SharePoint Document Storage

As part of our CRM standards, Dynamics 365 should use the out-of-the-box (OOTB) integration with SharePoint Online as the default and preferred approach for storing documents and files related to records stored in Dynamics 365.

Dynamics 365 is optimised for structured data and process automation, not large-scale file storage. SharePoint Online is Microsoft's strategic platform for document management and collaboration. Using the OOTB integration aligns with Microsoft best practice and provides a scalable, secure and supportable solution.

Use SharePoint Instead of Storing Files in Dynamics 365

Platform Alignment and Supportability

Microsoft designs Dynamics 365 and SharePoint to work together. The out-of-the-box integration:

  • Is fully supported by Microsoft
  • Requires no custom code to maintain
  • Continues to benefit from Microsoft product updates

Avoiding custom document storage solutions reduces technical debt and upgrade risk.

Improved Performance and Reduced Dataverse Storage Costs

Storing files directly in Dataverse:

  • Consumes Dataverse file storage, which is limited and chargeable
  • Can negatively impact form load times and API performance

Using SharePoint:

  • Keeps Dataverse lean and performant
  • Leverages significantly cheaper and more scalable storage

Rich Document Management Capabilities

SharePoint provides features that Dynamics does not natively offer, including:

  • Document versioning and history
  • Check-in and check-out
  • Co-authoring in Office documents
  • Metadata, views and search
  • Retention labels and records management

These capabilities are available immediately with the out-of-the-box integration.

Seamless User Experience in Dynamics

With the integration enabled:

  • Each record automatically links to a corresponding SharePoint folder
  • Documents are surfaced directly in the Dynamics timeline or Documents tab
  • Users do not need to manually navigate to SharePoint

This provides the benefits of SharePoint without compromising the Dynamics user experience.

Recommended Configuration and Best Practices

Enable and Configure the Out-of-the-Box Integration

  • Use the standard Dynamics 365 SharePoint Online integration wizard
  • Use SharePoint Online rather than on-premises SharePoint
  • Configure one parent SharePoint site per environment unless there is a strong business reason not to

Avoid custom folder logic unless absolutely required.

Folder Structure

  • Use the default folder-per-record model
  • Avoid deep or highly customised folder hierarchies
  • Allow Dynamics to manage folder creation automatically

Over-customisation increases complexity and makes permissions harder to manage.

File and Naming Standards

  • Encourage meaningful file names and rely on versioning rather than duplicating files
  • Avoid storing emails or system-generated files unless there is a clear business need
  • Use SharePoint metadata only where there is a defined reporting or governance requirement

What We Avoid as a Standard

  • Storing large volumes of files directly in Dataverse
  • Custom document storage solutions
  • Custom security synchronisation between Dynamics and SharePoint
  • Over‑customised folder structures or permission models

Security Considerations

Dynamics 365 security roles and record-level permissions are not replicated to SharePoint out of the box. This must be explicitly considered as part of solution design.

Baseline Security Model (Recommended Standard)

  • Secure access primarily at the SharePoint site or document library level
  • Grant access to the SharePoint site only to users who are authorised to access documents in Dynamics
  • Avoid relying on folder-level or item-level security wherever possible

This model is simpler, easier to audit, and more performant.

Using SharePoint Site Permissions

  • Use Azure AD security groups to control site or library access
  • Map these groups to user roles such as Customer Service Agent
  • Manage group membership outside of Dynamics

Folder-Level Security (Use with Caution)

Folder-level permissions may be used where there is a genuine regulatory or confidentiality requirement and where only a small number of records require restricted access.

  • Automate permission assignment where possible
  • Avoid breaking inheritance at scale
  • Document the approach clearly for support teams

Heavy use of folder-level permissions can cause performance and manageability issues.

Highly Sensitive Documents

  • Use separate SharePoint sites for highly restricted content
  • Apply sensitivity labels, retention policies and Conditional Access
  • Avoid storing such documents against standard Dynamics records

Dynamics should link to the document location rather than hosting the file directly.

Summary

Using the out-of-the-box Dynamics 365 and SharePoint Online integration is the standard approach for document storage. It delivers better performance, lower cost, richer document management and a secure, supportable architecture when security is deliberately designed in SharePoint.