cancel
Showing results for 
Search instead for 
Did you mean: 

Ability to disable and delete application users

Author Name: Alan Mervitz

Application Users, which are used for server to server authentication in Dynamics 365 online, have been designed without foresight into the full lifetime of how they will be used.

As it stands, the only way of preventing access yourself is to delete the app registration within Azure AD. This is insufficient because the CRM system administrator may not have access to Azure AD. Even if the app registration gets deleted, you are then left with an enabled application user that doesn't actually work.

For anyone facing this scenario, support will disable the application user if you open a support request, but they won't delete them.

Status: New
Comments
Level: Powered On
Status changed to: New
 
Level: Powered On

Here is another deficiency of application users: once the app registration in Azure AD has been deleted, you will not be able to edit the CRM user anymore and will get an error if trying to do so. For example, if you try to remove a role that has been assigned to the CRM user, you will get the error "The user ID associated with the current record is not valid. If you contact support, please provide the technical details."

Level: Powered On

Agreed. Serious oversight