Configuring Dynamics 365 CE Data Export Service

Post by: syed hussain in Dynamics 365 CE Microsoft Azure

Summary

The steps below outline the actions needed to build the Dynamics 365 Data Export Service. What I found was that documentation on this subject is sparse, but also, blog posts describing the process were very confusing. It’s actually a very simple process.

The steps are as follows:

  • Install the Data Export Service App
  • Create an Azure Single-Instance DB
  • Configure Azure Key vault
  • Create an Export profile

Install the Data Export Service App

I had a major issue validating the Data Export Service with Key Vault. This is because the Data Export Service solution was a much older solution that I hadn’t updated. My suggestion is to always remove and install a fresh Data Export Service solution at the very start.

First and foremost, the Dynamics 365 Data Export App needs to be installed. To Install this requires Administrative privileges.

https://appsource.microsoft.com/en-us/product/dynamics-365/mscrm.44f192ec-e387-436c-886c-879923d8a448

The steps to install the App are straight-forward.

Once the wizard has been completed, a solution called Data Export Service for Dynamics 365.

Create an Azure Single-Instance Database

The steps to create a Single-Instance DB in Azure are straight forward. Once an instance has been created, there are two actions that need to be carried out.

  1. Enable ‘ Allow Azure services and resources to access this server‘.
  2. Take note of the ADO.NET Connection string.

In the Azure SQL Server settings blade,under Firewalls and Virtual Networks, select Yes, to Allow Azure services and resources to access this server.

Secondly, in the database blade, under Connection strings, take note of the details in the ADO.NET settings.

Server=tcp:expcrm-001.database.windows.net,1433;Initial Catalog=expcrm-001;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

Replace the {your_username} and {your_password} with correct details.

Configure Azure Key Vault

Before configuring Azure Key Vault, there are some prerequisite steps that need to be in place. These are:

  1. Configuring Azure Key Vault requires Administrative privileges.
  2. Data Export Service App needs to have already been installed.
  3. Azure Active Directory & Dynamics 365 need to exist in the same tenant.
  4. Azure tenant ID details are required.
  5. Dynamics 365 CE Organisation ID is required.
  6. The SQL Single-instance database connection string ADO.NET details is required.

Key Vault creation steps

The following steps are required to create the Key Vault.

  1. Create the Key Vault Azure resource
  2. Create the Access Policy
  3. Create the Secret Key

The above steps can be carried out at the point of resource creation.

Create the Key Vault resource

Creating a Key vault is relatively straight forward. See the Azure documentation for more details.

Create the Access Policy

Create a new Access Policy by clicking the + Add Access Policy link.

In the field Select Principal, search for Data Export Service for Dynamics 365. Once selected, under the Secret Permissions, select the GET value only.

Once complete, a new Access Policy should be visible.

Create the Secret Key

There are two required steps:

  1. Create the secret using the SQL DB ADO connection string as the Value. This was captured earlier.
  2. Update the secret with both the Dynamics 365 Organisation & Azure Tenant ID by adding Tags.

Create a new Secret, for the Value setting, add the ADO.NET connection details saved earlier.

Once this is complete, the next step is to add the Azure Tenant ID and the Dynamics 365 Organisation ID as Tags. Click into the newly created secret:

Add the new tags:

Tag Name – Dynamics 365 Organisation ID GUID.
Tag Value – Azure Tenant ID GUID.

Save any changes.

At this point, all the work that is required in Azure is now complete.

Create a Data Export Profile

The Key Vault URL will be required for this step. To get the Key Vault URL go to the Azure Key Vault Secret you created earlier, and then copy the Secret Identifier value.

Any entity to be added to an export profile must be enabled with change tracking

The destination database connection string must be maintained in an Azure Key Vault URL to ensure secrets are securely managed. The Key Vault URL must exist in the same tenant as Dynamics 365. Refer to the How to set up the Key Vault URL link below on how to use a script template to automate the Key Vault URL creation.

https://cloudblogs.microsoft.com/dynamics365/?p=16455?source=crm

To create a Data Export Service, go to Settings > Data Export.

*Note that you may have to enable pop-ups on the Data Export page and accept the disclaimer.

Populate the form as required with a name and the Key Vault URL.

Clicking the validate button should now show a success message. If the Data Export Service is unable to valid due to ‘Tenant ID’ not being correct. I suggest uninstalling the Data Export Service solution and starting the process again.

Complete the remaining steps as necessary.

Once the process has been completed, the Data Export Profile should look like the following:

This completes the Data Export Service setup.

Tags: data export service key vault
26 Oct 2019
0