Events
Mar 31, 11 PM - Apr 2, 11 PM
The ultimate Microsoft Fabric, Power BI, SQL, and AI community-led event. March 31 to April 2, 2025.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
This article describes how to access development instances, configure local development virtual machines (VMs), and find important configurations settings for developers and administrators.
Note
Term | Definition |
---|---|
End user | A user who accesses an instance through the web client. The end user must have Microsoft Microsoft Entra credentials to access an instance and must be provisioned/added as a user of that instance. |
Developer | A user who develops code through the Microsoft Visual Studio environment. A developer requires Remote Desktop access to development environment (VM). The developer account must be an administrator on the VM. |
To deploy a cloud development environment in your Lifecycle Services project:
Create a connection between an Lifecycle Services project and your Azure subscription. You need your Azure subscription ID and authorize the use of the subscription.
Select + under Environments to deploy.
Select an application and platform version.
Select an environment topology. For more information, see Sign up for preview subscriptions.
If you chose a cloud-hosted environment, select which Azure connector you want to use. Then select Deploy.
When a cloud environment is provisioned through Lifecycle Services:
The system can be accessed by end users. The administrator can add users to this system by using the Users page in the instance. These users don't have to be users in Lifecycle Services. You obtain the base URL for the cloud environment from your Lifecycle Services project site.
https://dynamicsAx7aosContoso.cloud.dynamics.com
.Cloud environments can be accessed both as an end user and as a developer. The developer gets access to the system through Remote Desktop credentials. The Remote Desktop credentials are obtained from the environment page on the Lifecycle Services project site (see the illustration earlier in this article).
For environments deployed before Platform update 12:
For any environments deployed on or after Platform update 12, there are distinct accounts, a developer account, and an admin account.
After you sign in to the environment through Remote Desktop, if you want to access the local application from the browser, use the same base URL that you use to access the application from a remote computer. The previous section explains how to obtain this base URL from Lifecycle Services.
When you're done with the developer environment, or in some cases where troubleshooting an infrastructure issue is too time consuming, you can always delete the environment from Lifecycle Services and create a new one later. To delete a cloud-hosted environment from Lifecycle Services, use the following steps:
You can't delete a cloud-hosted environment if the virtual network (VNET) that was created with it is also being used by other cloud-hosted environments. This scenario isn't common, but in some cases customers want all their developer environments to reuse an existing VNET so that they can share files more easily between them. If you implemented this scenario, you must delete the other environments before you delete the base environment that created the original VNET.
If the delete operation fails, check to see if one of the following issues may have occurred:
If Lifecycle Services wasn't able to successfully complete the delete operation, the operation is marked as Incomplete. Use the Delete Lifecycle Services metadata button to clean up this environment's metadata from the Lifecycle Services backend systems.
Note
This operation will not try to delete the resources in the Azure subscription. It is the customer's responsibility to manually remove the environment's resource group if it still exists.
You can easily identify the environment’s resource group in the Azure subscription, as it has the same name as the environment in Lifecycle Services.
A virtual hard disk (VHD) is made available for download from Lifecycle Services, so that you can set it up on a local machine. This system is intended to be accessed by a developer and is a preconfigured one-box development environment of finance and operations apps. The VHD is available in the Shared Asset library of Lifecycle Services under the asset type Downloadable VHD.
Follow the steps in this section if you're also configuring for Commerce.
To use the downloadable VHD for POS customizations, you must also follow this step.
Follow these steps to run the VM from Hyper-V Manager.
To start the VM, select Start.
To open the VM in a window, select Connect.
Select the Ctrl+Alt+Delete button on the toolbar. The VM receives most keyboard commands, but Ctrl+Alt+Delete isn't one of them. Therefore, you must use the button or a menu command.
Sign in to the VM by using the following credentials:
Tip
You can resize the VM window by changing the screen resolution. Right-click the desktop on the VM, and then click Screen resolution. Select a resolution that works well for your display.
Provision the administrator user. For more information, see the next section.
Start the Batch Manager Service. This step is required if you're running batch jobs or workflows.
