentation on how to do this:

You might also want to explore how you can connect your Azure functions using Azure key vault via this article:


My Microsoft Ignite 2019 Session in Orlando: Microsoft Azure DevOps for Power Platform ISVs

I have recently travelled to Microsoft Ignite event at Orlando, Florida where I presented a number of sessions. Below is my first session titled:

Microsoft Azure DevOps for Power Platform ISVs: How to automate ISV solution deployments and release regular upgrades and patches to all customers concurrently.

The widely anticipated Azure DevOps Power Apps build tools are here. If you are a Microsoft ISV partner, the ability to automate the deployment of regular updates and patches to all your customers concurrently must sound like a dream! Now this dream is becoming a reality for Microsoft ISVs with Power Apps Build Tools for Azure DevOps.

Below is the video (audio with slides) of my whole session.

You can also watch the content on Microsoft Ignite 2019 website:




Using Microsoft Azure Functions instead of Dynamics 365 Plugins, Custom Actions and Custom Workflow Activities

Microsoft Azure has a multitude of Services that are offering a significant number of features and capabilities that can help you extend your Microsoft Dynamics 365 Solution, built on the Power Platform, in many ways.

If I were to follow each and every one of these, it would easily take me hundreds of pages/posts. However, there is one service that if you are not currently already using, then you are genuinely missing out. This is: Microsoft Azure Functions.

Azure Functions is an event driven, compute-on-demand serverless functions that extends existing Azure application platform with capabilities to implement code triggered by events occurring in Azure, Dynamics 365, Power Platform, Power App or any third party service as well as on-premises systems.

There are many things to cover on Azure Functions alone, but the main point I want to cover in this blog post, is how Azure Functions are now literally replacing Power Platform / Dynamics 365 plugins, custom workflow activities and custom actions. This is not an official Microsoft guidance, this is more of a personal conclusion.

If you are a seasoned Dynamics 365 CRM developer, you will remember how we used to build console apps and windows services to do a variety of things for us inside Dynamics 365 (or Dynamics CRM as we called it) but in a complete isolation outside of Dynamics 365 Platform.

Remember all these console apps that would update or insert data inside Dynamics 365? Remember the windows services that would run every 5 minutes to pull data out of Dynamics CRM or insert/Update data in Dynamics CRM? In the old on-premise world, these were prominent ways of running apps or code components in isolation from Dynamics 365 for very good reasons. Nowadays, in the Dynamics 365 world, these can (and should) be done as Microsoft Azure Functions.

Azure functions can act as a webhook, be triggered by an event or setup to run at certain times/dates or ever set intervals. Azure Functions can dip into your Dynamics 365 instance securely, and do all the CRUD (Create, Read, Update, Delete) actions you want it to do. Azure Functions can connect and integrate your Dynamics 365 solution with any other solution including on-premise solutions. Azure functions have no depth like plugins do and are do not have maximum 2 minutes execute time like plugins. There are many more points of comparisons, advantages and differences but I’ll leave that to future posts.

Hence, if you are not using Microsoft Azure Functions in your Dynamics 365 Solutions today, then you should start now. There is a whole world for you out there that you haven’t explored yet.


Webhooks to Dynamics 365 Serverless Integration using Azure Functions

Recently I needed to create an integration between a cloud platform and Dynamics 365 Customer Engagement Cloud. This Cloud Application (Unbounce) allows you to register Webhooks which you can use to send data across from that platform to any other web application.

Please note that this article already assumes that the reader understands the basics of Webhooks and Azure Functions.

Webhooks sends data when a server event occurs typically to a web application. They are lightweight HTTP pattern with a publish/subscribe model which sends POST requests with JSON payload. This means Webhook POST requests can be consumed by any programming language or web application anywhere.

So when our 3rd party Cloud application (for example Unbounce) sends out the webhook POST message, how can Dynamics 365 receive this POST message? The answer is: Azure Functions.

It’s not the first time that Microsoft Azure Serverless Inegration capabilities, namely Azure Function Apps, come to the rescue. Azure Functions are becoming more and more the default preferred option for many Dynamics 365 related integrations.

So Unbounce sends out the webhook POST message to the Azure Function which in turn sends this data to Dynamics 365. To do this, you need to create an Azure Function that is triggered by Webhook and in your function, you can write the code that sends Data to Dynamics 365. Below are 6 steps that show case the process for adding an Azure Function App triggered by a Webhook POST call. Please comment below if you require the code in the Azure funciton (It’s standard Dynamcis 365 call to create a field so nothing fancy).

