- 1 minutes to read

Microsoft Dynamics 365, FAQ, Troubleshooting, Common Questions Microsoft Dynamics 365, FAQ, troubleshooting, common questions What Dynamics 365 API permissions does the Monitoring Agent require?

What Dynamics 365 API permissions does the Monitoring Agent require?

What Dynamics 365 API permissions does the Monitoring Agent require?

Minimum: Azure AD app registration with Dynamics CRM user_impersonation scope provides read-only access to workflow status, execution history, user login data, license consumption. Sufficient for monitoring and alerting, but cannot execute Remote Actions (restart workflows, modify resources).

Recommended: Dynamics 365 System Administrator role provides full read/write access enabling all Nodinite features: monitoring + alerting + Remote Actions (restart workflows, view detailed logs, export license reports, manage resources). Required for delegated management features.

Security best practice: Create dedicated service account nodinite-monitor@company.com with System Administrator role, rotate client secret every 90 days, store credentials encrypted in Nodinite via Secret Management, restrict app to Nodinite server IP via Azure AD Conditional Access policy.

See all FAQs: [Troubleshooting Overview][]