You can also start the service from the Services window.
Apply updates as needed.
For POS customizations, you must also follow these steps on the guest VM.
For developer access, you must be an administrator on the instance. For environments that are provisioned through Lifecycle Services, we encourage you to deploy with the correct user. For more information, see Frequently asked questions. To provision your own credentials as an administrator on a local VM, run the Admin user provisioning tool. On the local VM, a link is provided on the desktop.
Note
The Admin user provisioning tool isn't supported in environments that are provisioned through Lifecycle Services. It should be used only on local VMs.
Note
For local VMs that use the virtual hard drive (VHD) that was released for versions 10.0.24 and later, the instructions in Set up the downloadable VHD for first use should be used instead.
Follow the steps in this section if you're also configuring for Commerce.
After the user is provisioned as an administrator, that user can access the instance on the computer by navigating to the following base URL: https://usnconeboxax1aos.cloud.onebox.dynamics.com
. If you're using version control and plan to connect multiple development VMs to the same Azure DevOps project, rename your local VM. For instructions, see Rename a local development (VHD) environment.
The URL of the POS app is https://usnconeboxax1pos.cloud.onebox.dynamics.com/
.
The URL of the Cloud POS app is https://usnconeboxax1pos.cloud.onebox.dynamics.com
. After you complete the configuration steps, this VM is provisioned with your Microsoft Entra tenant. Your Microsoft Entra admin account is mapped to a cashier worker account in demo data. You can use this cashier account to easily activate a POS device in this environment.
On a VM, you can find most of the application configuration by opening the web.config file of AOSWebApplication.
Start IIS.
Go to Sites > AOSWebApplication.
Right-click, and then click Explore to open File Explorer.
Open the web.config file in Notepad or another text editor. The following keys are of interest to many developers and administrators:
The software development kit (SDK) is available at C:\RetailSDK. For more information about how to use and customize applications, see the following topics:
If while configuring the shared hardware station on a VHD image you see the following "NoCertificateFoundException" error in the Event Viewer, the Commerce configuration for the VHD environment may require the manual removal of the merchant properties from the deployed environment.
No certificate found for id <id value presented>...
In AOS of your VHD environment, if preloaded values are set in the SECUREMERCHANTPROPERTIES or CONNECTIONSTRING attributes, those values should be cleared from the following tables:
SELECT SECUREMERCHANTPROPERTIES FROM dbo.RETAILHARDWAREPROFILE -- hardware profile form
SELECT SECUREMERCHANTPROPERTIES FROM dbo.RETAILCHANNELPAYMENTCONNECTORLINE -- online stores form
SELECT SECUREMERCHANTPROPERTIES FROM dbo.CREDITCARDACCOUNTSETUP -- payment service form
SELECT CONNECTIONSTRING FROM dbo.RETAILCONNDATABASEPROFILE -- payment service connection string for CDX
If preloaded values are found, set the attribute values to empty with scripts similar to the following examples.
Warning
The example UPDATE scripts provided below are illustrative for newly provisioned environments experiencing the certificate issue described above. You should only update values for the intended table or rows to avoid disruptive or destructive data updates. More selectors may be required if updating specific rows for the tables being updated.
UPDATE dbo.RETAILHARDWAREPROFILE SET SECUREMERCHANTPROPERTIES=";)
UPDATE dbo.RETAILCHANNELPAYMENTCONNECTORLINE SET SECUREMERCHANTPROPERTIES=";)
UPDATE dbo.CREDITCARDACCOUNTSETUP SET SECUREMERCHANTPROPERTIES=";)
UPDATE dbo.RETAILCONNDATABASEPROFILE SET CONNECTIONSTRING=";
Once cleared, use the forms in headquarters to set up your payment gateway merchant details in the hardware profile, online store channel, or the payments service forms appropriate for the environment. For the setup instructions required for your payment options, see the appropriate article:
To restart the local runtime and redeploy all the packages, follow these steps.
