Configure Lifecycle Services (LCS) security

Security in Microsoft Dynamics Lifecycle Services (LCS) is controlled at both the organization level and the project level. Not all members of an organization have access to all projects. Additionally, the members of a project might not all be members of the same organization.

Currently, users can sign in by using the Microsoft Azure Active Directory (Azure AD) credentials that they created in the Microsoft 365 portal when they signed up. Users who are administrators for their organization in Azure AD will be administrators in Lifecycle Services (LCS).

Project-level access to LCS is by invitation. You can invite members of your organization to be project owners and team members. Additionally, you can invite users who aren't part of your organization, and who don't have accounts in Azure AD to be team members.


We strongly recommend that you manage all users within your company at the organization level. Additionally, you help ensure that users can access the benefits that are available to your organization.

Manage LCS organization users

Only an administrator can manage users. Follow these steps.

  1. In PartnerSource Business Center (PSBC) or Azure AD, associate all the users in your organization who require access to LCS with your organization. Users might have to wait up to two business days before they can sign in to LCS.
  2. Add your users to the appropriate projects in LCS.

Invite a user to an LCS project

  1. Sign in to LCS.
  2. Select the project to add the user to.
  3. Select the Project users tile, and then, on the Project users page, select the plus sign (+).
  4. Enter the user’s email address, select the correct security role, and then select Invite.


For implementation projects, you can select the implementation role for the invited user. If you set Allow FastTrack to contact to Yes, then Microsoft FastTrack team may reach out to you based on your implementation role and the stages of the implementation project.

Configuring project security

You can invite users from inside or outside your organization to join your project as users. The following table describes the roles that are available for users.

Role Description
Project owner Members of this role have access to all tools in LCS, can add other users in any role, and can delete the project.
Environment manager Members of this role have access to all tools in LCS and can manage cloud-hosted environments.
Project team member Members of this role have access to all tools in LCS but can't manage cloud-hosted environments.
Project team member (prospect) Members of this role have limited access to all tools in an LCS project. Prospects are users who have been added to a project, but who don't have an account in VOICE or an Azure AD account. You can identify that a user is a prospect, because prospect is listed as the organization.
Operations user Members of this role have access to the following tools in LCS:
  • System diagnostics
  • Issue search
  • Cloud-powered support
  • Updates
  • Cloud-hosted environments

After you've configured security for one project, you can import the users to another project.

Configure implementation roles

If you have an implementation project, you will have the option to specify project user's implementation roles. For more information, see Roles in a Dynamics 365 implementation.