When working in a Dynamics 365 Finance & Operations cloud-hosted environment, it’s often necessary to work with your organization’s actual data instead of the default Contoso dataset provided by Microsoft. However, the idea of downloading and importing a database into your environment can present challenges, such as large database sizes, limited storage capacity, or time constraints that make full imports impractical. Fortunately, there is a solution thanks to Lifecycle Services offering just-in-time (JIT) credential access.
Prerequisites
Before getting started, there are a couple of key prerequisites to be aware of:
- You must have an available sandbox environment in Lifecycle Services from which you can request JIT credentials.
- If you require data from your production environment, you’ll need to copy the database from production to the sandbox environment using the Move database functionality in Lifecycle Services.
Requesting JIT Credentials
Once your sandbox environment is set up with the dataset you want to use, the next step is to request JIT credentials for that sandbox environment. When prompted for a reason, be sure to select Performance tuning for AX (write to AX), as this grants both read and write access to the database.
After submitting the request, a confirmation popup should appear to indicate that access has been granted.
Enabling Firewall Access
Next, to allow your cloud-hosted environment to connect to the sandbox environment, you must enable firewall access:
- In Lifecycle Services, click the Maintain tab and select Enable Access.
- In the fly-out window, click the + button to add a new firewall rule.
- Set the Service to AzureSQL.
- Assign a Name (such as your environment name or a recognizable description).
- Set the IP address to that of your cloud-hosted environment.
- If you’re unsure of the IP address, you can find it by either:
- Navigating to the Azure resource for your cloud-hosted environment in the Azure portal.
- Opening a browser inside your VM and visiting WhatsMyIP.org or WhatIsMyIPAddress.com.
- If you’re unsure of the IP address, you can find it by either:
After saving the firewall rule, you should receive a confirmation message.
Updating the web.config File
With JIT credentials and firewall access established, it’s time to configure the cloud-hosted environment to use the sandbox database.
- Refresh Lifecycle Services and copy the generated JIT credentials. I find it helpful to paste them temporarily into a Notepad file for reference instead of having to use the default interface in Lifecycle Services.
- RDP into your cloud-hosted environment and navigate to the WebRoot folder. Depending on how your environment was deployed and what Azure instance type you used, this will typically be located at either J:\AosService\WebRoot or K:\AosService\WebRoot.
- Locate the web.config file and create a backup copy.
- This is critical, as the file contains connection details for the default AxDB database.
- Open the original web.config file in your preferred text editor.
Around lines 82–84, you’ll find connection string entries for the database name, database server, and SQL user. Update them as follows:
- Update the Database field with the database name provided by Lifecycle Services.
- Update the DbServer field with the server address provided by Lifecycle Services.
- Update the SqlUser field with the SQL username provided by Lifecycle Services.
Then, scroll down to approximately line 239 and make the following changes:
- Update the SqlPwd and AxAdminSqlPwd fields with the password provided by Lifecycle Services.
- Update the AxAdminSqlUser value with the SQL username provided by Lifecycle Services.
Double-check your edits for correct syntax, look out for missing quotation marks or closing brackets. Once confirmed, save the file.
Restarting the WWW Service and Wrapping Up
Next, we will want to open the Services.msc application on your cloud-hosted environment and restart the World Wide Web Publishing Service service.
You have now successfully configured your cloud-hosted environment to use the sandbox environment’s database. Keep in mind that JIT credentials are temporary, so access will expire unless renewed and replaced again. When no longer needed, you can also revert to your default configuration by restoring the original web.config file.
If you have any questions or feedback, feel free to reach out!