This process might take a while. The process is completed when the cmd.exe window closes. If you just want to restart AOS (without redeploying the runtime), run iisreset from an administrator Command Prompt window, or restart AOSWebApplication from IIS.
These environments are self-contained and haven't been tested, nor are they supported when joined to an Microsoft Entra domain when deployed via Azure.
This is only possible if you lower a user's security role in the project to Project team member role, and it isn't possible to hide the local account passwords for the Environment manager, or Project owner roles.
These environments haven't been tested, nor are they supported with Azure Bastion.
This message indicates that a Tier 1/customer-managed environment is configured with an Azure AD tenant different from the one used at the time of deployment. There are different options available to help resolve this issue:
A Tier 1/customer-managed environment should be deployed under the customer's Microsoft Entra tenant, to ensure that all the configuration and integrations are correctly provisioned for any given environment. The tenant and environment association is determined based on the user who deployed the environment.
To facilitate cloud-hosted deployments, we recommend that partners follow this step to create customer-specific, cloud-hosted environments. In this way, they'll ensure that the deployment is registered under the correct tenant.
Note
The Microsoft Entra tenant that is associated with the Azure subscription doesn't play any role in environment configuration. The Azure subscription and the corresponding connector configuration are used only to deploy Azure resources.
As was stated earlier, it's important that finance and operations environments be deployed under the correct Microsoft Entra tenant. For Tier 1/customer-managed environments that are deployed via LCS, changes to the Microsoft Entra tenant settings aren't supported after deployment.
If you have environments where the Admin user provisioning tool was previously used to update the tenant settings, we recommend that you delete those environments and then redeploy them under the correct Microsoft Entra tenant.
If an existing environment can't be deleted and redeployed, its URL must be added to the configured Microsoft Entra tenant. The following commands can be run by the tenant admin.
Note
Since these URLs are being added manually, the clean-up of these URLs also has to be done manually when the environment is deleted.
If not already on your machine you need to install the Microsoft.Graph PowerShell module.
Install-Module Microsoft.Graph
Retrieve the following values from the web.config file.
$Microsoft EntraTenant = <Value of Aad.TenantDomainGUID from web.config>
$EnvironmentUrl = <Value of Infrastructure.HostUrl from web.config>
# For example, if value is spn:fd663e81-110e-4c18-8995-ddf534bcf5e1 then take only fd663e81-110e-4c18-8995-ddf534bcf5e1
$Microsoft EntraRealm = <Value of Aad.Realm from web.config without spn: prefix. >
Run the following commands via the tenant admin account for the Microsoft Entra tenant in the web.config file.
# Using tenant admin account under this tenant login via Microsoft Graph PowerShell cmdlet.
Connect-MgGraph -TenantId $Microsoft EntraTenant -Scopes "Application.ReadWrite.All"
# Get Service Principal details
$SP = Get-MgServicePrincipal -Filter "AppId eq '$Microsoft EntraRealm'"
# Add Reply URLs
[System.Collections.ArrayList]$ReplyUrls = $SP.ReplyUrls
$ReplyUrls.Add("$EnvironmentUrl")
$ReplyUrls.Add("$EnvironmentUrl/oauth")
#Set/Update Reply URL
Update-MgServicePrincipal -ServicePrincipalId $SP.Id -ReplyUrls $ReplyUrls
# Log out
Disconnect-MgGraph
Restart your environment from Lifecycle Services by first performing Stop and then Start operations against your environment. If the environment configuration is found to be correct, then the environment URL is restored automatically within 2 hours of the Start operation.
If you're using the virtual hard drive (VHD) that was released for versions 10.0.24 and later, the Generate Self-Signed Certificates tool needs to be run before the Admin user provisioning tool. For more information, see Set up the downloadable VHD for first use.
Events
Mar 31, 11 PM - Apr 2, 11 PM
The ultimate Microsoft Fabric, Power BI, SQL, and AI community-led event. March 31 to April 2, 2025.
Register todayTraining
Learning path
Implement finance and operations apps - Training
Plan and design your project methodology to successfully implement finance and operations apps with FastTrack services, data management and more.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.