Simplifying Access Management in D365 BC Through Security Groups

-

Introduction

A Security Group is a way to group users together so that you can give access to all of them at once.
For example, if everyone in the Finance team needs access to certain files or apps, you can add them to a group and give the group permission instead of doing it for each person.

In Office365, Security Groups are managed through Azure Active Directory, which handles sign-ins and user identities in Microsoft 365. 
They help IT teams save time, stay organized, and keep company data safe.

The same Security Groups you create in Azure Active Directory (AAD) can also be used in Dynamics 365 Business Central to manage user permissions. Instead of giving access to each user one by one in Business Central, you can connect a Security Group to a set of permissions. Then, anyone added to that group in Azure AD will automatically get the same permissions in Business Central.

They’re also helpful when you want to control environment-level access, especially if your company uses different environments for testing and production. For example, only specific groups of users can be allowed into the production system.

Security Groups aren’t just useful in Business Central, they can be used across many Microsoft 365 services. You can use them in tools like Power BI, Power Automate, and other Office 365 apps to manage who has access to certain reports, flows, or data.

In Microsoft Entra (formerly Azure AD), these groups can be used in Conditional Access policies. This means you can set rules like “only users in this group can log in from trusted devices” or “users in this group must use multi-factor authentication.”

References

Usage



Go to "Teams & Groups" > "Active Teams & Groups" > "Security Groups"


Click on "Add a security group" to create a new group.


Add a name and description for the group and click on Next and finish the process.


Once the group is created, you can re-open it and click on "Members" tab to add Members.


Click on "View all and manage members" > "Add Members"
Select all the relevant Users and click on Add.


Now, back in Business Central, search for Security Groups.


Open it and click on New.

Click on the drill down.


You'll see all the available security groups here, select the relevant one and click on OK.
Mail groups are not considered in this list.


You can change the Code it uses in Business Central if required.
Once done, click on "Create"


Select the new Security Group and click on Permissions.

Assign the relevant permissions.


Now, any User that will be added to this Security Group in Office 365 will have the D365 Banking Permission Set assigned to them.

Further, these groups will also be visible in the Admin Center, from where you can define whether a particular group has access to a particular environment.

Conclusion

Security Groups are a powerful way to manage user access across Microsoft 365 and Dynamics 365 Business Central.
They save time, reduce manual effort, and help ensure that the right people have access to the right data and tools.
By using Security Groups, IT teams can stay organized, manage permissions more consistently, and improve overall security.

Whether you're working with Business Central, Power BI, or setting up Conditional Access in Microsoft Entra, Security Groups provide a flexible and scalable solution for modern access management.

Comments

Post a Comment

Popular posts from this blog

Event-Driven Architecture: How to Create Custom Business Events in Business Central

-
Image
Introduction Events are notifications that signal something has happened in the system. A record getting created, updated or deleted, a sales order getting posted, etc are all examples of events. An event driven architecture provides asynchrony and decoupled communication between different components of the system supporting flexibility, scalability and modularity. In Business Central, we have two main types of events - Business and Integration. Integration Events are related to things within Business Central. They are use for extending the functionality of the Base Application without modifying it directly. Business Events are related to things outside of Business Central. They are used for notifying external systems (e.g., via Power Automate or Logic Apps) regarding any changes that happen within Business Central. Microsoft allows us to create custom Integration and Business Events based on our requirements. In this blog, we'll see how to create a custom Business Event and...
Read more

Visualizing Data: How to Add Power BI Reports to Business Central

-
Image
Introduction Power BI is a great tool for turning data into clear, interactive reports and the best part?  It works smoothly with Business Central, right out of the box.  You just need to set it up, and you can start viewing powerful reports right inside within Business Central dashboard.  Microsoft provides several ready-made reports, grouped into different apps, so you can pick and install only what you need.  Once set up, these reports help you track key business insights without switching between systems.  In this blog, we’ll walk you through how to set up and use Power BI reports in Business Central to make smarter decisions. References Introduction to Business Central and Power BI Install Power BI apps for Business Central Configuration Open your Business Central and search for "Assisted Setup". Click on "Connect to Power BI" Once the set up page opens, click on Next. Fiscal : A 12-month calendar that begins in any month and ends 12 months after. Standard ...
Read more

Know Your Users: Automated Usage Tracking for Better System Adoption

-
Image
Introduction After a new Business Central system goes live, it’s important to know if users are actually using it the way they should (Go-Live is just the beginning). Tracking usage statistics helps us understand how well the system is being adopted and where improvements might be needed. To make this easier, I’ve created a small utility that automatically collects user activity data and builds a report from it. This saves time and gives a clear picture of how the system is being used to the management. Here’s what it does: There’s a setup page where you can choose how stats are collected and skip certain users (like consultants or support team members who create test data). A configuration page lets you pick which tables to track. You can also set how often stats should be gathered using a frequency field; it even sets up the background job for you. A report which summarises the generated data in a neat matrix. With this tool, keeping an eye on system adoption becomes simple and autom...
Read more