What Dynamics 365 API permissions does the Monitoring Agent require?

Minimum Permissions

Azure AD app registration with Dynamics CRM user_impersonation scope provides read-only access to workflow status, execution history, user login data, license consumption. Sufficient for monitoring and alerting, but cannot execute Remote Actions (restart workflows, modify resources).

Recommended Permissions

Dynamics 365 System Administrator role provides full read/write access enabling all Nodinite features: monitoring + alerting + Remote Actions (restart workflows, view detailed logs, export license reports, manage resources). Required for delegated management features.

Security Best Practice

Create dedicated service account nodinite-monitor@company.com with System Administrator role, rotate client secret every 90 days, store credentials encrypted in Nodinite via Secret Management, restrict app to Nodinite server IP via Azure AD Conditional Access policy.

Next Step

• Troubleshooting Overview

Related Topics

• Dynamics 365
• Managing Dynamics 365
• Prerequisites

Browse more Microsoft Dynamics 365 FAQ topics in the Troubleshooting Overview.