Restricted Admin Access with Platform 12 Updates
If you’re a customer operating or implementing Finance and Operations, you are provided with a set of environments to enable development, testing, and production. User acceptance test (Sandbox Tier-2+) and production environments are managed by Microsoft, while your IT staff was responsible for managing developer and build environments.
For all new deployments with platform update 12, all environments in a Lifecycle Services (LCS) implementation project that are running in the Microsoft subscription, including developer and build environments, are monitored and managed by Microsoft. This relieves your IT staff from having to monitor and manage security, including applying security patches and updates for these environments. This does not affect development and build environments running on-premises or in the customer’s or partner’s own Microsoft Azure subscription. Development and application management tasks performed by developers can be done without requiring local administrator rights on the development virtual machine (VM).
As of platform update 12, customers will no longer have access to virtual machine (VM) admin accounts on development or build environments that are running in Microsoft subscriptions. This only applies to new deployments of platform update 12 environments, meaning that environments deployed before the update, but have been updated to platform 12, will still have admin access. We recommend that you redeploy update 12 environments because the shift to a non-admin development on the Microsoft subscription will become mandatory in the future.
Customers who want administrative access to development environments have two options:
- Use a local development virtual machine (VM) by downloading the development VHD
- Deploy development or build virtual machines (VMs) in their own Azure subscription. To do this, in an LCS implementation project, go to Cloud-hosted environments and choose to deploy the environment cryption.
To develop in a cloud environment, you need to remote desktop (RDP) to the virtual machine (VM) using the developer account. The developer account will appear as (builtin\User…etc) on the LCS Environment page as shown below.
Microsoft has made changes in platform update 12 to make sure this account has the privileges necessary to complete typical development and customization tasks in Dynamics 365 for Finance and Operations.
The Administrator account will appear on the LCS Environment page as (builtin\Admin…etc) as shown below.
The administrator account will not be visible or accessible if the environment is running in the Microsoft subscription.
Additional information
To enable development without administrative rights on a virtual machine (VM), Microsoft Visual Studio is using IIS Express as the local web server instead of IIS. IIS Express runs as the local dev user instead of a system service.
To restart IIS Express, restart Visual Studio or open a table browser which will trigger a restart.
For answers to common questions, see Restricted Admin Access on development VMs with Platform update 12: What you need to know.