1) First, create your Azure Function App:

2) Make sure that the function is triggered by Webhook + API and using C#:

3) Then once created, create a Function within your Function app

4) Following that, we need to reference Dynamics 365 CRM SDK Core Assembly package. To do this, add a file called project.json as below:

5) then input your code inside the function which will receive JSON POST message and writes it to Dynamics 365:

6) then finally, run a test on your Azure Function App to see a record created in Dynamics 365 (a Lead in our case):

Please note that in step 5 above, you will definitely need to write code to receive the JSON payload that will come in the POST request message. So in our example, if this is coming from Unbounce, we have parse the Unbounce JSON data sent in the POST message so we can then use this data to create our lead (or contact) in Dynamics 365.

Please comment below if you require this code and I’ll be happy to share it.

Note: I’m delivering this session at a number of Dynamics 365 Saturday events starting tomorrow in London (7th July 2018). Hence, I’ll be updating it regularly (and apologies for rushing the post!)

Your feedback via comments below is invaluable and will encourage me to update it and write more about this subject.

Azure Machine Learning for Dynamics 365 Products recommendations

One of the new exciting features in Dynamics 365 is the intelligent product recommendation features in Microsoft Dynamics 365 CRM.

Currently, Dynamics 365 product catalog includes some basic modeling ability to link various products for cross-sell / upsell and also accessory recommendations. This is a great feature which several businesses have found extremely useful. However, the limitation here is that these links are hare coded and require someone in your organisation to constantly maintain them and update links between various products on regular basis. At some point, these hard links will expire and will need to be removed and updated, etc. The other challenge is that it is base don assumption that customers who bought product x are also interested in product y. These will be business assumptions and not intelligently calculated linkage between various products.  Maintaining these hard links require the constant overhead and complexity of analysing recommendations ranking and imagining all possible combinations of products that can be sold together.

Now Microsoft is offering a much more advanced and intelligent solution that is quite unique amongst CRM system. Microsoft Dynamics 365 can now build the product links based on recommendations which use real-world transactions as a basis for their calculations and links that can evolve over time based on current customers buying trends and without requiring any maintenance overhead.

By connecting your Dynamics 365 Solution to Microsoft Cognitive Services (called Cognitive Services recommendations services – which is based on Microsoft Azure Machine Learning), you will have recommendation modeling techniques making recommendations without any manual intervention. Using real-world transactions or interactions to find products that are sold or viewed together, Microsoft Cognitive services will push through product recommendations into your Dynamics 365 solution.

Once you add the product recommendation feature in Dynamics 365 a capability is added to the product catalog to generate automatic recommendations. You can set up the product catalog and synchronisation to build a “machine learning based recommendation model” that makes recommendations in a ranked list at various places in Dynamics 365, such as at the account, opportunity or order level.

Please note that, Microsoft Dynamics 365 product recommendations feature supports existing line item entities (OpportunityProduct, QuoteDetail, SalesOrderDetail, and InvoiceDetail) and custom line item entities, as well as standard and custom product relationships.

Source for this information and more details can be found here:

and here is a step by step guide on how to enable Cognitive Services for Dynamics 365 product recommendation:

Hope this helps!

The world after WannaCry ransomware attack: Is the Cloud secure enough for your data?

With the most recent WannaCry ransomware attack on more than 99 countries with thousands of locked down machines globally, many organisations are asking if their data is more or less secure in the Cloud?

It’s a valid question and I personally never try to supress or trivialise clients concerns even if the concern seemed unwarranted or doesn’t have factual basis. On the contrary, I felt that my clients concern about how secure their data in the cloud is very relevant and requires addressing.

If we look at the WannaCry ransomware attack on the UK National Health Services (NHS), you will find that most computers affected where machines running old versions of Microsoft Windows, namely Windows XP and some Windows 7 ones. First question that comes to mind is why these machines were not upgraded especially that Microsoft offers significant discounts to the UK public sector organisations. But then to answer this question, we have to go into the politics of the UK government and its spending approach, which is something we won’t cover as I never talk politics on my blog.

