Business Central 2024 wave 2 (BC25): Environment-level access controls for delegated administrators (Control partner access per environment)

Dynamics 365 Business Central

Hi, Readers.
Dynamics 365 Business Central 2024 wave 2 (BC25) is generally available. More details: General availability: Dynamics 365 Business Central 2024 release wave 2 (BC25).

I will continue to test and share some new features that I hope will be helpful. This is a recent update in the Admin Center.

Control partner access per environment:

Business value:
Business Central customers with multiple environments are often working with many partners to support each environment. With this feature, customer administrators can now easily and efficiently control partner access to environments. This feature simplifies partner management by allowing administrators to assign partner tenants to each environment.

https://learn.microsoft.com/en-us/dynamics365/release-plan/2024wave2/smb/dynamics365-business-central/control-partner-access-per-environment?wt.mc_id=DX-MVP-5004336

In 2024 release wave 2, Microsoft is introducing new environment settings in the Business Central admin center that enable internal administrators to control which environments delegated users and multitenant apps from partner tenants can access and administer.

Partner Access: Choose Modify

Delegated administrators with a supported Entra role in a granular delegated administrative privileges (GDAP) relationship, and foreign multitenant applications with admin consent to Business Central APIs, can access and administer your Business Central environment. Use these settings to control their access. Learn more

You can completely disable Allow partner access.

Or disable Allow access to all partner tenants. Then select the tenants that you want to grant access to this environment. By selecting all tenants, you ensure that any new foreign tenants with future tenant-level access won’t automatically gain access to this environment.

Important
Up to ten Entra tenants can be allowlisted per environment to enable them to access and administer the environment.

Finally, choose Save to save the settings.

PS: Delegated users and multitenant apps accessing or administering the environment must belong to an allowlisted tenant. This feature is optional, and if no tenants are allowlisted for an environment, delegated users and multitenant apps will be able to access and administer the environment as they did before. This feature only affects the use of the admin center API by multitenant apps that have been authorized within the admin center.

More detals: Manage access for delegated administrators and multitenant applications

The Partner access setting doesn’t override the tenant-level prerequisites for any delegated administrator or multitenant application to authenticate to a customer tenant. It only allows for more granular access controls on the Business Central environment-level after tenant-level prerequisites are in place. Delegated administrators that don’t have an Entra role that allows for administration and access of Business Central environments assigned in the customer tenant as part of an active GDAP relationship can’t access the customer tenant even if their home Entra tenant is allowlisted in the Partner access settings for the environment. Multitenant applications that aren’t registered in the Business Central administration center or environment itself, or for which no consent has been granted in the customer tenant, can’t access the customer tenant even if their home Entra tenant is allowlisted in the Partner access settings for the environment.

Great, give it a try!!!😁

PS:
What’s new: Environment-level access controls for delegated administrators

What's new: Environment-level access controls for delegated administrators.

END

Hope this will help.

Thanks for reading.

ZHU

コメント

Copied title and URL