cancel
Showing results for 
Search instead for 
Did you mean: 

Remove restricted admin access from DEV Boxes

Author Name: umer draz

With the update 12, Microsoft have restricted the DEV instance access as admin. There is a lot more than just configuration and installation that needs to be done as part of Dev.

I would strongly recomend that microsoft provide admin access with the dev boxes 

Status: New
Comments
D365Ideas_Admin
Regular Visitor
Status changed to: New
 
D365Ideas_Admin
Regular Visitor

I agree. It is painful this way.
I understand it is maybe for security but flexibility is very important.
This update is not a good idea in my personal opinion.


D365Ideas_Admin
Regular Visitor

This restriction is to comply with security requirements on MS managed VMs.

Admin access to dev boxes is still available when you deploy dev VMs in your own Azure subscription or when you deploy a local development VM (Dev VHD)

 

D365Ideas_Admin
Regular Visitor

It means (in my opinion) that no serious development work should be done in MS-hosted environments; admin permissions are needed for quite a few things we commonly use.

Another discussion is whether it's a problem. I think it makes sense if we manage DEV boxes by ourselves, on the other hand, customers often expect that they don't have to manage these things because "they'll get DEV environments from MS". It's questionable if it's fair still calling them DEV boxes; maybe they should be distinguished from environments where people can do proper development with all permissions and tools they need.

D365Ideas_Admin
Regular Visitor

For this to become a reality, the Partners/Customers have to accept that the full responsibility for the DEV boxes as PAAS. There are still tools that are missing, and is currently time consuming, painful and aggravating to do without local admin.

For a FAQ on some of the restrictions, you can go here: https://community.dynamics.com/ax/b/newdynamicsax/archive/2018/01/05/restricted-admin-access-on-deve...

D365Ideas_Admin
Regular Visitor

This prevents us from using Bacpac in Tier 1 instances and greatly diminishes the utility of the Add-On sandboxes.  This will adversely impact many customers who have already purchased Add-On sandboxes and potentially delay upgrades to PU12.  I understand the security concern, but encouraging partners to "go do these tasks" somewhere else" seems immature. 

D365Ideas_Admin
Regular Visitor

This makes it impossible to run the Data Upgrade in a Tier 1 environment:

https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/migration-upgrade/upgrade-...

The process in the above link cannot be completed without admin. Not cool.