However, the effect of the WannaCry ransomware attack, has meant that data stored on computers were lost. These could be some simple working files of no significant values but I am sure there were some computers that had information and files of considerable value and only stored on these computers. Now imagine if every one of these machines had a Microsoft OneDrive for Business account (or equivalent cloud storage) where all files stored on the computer were copied instantly to the cloud. In this case, the loss would have been probably nil. The cost of a OneDrive for Business account for a Public or Government organisation is next to nothing (~£1/month). With a copy of all your files are in the cloud, so whether it is a hack, ransomware attach or simply a hardware malfunction, you will always have your files in the cloud.

This is a simple example but explains to the regular non-Techie reader how the cloud could have helped in this case.

Another example to show the power of the cloud. For any organisation to setup an adequate backup services, disaster recovery and a complete data centre with appropriate data security and unauthorised access protections, it will cost them a lot. It will vary depending on the size of the organisation but for a medium to large organisation, the cost can easily reach the millions of pounds. Now compare that to the assurance and reliability as well as the cost reduction and savings a public cloud offering can deliver to this organisation because of the economies of scale. You will find that organisations are not only saving money, but they are “outsourcing” their data centre to a Cloud Provider, such as Microsoft’s Azure Cloud. In this case, organisations do not have to worry about penetration testing, unauthorised data access precautions or complex data centre security measures, over and above the standard security measures applied by all organisations.

So to summarise, my view is that having your organisation in the cloud will save you money and save you a headache of security your data centre from various data security threats by “outsourcing” these responsibilities to your reliable provider who is investing millions to secure their massive Cloud and applying security measures that many organisations cannot afford or would not be able to undertake.

Create an image from a .vhd disk on Microsoft Windows Azure – error VHD is already registered with image repository

This post discusses how to create an image from a VHD file of a VM you have on Windows Azure to re-use it with other VMs and also shows a resolution to the issue/error: “xxx.vhd is already registered with image repository as the resource with ID xxx” on Windows Azure management portal.

I have a nice windows azure virtual machine with its .vhd drive that I managed to get to an excellent state with all my software installed, configured and working smoothly. I wanted to make this VHD as an Image in my Windows Azure cloud account so that I can create multiple virtual machines (VM) based on the same VHD disk. Here is what I did:

First, I did a sysprep on this nice VM as follows: On the Virtual Machine, Open command prompt as an administrator and navigate to your C:\Windows\System32\Sysprep folder. Then run the Sysprep.exe file. Make sure the generalise option is ticked and select “quit” instead of “shut down” in the actions after sysprep (There is a known issue that happens sometimes when you select shutdown).

Once this is done, I have shut down my VM, went to my Windows Azure management / Control Panel ( and selected the VM and then deleted it. Make sure you select the option to delete VM and retain / keep the VHD hard disk files attached to this VM. This will only delete the Virtual Machine but will keep the VHD virtual disks for you.

Following that, if you go and try to create an image for ths VHD file, you will probably get the error: “xxx.vhd is already registered with image repository as the resource with ID xxx” from Windows Azure. This issue will mostly because the VHD file is still allocated to the disk that was created for the VM (which is now deleted). You will now need to go to Virtual Machines under your Windows Azure Control Panel, click on “disks” tab (you should have Virtual Machines, Images and Disks tabs there). Click on the disk that is allocated to the VHD file and delete it. Make sure you choose to keep and retain the VHD file. This VHD file is still kept in your storage section on Windows Azure.

Now that the disk and the VM are both deleted, you can go to Images tab under Virtual machines and select create image, point to the VHD file and create your image. Make sure you select the tick box: yes I have sysprep my VHD.

You now have an image that you can use to create as many Virtual machines as you want based on it. You just need to go to the Virtual Machines tab and click on create virtual machine and select your VHD from the Gallery.

There are other issues where the disk and the VM are deleted and you are still unable to use the VHD file. In this case, a Windows Azure explorer software may be needed to connect to your Windows Azure cloud account and release the VHD as it is probably still in lease (a lease on the blob) and there is no lease ID specified (because the VM and the disk are deleted). Here is an article explaining the resolution to this issue:


In addition to having the image out of the VHD on windows azure, you can also have a disk instead if you don’t have a sysprep VHD. In this case, you create a disk out of the VHD and then create a VM out of the Disk instead of out of the image. The main difference is that when you create a VM from an image, windows azure creates a copy of the VHD and associates the VM to it while if you creatte a VM from a Disk, it just uses the same VHD – which means you can only use this disk/VHD once with one VM. This is usually a good work around if you are getting the error: Virtual Machine running but provision timed out on your Virtual Machine: Running (Provision timeout).

Hope this helps!