License Enforcement for Dynamics 365 F&SCM (F&O) Users: Updates & Next Steps

Updated 5/2/2025

Starting on August 30^th, 2025, Microsoft will have stricter Dynamics 365 license enforcement for Finance & Supply Chain (D365F&SCM) — ending the previous lack of enforcement where customers were able to have far more users than licensed.

Skip Ahead

• Risks of Inaction for Current D365 Users
• How You Can Prepare
• Basic Security & Licenses Assessment
• How to Assign Dynamics 365 Finance & SCM Licenses
• Questions From Our 4/29 Licensing Webinar

---

Key Dates

• May 15th, 2025
  • Power Platform Admin Center: Soft block, new reports, assignment insights, new dashboards and functionalities

• August 30th, 2025
  • Dynamics 365 F&SCM license enforcement 

How Will This Affect You?

On May 15th, 2025, all users without proper licenses will see a soft block notification banner appear at the top of their screens:

Administrators will also gain access to enhanced license usage reporting through the Microsoft 365 admin center. These reports will clearly identify available and assigned seats while notifying unlicensed users to request proper access through their administrators (via the soft block above).

The mandatory license assignment phase begins August 30, 2025. This is when the soft block becomes a hard block for any unlicensed users. From this date forward, all active users without valid and assigned licenses will lose access to their Dynamics 365 applications, potentially disrupting financial operations, supply chain workflows, and other business processes. 

D365 Applications Impacted (License Required)

• Dynamics 365 Finance & Finance Premium
• Dynamics 365 Supply Chain Management & Premium
• Dynamics 365 Commerce
• Dynamics 365 Project Operations
• Dynamics 365 Human Resources

Beyond access disruptions, organizations face significant financial and compliance risks. We’ve seen many clients require thousands of additional D365 F&SCM licenses just to comply with the platform’s security design. However, in most cases, optimizing security role configurations can resolve these issues while keeping license counts at acceptable levels.

Download the Licensing Enforcement & Analysis One-Pager

Read our comprehensive one-pager to clear up any confusion about Dynamics 365 Finance & SCM licensing enforcement. Ensure your organization is prepared and compliant with actionable insights.

Download Now

Note:

Microsoft sent an email notification on April 30th, 2025 informing Dynamics 365 administrators that the soft block had been rescheduled to May 15th, 2025.

To Be Determined (as of 5/2/2025)

1. Enforcement Strictness

The exact level of enforcement remains unclear. For example:

• If a user has multiple roles requiring D365 Finance + D365 Supply Chain Management + D365 Commerce + D365 Project Operations licenses, will compliance be strictly enforced?
• How will Microsoft handle overlapping license requirements?

2. Device License Uncertainties

It’s still unclear how enforcement will apply to D365 Device licenses (e.g., scanners and shared workstations).

Why Is This Important?

Historically, many organizations using Dynamics 365 F&O (F&SCM) have operated with more users than officially licensed due to the lack of enforcement. Now, many users without proper licenses will lose access to critical applications, potentially disrupting financial operations, supply chain workflows, and other business processes. 

Beyond access disruptions, organizations face significant financial and compliance risks. Unaddressed license gaps, for example, can lead to unexpected costs during Enterprise Agreement or Cloud Solution Provider renewals, and non-compliance may trigger Microsoft audits, resulting in backdated charges or contractual penalties. Not to mention having unlicensed users with system access, which can create governance vulnerabilities, increasing audit exposure and IT burdens as enforcement deadlines approach.

Risks of Inaction for Current D365 Users

• Disruptions for Unlicensed Users: After August 30, 2025, any employee without an assigned license will be locked out of critical F&SCM applications — halting workflows in finance, procurement, inventory, and more.
• Cost & Compliance Risks: Unplanned license purchases and non-compliance can lead to unexpected costs, backdated charges, or legal repercussions during EA/CSP renewals.
• Security & Governance Concerns: Unlicensed users with lingering system access create security gaps and audit vulnerabilities, while last-minute license scrambling strains IT teams.
• Operational Downtime: Sudden loss of access for key personnel could delay month-end closes, shipments, or financial reporting.

