Microsoft Dynamics Architecture – Extensive Overview

Microsoft Dynamics Architecture is multi-tenant: multiple organizations or businesses can be hosted on the Dynamics CRM server. The platform forms the core of the Dynamics CRM system; and using the Dynamics CRM SDK means you’re building on top of the system. This is because Dynamics CRM platform supports smaller deployments, capable of scaling for application service-provider models as well.


Microsoft Dynamics Architecture – Extensive Overview

The security mode, for instance, protects the platform from any unauthorized access across the Internet and the Web, and it features the following components:

  • Microsoft SQL Server database
  • System services, including metadata, workflow, and integration
  • Web services
  • A query processor supporting the entity model
  • Plug-ins mainly for business logic extensibility
  • Reporting services
  • Secured ad hoc queries that protect the database using an XML fetch statement

An application developed using the Dynamics CRM server uses Web services to effectively communicate with underlying platform layer. In addition, the server platform creates domain-specific objects, which (in Dynamics CRM) include account, lead, contact, business logic, opportunity, and more. The object of this platform is to implement service-specific rules by trying to manipulate and/ or combine the underlying domain objects. This platform doesn’t impose business-specific logic and the layer imposes generic constraints only, with building blocks for an application.

Below is an overview of significant features (organization, security and business structure, the databases, workflow, the entity model, and extending the system using custom business logic) and capabilities of Dynamics CRM.

Organization and Business Structures: – an organization is made up of 3 basic entities:

1. Users – those who use the Dynamics CRM Application
2. Teams – groups of users created by another user within the organization
3. Business units – structural units within an organization

Microsoft Dynamics Architecture is the primary container entity (the business structures) within an organizational hierarchy. The business unit structure determines/ defines the concepts of Local, Deep, Basic, and Global access.

Users within Dynamics CRM are “parented” to a specific business unit and not to the organization object.

Entity Model

This is the view to your objects used in Dynamics CRM, supporting its requirements for each entity within the system. The high-level areas contained here are sales force automation, scheduling, marketing automation, customer service, and support.


As a metadata-driven product, Dynamics CRM (through the metadata layer), abstracts the underlying details of data storage (data access and schema). Think of metadata as what describes the underlying data structures controlling the manner in which the application operates, including its display.


This feature extends the functionality of Dynamics CRM by enabling users to create and personalize business processes. Built in top of the Windows Workflow Foundation, this feature provides the run-time engine, the programming model, and tools to enable you quickly build workflows.

Business Logic Extensions

Usually for implementing personalized platform-based business logic, this feature does not limit developers from crating custom business logic via workflow process only. The business logic that they create can also be integrated with Dynamics CRM, executing in response to a specific system event for a particular entity. But Dynamics CRM online does not support the business logic extensions.

Extensibility Architecture

Dynamics CRM can be customized in different areas using the following key features:

  • Customization Tools: to customize, add, and even rename entities.
  • ISV Code: use this to add your features to this app using the application configuration file
  • ISV Script or Form Customization: use this feature to customize forms using client-side scripting.
  • Import/ Export: this feature allows you to export customizations to be installed into a production environment.
  • Custom Reports: create custom/ personalized reports within Dynamics CRM, as well as Microsoft Access, Microsoft Excel, etc., by using filtered views.
  • Plug-ins: augment the CRM business logic for both offline and online apps using your own plug-ins. You can also integrate to external systems using these extensions.
  • Workflow Custom Activities: create your own workflow activities to be used by the workflow rules that you set. Call out to select external systems using your own workflow rules.

Security Architecture

Dynamics AX security architecture is comprised of application security and infrastructure.

Infrastructure security, which is built on:

  • Integration Windows authentication
  • Active Directory services in native mode
  • Secured servers with specific security requirements running Dynamics AX
  • A perimeter network that features a firewall for Internet-facing Enterprise Portal

Application Security

The Microsoft Dynamics Architecture application security feature:

  • Dynamics AX includes Active Directory users. Users not in Directory can’t be added and permission cannot be granted to users directly.
  • Dynamics AX user groups are granted permissions.

Adding users to a group grants them all the permissions specially assigned to that particular group. Users not assigned to the group cannot access Microsoft Dynamics. However, a user can belong to more than a single group, inheriting the highest permission level of both or more groups.

Create an admin user and admin group the first time you run Dynamics AX client. Administrators have full access to all menus, forms, reports, tables and the AOT (Application Object Tree). Restrict the users in the Admin Group.

  •  Domains, which are groups of accounts, make it much easier to maintain your user group security where many companies use one Dynamics AX system, with similar security needs. With domains, one can restrict permissions granted to user groups belonging to one company, or enables you to set up particular user groups and give them permissions to access data across companies. However, the domains feature should have a separate license.
  •  Field and table security lets you restrict access and alterations to a table.
  •  Security keys controlling access to menus, forms, fields, and reports within a form.
  •  Record-level security that restricts access to specific section of the table by allowing you to set permissions in tables, especially rows.
  • Security keys, which can be set for domain/user group combinations, are typically disabled by default, including admin users and any other person accessing Dynamics AX using a developer license.


The server platform controls access to the database via security and even raises events for personalized business logic implementations and workflow processes. In Microsoft Dynamics Architecture, the platform layer, through Microsoft Exchange, makes a provision for incoming, as well as outgoing email processing.

dynamics new

Michael is the Lead Author & Editor of DynaMe. DynaMe is a blog focused on cloud based Microsoft Dynamics.