Dynamics 365 Team Member gets Locked


You were warned, you panicked, then realized nothing was happening immediately. So the trusty Team Member licenses kept chugging along, continuing to perform well beyond their boundaries. I wrote about this day coming back in May of 2018, and now finally, it’s just around the corner…. prepare for the panic.

Sum it up

In a nutshell, if you bought Team Member licenses after October 1st of 2018, this applies to you immediately. If you have older Team Member licenses, I’m sure you will have to replace those on an upcoming renewal. Microsoft has released, as part of early access, three new apps: Customer Service Team Member, Sales Team Member and Project Resource Hub. Microsoft first announced last week in an email to Admins that as of April 1st (yes, this upcoming April) your Team Member licensed users will only be able to access these apps, and no other apps, including any custom apps. They since updated the announcement this week, that for existing instances that would be impacted by this change, you will get a 90 day grace period. These changes mean that “some” of the restrictions will no longer be enforced just with paper, but rather technically, meaning you can’t ignore it and just keep chugging any more.

What are these Apps?

For those of you who never paid any attention to the paper limitations of the Team Member licenses, these apps are the real-life manifestation of those limits. A Team Member licensed user, can do whatever they are able to do within one of these apps, as delivered, without the fear of being out of compliance. That’s good news for those who are concerned with keeping in compliance. However, it will be a shock for those who have been using Team Member as a full access rights level license. The invisible lines will rise to 20 foot concrete walls on 04/01, or 6/30 for existing. But, the concrete is porous, because these apps are also customizable. Does that mean you could potentially customize these apps to take you right back out of bounds? At the moment, it does. But this is just the first phase of the full enforcement plan, so you would be doing so at your own risk… again.

Phase One

Microsoft started with the low-hanging fruit, because you have to start somewhere. They figured out how to technically limit the apps available by license. So your Team Member licensed users will only see these new apps…. they will no longer see the first-party, or any custom apps. Theoretically, this should help keep them “in bounds”. They also figured out how to technically limit the maximum number of entities that an app can have. Jukka recently pointed out, that since a right of Team Member is “Read” access to everything, does not the 15 entity limit for these apps obstruct that right? I think if I were Microsoft I would say the answer is “no”. You pick the 15, and they can be from anything. So they still have rights to “read” everything… just not all at once.

What Might Phase Two look Like?

For the sneaky people, this “handicapped”, but did not fully eliminate the issue… since these apps are customizable, I can still modify one of these apps to put me out of bounds. I expect the next phase, now that Microsoft has realized that “paper” is not worth the paper it’s printed on, will be to add the layer that will technically limit the privileges to match those of the license. That is going to be a much bigger undertaking. How about another idea?

Scrap it?

The Team Member license was necessary to gain market share at the time, but ended up costing Microsoft a lot of potential revenue. Of course, that was potential revenue they would have never captured anyway without the team member license…. so it’s a catch-22. Launching it with Technical enforcement from the jump would have prevented the problem, but there was no time for that then, we’re in a feature race with the rest of the world! However, since the time Team Member was launched, we have some new options today, namely Power Apps.

Team Member vs. Power Apps

I have several customers asking me about switching to Power Apps instead of Team Member, particularly the $10 App Passes, since the cost is similar. This is a thought, but it is certainly not a direct swap, there are several caveats. Whereas the Team member Apps will have a limit of 15 entities, a Power App has no such limit. However a Power Apps cannot use “Restricted” entities without triggering a full price license, and Team member does not have a concept of “Restricted entities”. You can freely “create” new Account records in a Power App, but that is not allowed with the Team member license. These are a few of the differences to understand, and there are more. What they have in common, is that they can both access the same CDS via an app, their “rights” differ, but it is definitely an option worth exploring.

Who cares about any of this?

I have been pretty consistent in my lack of empathy for the knowing violators, I hate cheaters. However, I am concerned about the unknowing violators, those who were oblivious to Microsoft’s invisible lines. I foresee many of these customers not even getting this messaging now, making no preparations at all, and on June 30th they smash into the 20 foot wall. WTF?

ISVs?

I am aware of a few ISVs who have also taken advantage of the Team Member licenses. I have been an advocate for ISVs to think about building their solutions on the least expensive license that is “necessary”. Some have instead built on the least expensive license that is “available”.  After 04/01 or 06/30, Team Members will not even be able to access these ISV apps. I actually see a couple of them collapsing as a result. Do I have empathy for them? Nope, they knew what they were doing… but again, their customers didn’t.

A Culling

A hand-full of ISVs and some customers will be lost as a result of this motion. The economics of compliance will outweigh their current benefits of the platform. Many of these people will be looking at a roughly 8X license cost increase to continue doing what they have been doing. Without taking advantage of much more of the platform’s capabilities, they will probably migrate away. That will be a rude awakening. When they have been using enterprise capabilities, for less than $10 a month, their low-cost alternatives are going to look pretty weak. But the “free-ride” is coming to an end, ready or not.

Steve Mordue MVP

Steve Mordue, a Microsoft Business Applications MVP, is the CEO of Forceworks, a 2014 Microsoft Partner of the Year. Steve started his business applications consulting career in 2001, originally supporting Salesforce.com as a Certified Consultant. Steve transitioned his consulting practice to Dynamics CRM, (now Dynamics 365) in 2011. Steve has been engaged in hundreds of deployments over the course of his career. As one of the leading Microsoft Business Application Consultants, recognized by Microsoft as an expert, Steve has provided training, on behalf of Microsoft, to other Microsoft Partners globally on how to launch and build successful practices. Steve is a member of the Worldwide Dynamics Partner Advisory Council, and is a frequent presenter and panelist at global Microsoft events. The opinions shared in this blog are Steve's alone. If you are looking for Microsoft confidential information, you will not find any here.

5 Responses

  1. Gene says:

    Thank you for this insight. It appears these roles are used in D365CE but I use D365 for Finance and Operations. Are you aware if this will also impact current D365FO?

  2. David Brooker says:

    Steve,
    I have recently been asked to help out some “unknowing violators” i.e. a small company (approx. 20 users) utlizing Dynamics 365 for Sales that are mainly using Team Member licenses. They have been doing do this for about 3 years now i.e. before October 2018.

    So my interpretation of their situation is: Come June 30 2020 their Team Member licensed users will not see the existing custom App they have recently developed in-house and they will not be able to write to the Account entity?

    In the short term, this could be worked around by customising the Team Member App to use a different security role (which allows Write to the Account entity) but that is likely to be a short term solution as Microsoft’s Telemetery data will soon allow them to close that “loophole”.

    The only other alternative is to pay the near 8x increase in license fees?

    Am I somewhere near correct in my assessment?

    BTW – Being new to Micorosft licensing, its driving me to distraction!!

  3. Shawn Hickey says:

    How can a Team Member read everything if they are forced into an app that can only have 15 entities? Our agreement allows for a Team Member to edit up to 30 custom entities so won’t they be violating our agreement with this arrangement?

    We are in compliance with the Team Member license. We have our own security roles allowing different Team Member users access to different entities. It sounds like we will be punished with this new mode.

    • Rafael says:

      Hi Steve,

      I do not fully understand your comment below.

      “ You pick the 15, and they can be from anything. So they still have rights to “read” everything… just not all at once.”

      If Team License has rights to read everything and you can only add 15 custom entities…how could you possibly achieve that?

      Thank you.

Leave a Reply to David Brooker Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.