Configure Lifecycle Services (LCS) security


Dynamics 365 for Finance and Operations has evolved into purpose-built applications to help you manage specific business functions. For more information about these changes, see Dynamics 365 Licensing Guide.

Security in Microsoft Dynamics Lifecycle Services (LCS) is controlled at both the organization level and the project level. Not all members of an organization have access to all projects. Additionally, the members of a project might not all be members of the same organization.

Currently, users can sign in by using the Microsoft Azure Active Directory (Azure AD) credentials that they created in the Microsoft Office 365 portal when they signed up. Users who are administrators for their organization in Azure AD will be administrators in Lifecycle Services (LCS).

For Microsoft Dynamics AX 2012, organization-level access to LCS is controlled by the association of a person’s Microsoft ID with an organization in CustomerSource or PartnerSource. Therefore, users of CustomerSource or PartnerSource automatically have access to their organization’s workspace in LCS, and can view all projects that they have been invited to participate in. Users who are administrators for their organization in CustomerSource and PartnerSource will be administrators in LCS.

Although an administrator can invite users who don’t have CustomerSource or PartnerSource credentials to be members of an organization in LCS, we don't recommend this approach. Users who are invited to be members of an LCS organization aren't provided with credentials in CustomerSource or PartnerSource.

Project-level access to LCS is by invitation. You can invite members of your organization to be project owners and team members. Additionally, you can invite users who aren't part of your organization, and who don't have accounts in Azure AD or CustomerSource or PartnerSource, to be team members.


We strongly recommend that you manage all users within your company at the organization level. In that way, you help ensure that their relationship with your organization is correct in CustomerSource, PartnerSource, and Azure AD. Additionally, you help ensure that users can access the benefits that are available to your organization.

Manage LCS organization users

Only an administrator can manage users. Follow these steps.

  1. In CustomerSource, PartnerSource, or Azure AD, associate all the users in your organization who require access to LCS with your organization. Users might have to wait up to two business days before they can sign in to LCS.
  2. Add your users to the appropriate projects in LCS.

Invite a user to an LCS project

  1. Sign in to LCS.
  2. Select the project to add the user to.
  3. Select the Project users tile, and then, on the Project users page, select the plus sign (+).
  4. Enter the user’s email address, select the correct security role, and then select Invite.


For implementation projects, you can select the implementation role for the invited user. If you set Allow FastTrack to contact to Yes, then Microsoft FastTrack team may reach out to you based on your implementation role and the stages of the implementation project.

Working with CustomerSource and PartnerSource

The information in this section is intended to help you access CustomerSource or PartnerSource.

Signing in to CustomerSource or PartnerSource

Visit the CustomerSource sign-in page, and enter the user name and password for your Microsoft account (previously known as Windows Live ID) to access the site. If you don't have access to your organization’s CustomerSource account, follow the steps on the How to sign in to CustomerSource page.

Determining the administrator for your organization in CustomerSource or PartnerSource

If you don’t know your CustomerSource administrator, or if your organization doesn’t have a CustomerSource administrator, send an email to for assistance.

Configuring project security

You can invite users from inside or outside your organization to join your project as users. The following table describes the roles that are available for users.

Role Description
Project owner Members of this role have access to all tools in LCS, can add other users in any role, and can delete the project.
Environment manager Members of this role have access to all tools in LCS and can manage cloud-hosted environments.
Project team member Members of this role have access to all tools in LCS but can't manage cloud-hosted environments.
Project team member (prospect) Members of this role have limited access to all tools in an LCS project. Prospects are users who have been added to a project, but who don't have an account in VOICE or an Azure AD account. You can identify that a user is a prospect, because prospect is listed as his or her organization.
Operations user Members of this role have access to the following tools in LCS:
  • System diagnostics
  • Issue search
  • Cloud-powered support
  • Updates
  • Cloud-hosted environments

After you've configured security for one project, you can import the users to another project.