Set up model-driven apps in Dynamics 365 to use SharePoint Online
When you use SharePoint Online with model-driven apps in Dynamics 365, such as Dynamics 365 Sales and Customer Service, you can:
Create, upload, view, and delete documents stored in SharePoint from within model-driven apps in Dynamics 365.
Use the SharePoint document management abilities within model-driven apps in Dynamics 365, such as checking the document in and out and changing document properties.
Enable non-model-driven apps in Dynamics 365 users, such as customers who want to review a bid, to directly access the SharePoint documents, provided they have the appropriate permissions.
This topic is for organizations who wish to deploy for the first time or upgrade to server-based SharePoint integration. After you enable server-based SharePoint integration, you can't revert to the previous client-based authentication method.
Check out the following video: Connect to SharePoint Online
To set up model-driven apps in Dynamics 365 to use SharePoint Online, complete the following steps.
Assign user permissions to the Team SharePoint site
Your model-driven apps in Dynamics 365 and Microsoft 365 users are not automatically allowed access to your SharePoint sites. You must work within the SharePoint site to assign specific permission levels to individual users or groups.
Assign users to the Team site
Browse to the Microsoft 365 admin center and sign in using Microsoft 365 Global administrator credentials.
Open the Microsoft 365 app launcher, and then select SharePoint.
On the left-side menu, select Team Site.
On the Home page, select SHARE (upper-right corner).
To view the default permissions for your team site, select lots of people.
By default, all users in your Microsoft 365 organization are able to add and edit documents on the Team SharePoint site. To invite others, choose Invite people and add people external to your organization to share documents.
For more information about SharePoint permissions, see Introduction: Control user access with permissions
Configure model-driven apps in Dynamics 365 for SharePoint document management
If you are a new organization and have not yet deployed document management, see Configure a new organization.
If your organization is already using document management with Microsoft Dynamics CRM List Component, you must switch to server-based SharePoint integration. More information: Switching from the list component or changing the deployment
Server-based SharePoint integration uses the entity display name to build the SharePoint library. When you upgrade to server-based SharePoint integration, be sure to check that the display names in your document library on SharePoint match the entity display names. More information: "Validation Error" when you try to configure server-based SharePoint integration for Microsoft Dynamics CRM Online and SharePoint Online.
These names should match.
Configure a new organization
If your organization has not deployed document management, when a System Administrator logs in an alert message will be displayed to enable server-based SharePoint integration.
If you don't see the alert and have not previously enabled server-based SharePoint integration, clear your browser cache or open model-driven apps in Dynamics 365 using Internet Explorer with InPrivate browsing to have the alert display again. Once you configure server-based integration, the alert will no longer appear.
In the Power Platform admin center, select an environment.
Select Settings > Integration > Document management settings, and then select Enable server-based SharePoint integration.
In the Enable Server-based SharePoint Integration alert select Next.
Choose Online for where your SharePoint sites are located, and then choose Next.
If your model-driven apps in Dynamics 365 are not connected to a SharePoint online site, enter the URL (for example https://contoso.sharepoint.com) of your SharePoint site that you will use for auto folder creation, and then choose Next.
To see your SharePoint site collections, in the Microsoft 365 admin center, select Admin centers > SharePoint, and then select site collections.
The URL will be checked for being a valid SharePoint online site and for existing in the same Microsoft 365 tenant as your organization. After enabling server-based SharePoint integration you can't go back to the previous client-side integration. Choose Enable.
Once server-based SharePoint integration is enabled you will need to enable the entities you want available for document management integration. More information: Enable document management on entities
Using Document Management
You are now ready to add document storage locations to the entities you enabled above and start managing documents. Begin by opening a document management-enabled record (for example, Contact).
Browse to your web application.
Choose an account, such as the Adventure Works sample account.
On the nav bar, select the down arrow next to the account name, and then select Documents.
Select Upload, and then browse to a document to upload to the new folder in your Microsoft 365SharePoint Online Team site.
Select a folder location, and then select Ok.
To see the document in your Microsoft 365SharePoint Online Team site, select to the left of the document name (you'll see a check mark), and then select Open Location.
Select Site Contents to see all the document libraries created for the managed entities you selected.
The entities you selected to be managed by Document Management appear as document libraries (for example: Account, Article, Case, Lead, Opportunity, Product, Quote, and Sales Literature).
SharePoint Online has introduced a new feature that enables a SharePoint or global administrator in Microsoft 365 to block or limit access to SharePoint and OneDrive content from unmanaged devices. For more information, see Control access from unmanaged devices.
You can set access at three levels:
- Allow full access from desktop apps, mobile apps and the web
- Allow limited, web-only access
- Block access
For "Block Access" level, only devices that satisfy the AD trust policy defined by the SharePoint or global admin can open SharePoint site and perform operations.
Impact on model-driven apps in Dynamics 365 and SharePoint Online integration
When SharePoint Online is configured for "Block Access", model-driven apps in Dynamics 365 receives a 401 UnAuthorized response from SharePoint Online for all operations triggered using server-to-server integration. This is because SharePoint Online rejects the AppAssertedUser token (the claims-based token which is used for server-to-server authentication between model-driven apps in Dynamics 365 and SharePoint Online).
As a workaround, you can set the unmanaged devices policy to "Allow full access from desktop apps, mobile apps, and the web" on SharePoint Online.
Sign in to https://admin.microsoft.com as a global or SharePoint admin. If you see a message that you don't have permission to access the page, you don't have Microsoft 365 administrator permissions in your organization.
In the left pane, select Admin centers > SharePoint.
In the SharePoint admin center, select access control in the left pane.
Under Unmanaged devices, select Allow full access from desktop apps, mobile apps, and the web.
Information transmitted between model-driven apps in Dynamics 365 and SharePoint when you use server-based SharePoint integration
When you use the document management feature in model-driven apps in Dynamics 365 by using server-based SharePoint integration, the following information is transmitted between model-driven apps in Dynamics 365 and SharePoint:
- Entity name for the entity that is used to create folders in SharePoint, such as Account, Article, or Lead. To configure the entities that are integrated, go to Settings > Document Management > Document Management Settings.