Business Central 2023 wave 1 (BC22) new features: Manage user permissions using Azure Active Directory security groups (‘User Group’ -> ‘Security Group’)

Dynamics 365 Business Central

Hi, Readers.
The public preview for Dynamics 365 Business Central 2023 release wave 1 (BC22) is available. Learn more: Link.

I will continue to test and share some new features that I hope will be helpful.

Manage user permissions using security groups:

Business value:
As businesses grow and change, managing permissions can become increasingly complex. Security groups can simplify the process by allowing administrators to group users by department, job function, or other criteria, and assign permissions to the group as a whole. Using security groups to manage permissions can save time and reduce the risk of human error. Security groups allow for easier management of access control, ensuring that users only have access to the resources they need. This can also streamline the process of onboarding new employees or contractors, as they can be quickly added to the appropriate security groups.

Since the release of the BC SaaS version, I have often been asked, can Azure Active Directory security groups be linked to user groups in BC?

In Business Central 2021 wave 2 (BC19), we can use Azure Active Directory groups to manage access to Dynamics 365 Business Central environments. More details: Manage access to environments using Azure Active Directory groups (Security Group in Admin Center)

But this is limited to environment access management, and has nothing to do with user permissions in BC.

Finally with this update, Microsoft has brought us a new feature. We can now use Azure Active Directory security groups to manage the permissions users have to access various parts of Business Central.👏👏👏

PS: If you have customized User Group, you will see the following warning in BC22.

Table ‘User Group’ is marked for removal. Reason: Replaced by the Security Group table and Security Group codeunit in the security groups system.. Tag: 22.0.

New Security Group page:

Let’s see some details.

A prerequisite for using security groups in Business Central is that you must create Azure Active Directory security groups and add members to them either in the Microsoft 365 admin center or in the Azure Active Directory portal.
In Azure Active Directory portal:

In Microsoft 365 admin center:

After you create Azure Active Directory security groups, you can link them to security groups in Business Central on the Security Groups page.

Choose New group

Create the link by entering a Code and Name that match the Azure Active Directory security group.

PS: If the AAD security group name does not exist, the following error will be prompted.

The group ID does not correspond to a valid AAD group.

The Members FactBox shows the members of the Azure Active Directory security group. But the prerequisite is that the user has been added to the environment.

Assign permissions to security groups by choosing the Permissions action in Security Groups page.

Manage permission sets for security groups by choosing RelatedPermissions Set by Security Group on the Security Groups page. This is a convenient way to set permissions.

Copy security group permissions to a new security group by choosing the Copy Security Group action. Alternatively, you can share security group settings by choosing the Export Security Groups action to export them to an XML file, and then the Import Security Groups to import the XML file.

And you can find relevant information on the user card.

This is a great improvement, but partners need to reset user groups and permissions, which may be a lot of work, so please prepare in advance. Give it a try!!!😁

PS: Microsoft provided the user group migration capabilities in BC 22

There are still user groups defined in the system. Do you want to run the user group conversion guide?

Business Central Launch Event (2023 release wave 1) 


Hope this will help.

Thanks for reading.



Copied title and URL