How You Can Prepare

For organizations requiring assistance, we’re offering:

• A free downloadable guide to answer your questions & explain our license analysis service
• A webinar series up until the August 30th deadline to keep you prepared
• Basic security & license assessment that you can take action on (see below)

Basic Security & Licenses Assessment 

Go to Power Platform Admin Center (Power Platform Admin Role needed), then navigate to ‘Billing’ -> ‘Licenses’ -> ‘Finance & Operations’. You will see a dashboard with multiple clickable areas for drill-down data.

The first screen provides an overview of users in D365F&SCM and the required licenses.

*Note: We have seen examples of discrepancies, so be careful when assessing the data.

You also have the opportunity to export data to Excel, although the report quality is currently not the best.

When you click on ‘View licenses,’ you get a list of your different base licenses as indicated below.

If you click ‘View users,’ you are taken to a screen that provides more insight into who exactly needs a license and why, including which D365F&SCM security role drives the Base1 license. See the example below.

Legacy Reports from Dynamics AX: Can You Trust Them?

We’ve received a number of inquiries from customers asking if they can trust the reports carried over from Dynamics AX 2012 (see examples below). The short answer is NO, as they are not up to date with the different licenses and do not provide insight into what a user might need a license or an attach license for.

How to Assign Dynamics 365 Finance & SCM Licenses

First, double-check that you have assigned D365 F&SCM licenses. Then, go to the Microsoft Admin Portal. You’ll see the below screen, which you may be familiar with if you’ve assigned Office, Power BI, Dynamics 365 Sales, or other relevant licenses.

Remember to Update the LCS Subscription Estimator

When you assign or purchase new licenses, we always recommend updating the Subscription Estimator in LCS, as it ties into your production environment sizing.

Although there isn’t much public information available about this, we’ve observed that updating the Subscription Estimator can lead to automatic resizing of your environment by Microsoft, providing more AOS instances, etc.

To update the Subscription Estimator, go to LCS Dynamics, click on the hamburger menu, and select ‘Subscription Estimator.’ The screen will populate, showing multiple estimates that can be uploaded to LCS.

Learn more: https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/lifecycle-services/subscription-estimator  

If you’re a bit lost, Avantiico can help align your licenses and transition data with your company size and purchased licenses. You can also download our Dynamics 365 Finance & SCM Security & Licensing Analysis Guide for more clarity.

Analyze Your Security & Licenses with Avantiico

If you’ve followed the steps above and discovered you have too many users in D365F&SCM compared to purchased licenses, and you fear being hit with extra license fees on August 30th, 2025, you can reach out for a free consultation.

Our consultants can provide an advanced D365F&SCM security and licenses analysis for your organization to avoid extra fees and help clean up your security roles, ensuring they align with your company compliance policies and SOD.

Analysis Process (Avantiico led)

1. 30-45 min screenshare call with customer
2. Extract 3 key documents from D365F&SCM:
   • All users
   • Sub-roles
   • Security User Role Association & Role Permission
3. Analyze data using Avantiico’s ‘Security & License Cleanup Engine’ (IP)
4. Duration: 4-5 days

Below is an example of how a report could look, showing users in production, purchased licenses, and the delta, along with the current ‘non-compliant’ amount:

With a license analysis, you’ll receive recommendations on what needs to change to optimize your license mix and security role design.

After a successful cleanup, your setup could look like the example below:

Sample deliverables include:

• License analysis reports showing compliance status and cleanup opportunities
• Database audit results revealing unauthorized access instances
• Actionable roadmap for achieving full compliance before enforcement

For organizations preparing for renewal cycles or concerned about compliance exposure, our one-pager is a great first-step. However, an assessment will deliver the most clarity and actionable intelligence.

Attend our webinar to clear up any confusion or contact us today for a Microsoft licensing review to stay ahead of the August 30th deadline.

Download the Licensing Enforcement & Analysis One-Pager

Read our comprehensive one-pager to clear up any confusion about Dynamics 365 Finance & SCM licensing enforcement. Ensure your organization is prepared and compliant with actionable insights.

Download Now

Questions From Our 4/29 Licensing Webinar

What is the level of D365F&SCM enforcement going to be like in general?   

What we know:  Users in D365F&SCM need a license matching their security role. If they have multiple security roles that requires multiple licenses, they would need multiple licenses.  

Example: D365 Finance “Base” and D365 Supply Chain Management “Attach” 

What we don’t know: There are different tiers of licenses, and we’re not 100% sure how the enforcement will affect each tier going forward, but accordingly to Microsoft, it will be enforced based on security roles. 

