New Security Duplication Feature in D365FSC

by | Dec 8, 2025 | Dynamics 365 for Finance and Operations | 2 comments

Microsoft’s validation of Dynamics 365 for Finance & Supply Chain licenses is on it’s way. As many customers are in the process of ensuring they are compliant, Microsoft is adding new features to help with this process.

One that I first noticed in the 10.0.45 (10.0.2345.117) is a new feature surrounding the duplication of security layers. Let’s take a look at what’s new!

Scenario

The scenario in this case is that I want to duplicate the Accountant role, currently this role requires either a ‘Finance’ or ‘Finance Premium’ license but I would really like to require an ‘Operations – Activity’ license:

New Feature

If I now go to the Security Configuration form and click on the ‘Duplicate’ button:

The dialog that appears allows me to name the role, but also select which License SKU this new role should require:

In my case, I selected ‘Operations – Activity’:

To perform this, D365FSC looks at the current duties assigned to this role and determines which duties need to be removed to make this new security layer the correct license type. If some duties had to be removed, a warning message log is generated:

With the warning message, D365FSC will report the number of duty references that had to be removed as well as give you the option to download a more detailed report:

The excluded references file contains the duties that were removed because they required a higher license than ‘Operations – Activity’:

Once we let the new security layer be processed for licensing, we can validate that this new security layer does indeed lower the license requirement to ‘Operations – Activity’.

Observations

1) The same process works for duties as well, in this case the system looks at the privileges assigned to the duty and removes those that are required to meet the license requirement.

However I did notice the excluded references file is not generated even if privileges are removed.

For example, I took the ‘Approve BOMs’ duty which requires a ‘Supply Chain Management License’ and tried the same process of lowering it to ‘Operations – Activity’:

The privileges ‘Approve BOMs’ and  ‘Approve BOM versions’ were removed, leaving only ‘View BOMs’ which actually makes this duty only require a ‘Team Member’ license:

But there was no notification during the creation of the duty that these privileges would be removed.

2) The security layer duplication feature does work at the privilege level, however I did not see the ability to set a license on the new security layer.

Conclusion

The ability to set a license requirement on duplicated security layer is another feature added by Microsoft to help customers meet their license requirements, which I think can be extremely powerful if used correctly. But it is important to understand what the process is actually doing to ensure you are not removing access that a user might otherwise need.

2 Comments

  1. Mark Zerr
    Mark Zerr on December 9, 2025 at 9:30 am

    Hi Alex, I had to go apply the proactive update to play with this but love the feature so thanks for sharing. I duplicated the accountant role example. Another observation I noticed was several of the inquiry duties were also removed. This really is not new behavior but for so long I would have started in looking to reduce a role to a lower license that leaving inquire duties would be okay but it’s not the case. In the end its user testing that will let us know if it truly worked but it sure makes the starting point of reducing license cost easier.

    List of inquires duties
    Duty CashAccountsInquire Inquire into cash accounts
    Duty CollectionLetterCollectionsStatusInquir Inquire into collections status
    Duty CustomsDutyInquire_RU Inquire about customs duty data
    Duty FactureIncomingInquire Inquire about incoming factures
    Duty FacturePrepaymInquire Inquire about prepayment factures
    Duty InquireFA_RU Inquire about fixed assets in Russia
    Duty RDeferralsInquire Inquire about deferrals
    Duty RTax25ReferenceDataInquire Inquire about tax accounting reference data
    Duty RTSLTranslationInquire Inquire about translation setup and sessions
    Duty TaxPovertyFundMaintain_BR Inquire FCP
    Duty ElectronicAuditDataInquire_W Inquire into electronic audit data
    Duty TaxBenefitCodeMaintain_BR Inquire benefit code

    Reply
    • Alex
      Alex on December 9, 2025 at 10:58 am

      Hey Mark,

      I went through and checked these duties and the reason they were removed is because even though they have ‘inquire’ in the name of the duty, they contain object access which require higher license levels.

      For example, the CashAccountsInquire duty has write access to the RCashExchAdjPl object which is causing the duty to require a Finance license:

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.