Skip to main content

Microsoft Dynamics 365

The Glean Microsoft Dynamics 365 connector indexes data from Dynamics 365.

After you set up the connector and a crawl completes, users can search for this CRM context in:

  • Glean Search
  • Glean Assistant
  • Glean Agents
  • Glean MCP

Supported tables

By default, Glean indexes the following Dynamics 365 tables:

  • Accounts
  • Contacts
  • Leads
  • Opportunities
  • Activities, including emails, meetings, and attachments

Glean can also index additional Dynamics 365 tables. To include additional tables in the index, contact Glean Support.

Supported features

  • Index all Dynamics 365 tables, including Microsoft-provided and customer-defined tables.
  • Index columns from all selected tables.
  • Perform full and incremental crawls to keep data current.
  • Discover table schemas and column metadata automatically.
  • Customize indexing by greenlisting tables or redlisting columns. Contact Glean Support to greenlist customer-defined tables for indexing or redlist columns for exclusion. These settings are not available in the Glean setup UI.

Supported API endpoints

  • Microsoft Graph API (application permissions: User.Read.All, Directory.Read.All)
  • Dynamics CRM API (delegated permission: user_impersonation)

Limitations

  • Glean supports role-based security permissions only. Sharing-based and hierarchy-based ACLs are not supported.
  • You can connect only one Dynamics 365 organization (tenant) per Glean data source instance (DSI).

Crawling strategy

Crawl typeFull crawlIncremental crawlPeople dataActivityUpdate rateWebhookNotes
Dynamics 365 CRMYesYesNoNoTimelyN/AIndexes default tables by default and can index additional tables when configured by Glean Support; one org per DSI

Requirements

The following requirements must be met to use the Dynamics 365 connector.

Technical requirements

  • Microsoft Dynamics 365 environment must be licensed and accessible within your organization.
  • An O365 data source (OneDrive or SharePoint) set up in Glean and linked to the same Azure tenant as Dynamics 365.
  • Azure portal access for registering and managing applications.

Credential requirements

  • You must generate and provide:
    • Application (client) ID
    • Directory (tenant) ID
    • Client secret
    • Dynamics 365 organization ID

These credentials are configured and obtained during the Azure portal setup. Only admin-level users (Global administrator, Application administrator, or Cloud Application administrator) must complete this process.

Permission requirements

  • Microsoft 365 and Azure admin privileges are required for setup and granting consent.
  • The new Azure application must have:
    • Microsoft Graph (application): User.Read.All, Directory.Read.All
    • Dynamics CRM (delegated): user_impersonation
  • You must assign a Dynamics 365 security role to the application user (recommended: System Administrator, or a custom org-level read-only role with appropriate table access).
  • Admin consent must be granted on the app in Azure Enterprise Applications.

Configuration and setup instructions

Required permissions for setup

  • The user setting up this data source must be the Global Admin.

1. O365 data source association

  1. Ensure some O365 data source (for example, OneDrive or SharePoint) with Dynamics 365's Azure tenant ID is already set up.

2. Register a new app

  1. Sign into the Azure portal. Select Microsoft Entra ID, then Manage → App registrations → New registration.

  2. On the Register an application page, register an app with the following:

    FieldValue
    NameGlean
    Supported account typesAccounts in this organizational directory only (Single tenant)
    Redirect URI(Leave this field blank)

  3. Click Register.

    Register application

3. Configure permissions

  1. On the left side navigation on the overview page, click on Manage → API Permissions.

  2. Click Add a permission and select Microsoft Graph. Select Application permissions and add the following:

  • User.Read.All
  • Directory.Read.All
  1. Click Add a permission and select Dynamics CRM. Select Delegated permissions and add the following:
  • user_impersonation

  1. Ensure you are signed into Azure as a Global administrator, Application administrator, or Cloud Application administrator.

  2. Use the search box to navigate to Enterprise applications. Select the Glean app you created from the list of applications.

  3. Click Permissions under Security. Review the permissions shown, and then click Grant admin consent.

    Grant admin consent

By this step, you must have the following permissions provisioned on the API Permissions page.

Dynamics 365 API permissions

5. Generate secret

  1. Navigate to Microsoft Entra ID → Manage → App registrations and click on the app you created earlier.

  2. Click Manage → Certificates & secrets in the left sidebar.

  3. Click on New client secret. Enter a description and select 24 months for expiry time, then click Add.

  4. Under Client secrets, copy the Value (not the Secret ID) you generated and enter it in Glean as the Client secret. The Value is shown only once.

    Azure generate secret

6. Get Dynamics 365 organization ID

  1. Check the URL bar in your browser. The Dynamics 365 Organization ID is part of the domain name. For example if you see: https://org810c0cef.crm.dynamics.com/ in the URL bar, your Organization ID is org810c0cef.

7. Add application user in Dynamics 365

  1. Sign into the Power platform admin center.

  2. Select the Dynamics 365 environment you want to connect to Glean.

  3. On the Dynamics 365 environment page, navigate to Settings → User + permissions → Application users to add a new application user.

    Dynamics 365 environment settings

  4. On the Application users page, click + New app user to open the Create a new app user dialog.

  5. Enter the previously created app name, Dynamics 365 organization ID, and role name that provides read access to the Dynamics 365 data, then click Create.

    Dynamics 365 new application

8. Fill out keys

  1. Scroll to the top of the left sidebar and click Setup.
  2. Copy the Application (client) ID and Directory (tenant) ID and enter them in the Glean self-serve page.
  3. Enter the Dynamics 365 Organization ID in the designated field.
  4. Click Save. If the credentials save, you're all set!

Permissions and security

Data and metadata ingested

  • Data: Accounts, Contacts, Opportunities, Leads, Activities (email, meetings, attachments), additional greenlisted tables, indexed columns, and metadata (timestamps, owners, and so on)
  • Identity mappings support access control mirroring Dynamics 365’s security roles and business units.

Permission propagation logic

  • Permissions from Dynamics 365 are respected: users see only records they can access within the source system.
  • Sharing-based and hierarchy ACLs are not supported; only security role-based access is enforced for the indexed objects.
  • Additional indexed tables follow the same role-based permission model as the default indexed tables.

Security and compliance notes

  • Authentication uses OAuth2 against Azure AD.
  • Glean does not modify or create data in your Dynamics 365 environment.
  • Supported for one Dynamics 365 organization per Glean data source instance.

Data privacy implications

  • Indexed CRM data may include personally identifiable information (PII) as present in source records.
  • Role-based access protects sensitive records from unauthorized views in Glean.
  • No external data sharing or writing occurs during crawl.
© 2026, Glean Technologies, Inc.
Last updated on