We don’t know if a user with, for example, a Team Member license will be locked out of D365 the same way a Full User most likely would be in the case of incompliancy. Hopefully we will get clarity on this in the coming weeks/months. 

 Will Non-System Administrators be able to block licensing incompliancy notifications? 

What we know: Currently, it’s not possible to change the notification method, as it’s the only way for Microsoft to notify users. Users will receive in-product notifications about licensing requirements, and system administrators will receive email notifications from Microsoft. Administrators can review users, roles, assignments, and licensing status in the Power Platform admin center and Lifecycle Services.

What we don’t know: Our current speculation is that non-System Administrators will not be able to block these notifications, because it defeats the purpose. 

How will these licensing changes affect External/Guest Users access?

According to the latest Dynamics 365 licensing guide (March 2025), external users are generally not included. However, it’s important to verify the definition of ‘external user’ as specified by Microsoft. Review the passage below to confirm that your users meet Microsoft’s criteria for ‘external users’. It should not affect them at all; external users/Guest users do not require a license if they are not in the production environment.

Do we know if/when Microsoft will be looking at correcting False Positives being reported in Power Platform Admin Center (PPAC)?  

What we know: Some standard reports appear quite dated in terms of their UI/UX, suggesting they haven’t been rigorously updated to match Microsoft’s new standards. Broadly speaking, our position is that standard reports are not to be trusted as they do not accurately reflect the reality of your D365 environment.

Looking to the future: It is unlikely that Microsoft will offer out-of-the-box reporting that is widely trustworthy, especially in the short to medium term.

 Will Dataverse and D365F&SCM Database Capacity be enforced on August 30^th, 2005? 

We don’t currently know if database usage will be enforced in the same way as general licensing. It seems unlikely to happen immediately, but things may change over the next 100 days.

 Will the Database capacity of EVERY environment currently operating be scrutinized under the new enforcement rules? For example, do the new rules apply to Test environments, or just the Production environment?   

Microsoft currently has SKU prices for both non-production and production environments. For non-production, the cost is $30 per GB per month with a minimum of 1000GB. For production, the price is $40 per GB per month.

Is it possible to bulk assign users to a particular license? 

Yes, you can! This can be particularly helpful if you need to remediate license discrepancies at scale. Generally, this is handled with a PowerShell script that we provide to customers during the licensing review process, allowing us to assign thousands of licenses within minutes.

Is there a report that defines which users need which licenses based on security roles? 

There are various out-of-the-box reports available, and you can also utilize the new “User Security Governance” tool. This feature provides administrators of finance and operations apps with enhanced visibility and control over user security. Currently, it is in Public Preview in Dynamics 365 version 10.0.43, with general availability planned for July 2025 in version 10.0.44.

Avantiico also offers some reports that are easier to work with, providing more user-friendly options for managing and reviewing security settings.

Will license incompliancy alerts appear on the WMS app on scanners?  

The short answer is no. This appears to be a work in progress, and we may learn more about it in the next 100 days.

What sort of license would need to be assigned for users that have a system administrator?  

According to the April 2025 licensing guide, system administrators do not need a license to operate in D365 if they only hold the System Administrator role. However, if a user has additional roles besides System Admin, they will need the appropriate licenses to match those roles.

What does the remediation process for incorrectly allocated licenses look like? Also, has Microsoft resolved the known issue where the assigned user in the power platform Admin Center does not match the corresponding user in D365?  

The process is straightforward: first, determine the users in D365F&SCM, then assign licenses in the admin center. If you are short on licenses, you will need to purchase additional ones. We recommend reaching out beforehand to get a second opinion on whether it is possible to reduce or optimize your license mix.

Regarding reporting, the issue has not yet been resolved. Hopefully, Microsoft will address this soon, as there appear to be discrepancies between LCS and the Power Platform Center.

How will device licenses be handled? How will they be assigned? Will users still be prompted with remedial warnings even if though they fall under the user pool for a work center using PFE and material movers using scanners? 

Currently, this is a work in progress from Microsoft. We don’t think a warning error will be visible.

When you assign security roles to existing users in D365, will it alert you that the user doesn’t have a license assigned for that role? For example, going from activity license to supply chain management, HR license?  

We think it will, but we don’t know for sure. Our general answer is that we highly doubt this functionality will exist. Microsoft has not implemented warnings with this level of granularity before, and it is unlikely that they will do so in the future.

---

FAQs