Business Central 2021 wave 2 (BC19) new features: Manage access to environments using Azure Active Directory groups (Security Group in Admin Center)

Dynamics 365 Business Central

Hi, Readers.
The preview environment for Dynamics 365 Business Central 2021 release wave 2 (BC19) is available now. Learn more:

Update: Generally available: Dynamics 365 Business Central 2021 release wave 2 (BC19)

I will continue to test and share some new features that I hope will be helpful.

Manage access to environments using Azure Active Directory groups:

Business value:

Use Azure Active Directory groups to manage access to Dynamics 365 Business Central environments.

Feature details:

You can use Azure Active Directory (Azure AD) groups to grant access to environments.

In the Business Central admin center, you can associate an Azure AD group with an environment. Members of that Azure AD group will be synchronized to Business Central and granted access to that environment.

Main benefits will be:

・Users can only see the environments that they have access to.
・Only the users in the associated group are imported to the environment.

Now you can find a new field in the Admin center, Security Group (A kind of group on Azure AD).

Edit Security Group
Restrict environment access to people in this security group. Otherwise, any licensed user can access. Users with administrator role can access all environments, regardless if they are added to the group or not.

Let’s access to Azure Portal.

Search for Group and then choose the related link.

Then the group page will be opened. Since there is no group with group type Security, they cannot be found in the Admin Center.

For the test, choose New group.

Select Security Group type.
Security groups are used to give group members access to applications, resources and assign licenses. Group members can be users, devices, service principals, and other groups.

Microsoft 365 groups are used for collaboration, giving members access to a shared mailbox, calendar, files, SharePoint site, and so on. Group members can only be users.

Enter Group name and Group description, select Owners and Members, then choose Create.

A new security group has been created.

Return to the Business Central admin center, you can find the security group you just created.

Select a security group, then choose Save.

Choose Yes.

The security group will be added.

1. You can also manage security groups from Microsoft 365 admin center.

Active teams & groups

2. You can only add one security group for an environment.

3. If a security group is set and you are not in the group, you cannot log in even if you have a BC license. So using this feature you can directly restrict the user’s access to the BC environment.

You do not have access to this environment. You must be a member of a security group that is associated with the tenant. Please contact your system administrator.

4. The users with administrator roles, which can access Business Central as administrator, global admins, help desk agents, dynamics 365 admin, and delegated admins will continue having access to all of their environments.

5. Security Group will be copied when the environment is copied.

Give it a try.

Update info from Business Central Launch Event (2023 release wave 1) 


Hope this will help.

Thanks for reading.



Copied title and URL