United Kingdom: Making Tax Digital - fraud prevention headers about originating device on Dynamics 365 for Finance and Operations

Introduction

On July 13, 2017, the Financial Secretary to the Treasury and Paymaster General in the United Kingdom announced that Making Tax Digital (MTD) for value-added tax (VAT) will take effect on April 1, 2019.

Dynamics 365 for Finance and Operations starting from version 10.0.1 supports MTD for VAT of the United Kingdom.

To support the MTD for VAT requirements on Dynamics 365 for Finance and Operations version 7.3 the hotfixes were released: #4492999, #4493076.

The documentation about setting up and usage Dynamics 365 for Finance and Operations for MTD for VAT is published on https://docs.microsoft.com/en-us/dynamics365/unified-operations/financials/localizations/emea-gbr-mtd-vat-integration.

Additionally, HM Revenue and Customs (HMRC) introduced compulsory to supply header information for VAT API from April 2019 to prevent fraud. For more information, see Fraud prevention.

First part of fraud prevention parameters is supported in:

Dynamics 365 for Finance and Operations version

Build number

10.0.1

10.0.51.30002

10.0.2

10.0.80.10022

10.0.3

10.0.107.0

For versions 7.3 of Dynamics 365 for Finance and Operations the KB # 4504462 must be installed.

All the details related to the first part of fraud prevention parameters are explained in the KB # 4504462 and incorporated to the documentation on https://docs.microsoft.com/en-us/dynamics365/unified-operations/financials/localizations/emea-gbr-mtd-vat-integration as well.

Current update provides additionally to the previously delivered scope of the fraud prevention parameters possibility of identifying and transmission of fraud prevention parameters about originating device when “WEB_APP_VIA_SERVER” connection method is used for interoperation with HMRC.

Overview

As it was described in the KB # 4504462, it is supposed that most companies using Dynamics 365 for Finance and Operations in cloud architecture use “WEB_APP_VIA_SERVER” connection method interoperating with HMRC via Electronic messages functionality.

Scope of fraud prevention parameters involved when “WEB_APP_VIA_SERVER” connection method is used:

HTTP header

Description

Coverage

Gov-Client-Public-IP

The public IP address (IPv4 or IPv6) from which the originating device makes the request.

Not in scope.

Gov-Client-Public-Port

The public TCP port that the originating device uses when initiating the request.

Not in scope.

Gov-Client-Device-ID

An identifier unique to an originating device.

Included in the current hotfix.

Gov-Client-User-IDs

A key-value data structure containing the user identifiers.

Not in scope.

Gov-Client-Timezone

The local time-zone of the originating device.

Included in the current hotfix.

Gov-Client-Local-IPs

A list of all local IP addresses (IPv4 and IPv6) available to the originating device.

Not in scope.

Gov-Client-Screens

Information related to the originating device’s screens.

Included in the current hotfix.

Gov-Client-Window-Size

The number of pixels of the window on the originating device in which the user initiated (directly or indirectly) the API call to HMRC.

Included in the current hotfix.

Gov-Client-Browser-Plugins

A list of browser plugins on the originating device.

Included in the current hotfix.

Gov-Client-Browser-JS-User-Agent

JavaScript-reported user agent string from the originating device.

Included in the current hotfix.

Gov-Client-Browser-Do-Not-Track

Whether the Do Not Track option is enabled on the browser.

Included in the current hotfix.

Gov-Client-Multi-Factor

A list of key-value data structures containing details of the multi-factor authentication (MFA) statuses related to the API call.

Not in scope.

Gov-Vendor-Version

A key-value data structure of software versions involved in handling a request.

Included in the KB # 4504462

Gov-Vendor-License-IDs

A key-value data structure of hashed license keys relating to the vendor software initiating the API request on the originating device.

Not in scope.

Gov-Vendor-Public-IP

The public IP address of the servers to which the originating device sent their requests.

Not in scope.

Gov-Vendor-Forwarded

A list that details hops over the internet between services that terminate TLS.

Not in scope.


Implementation details

To support possibility of detecting parameters about originating device which must be transmitted as part of the API request to HMRC, an X++ methods were included into the application part. Here is the information about versions of Dynamics 365 for Finance and Operations including these methods:

Dynamics 365 for Finance and Operations version

Build number

10.0.5

10.0.197

For versions 7.3 of Dynamics 365 for Finance and Operations the KB # 4513878 must be installed.

In Dynamics 365 for Finance and Operations request headers are composed by the “MTD VAT web request headers format (UK)” format in Electronic Reporting (ER) module. To support fraud prevention headers about originating device this format configuration was extended additionally with necessary nodes:

  image.png

Determination of the corresponding values of the headers is supported via calling of the X++ methods by the “MTD VAT model mapping” configuration. “Electronic Messages framework model” was also extended to support included nodes used for mapping of the values of fraud prevention headers about originating device.

Setup

To activate transmission of fraud prevention headers during interoperating with API of the HMRC, import the following of higher versions of the following ER configurations from the LCS portal:

#

GER configuration name

Type

Version

1

Electronic Messages framework model

Model

24

2

MTD VAT model mapping (UK)

Model mapping (exporting, importing)

24.31

3

MTD VAT web request headers format (UK)

Format (exporting)

24.24

Important note!  When new versions of ER configurations are imported, check that following configurations are marked as Default for model mapping:

  • Tax declaration model mapping

  • MTD VAT model mapping (UK)

When mentioned or higher versions of the ER configurations are imported, fraud prevention parameters about originating device will be transmitted as part of the HTTP request the HMRC.

When user initiates a request to the HMRC without activating a batch job, the following page will inform about what information is going to be sent to the HMRC:

image.png

User must consent transmission of the information listed in the page by marking the check box, “Submit” will be activate and user will be able to click it to proceed further with request to HMRC.

If the transmission on this stage is canceled (“Do not submit” button is clicked), the status of the electronic message will change to Error and a description of the error will be attached to the Action log. You can click Send report to continue the transmission of the same electronic message.

Learn more how you can disable transmission of fraud prevention parameters for your system in the KB # 4504462.

Important note!  API requests without fraud prevention headers may be rejected by HMRC. It is strictly recommended to address API requests to HMRC with fraud prevention headers.


Hotfix information

Electronic reporting configuration download instruction from Lifecycle Services: https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/analytics/download-electronic-reporting-configuration-lcs

How to obtain the Microsoft Dynamics AX updates files

This update is available for manual download and installation from the Microsoft Download Center for version 7.3:

Prerequisites

You must have one of the following products installed to apply this hotfix:

  • Microsoft Dynamics 365 for Finance and Operations (7.3)

Restart requirement

You must restart the Application Object Server (AOS) service after you apply the hotfix.

If you are encountering an issue downloading, installing this hotfix, or have other technical support questions, contact your partner or, if enrolled in a support plan directly with Microsoft, you can contact technical support for Microsoft Dynamics and create a new support request. To do this, visit the following Microsoft website:

https://mbs.microsoft.com/support/newstart.aspx

You can also contact technical support for Microsoft Dynamics by phone using these links for country specific phone numbers. To do this, visit one of the following Microsoft websites:

Partners

https://mbs.microsoft.com/partnersource/resources/support/supportinformation/Global+Support+Contacts

Customers

https://mbs.microsoft.com/customersource/northamerica/help/help/contactus

In special cases, charges that are ordinarily incurred for support calls may be canceled if a Technical Support Professional for Microsoft Dynamics and related products determines that a specific update will resolve your problem. The usual support costs will apply to any additional support questions and issues that do not qualify for the specific update in question.


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

×