Helpful Note:
If you are upgrading to version 25.0 or later, please click here for advice on what to do with your User Groups prior to performing the upgrade.
Microsoft Dynamics Business Central Version 25: Important Changes to Permission Management
In Microsoft Version 25, the ‘Security Groups’ functionality is enabled as standard, this functionality also makes User Groups obsolete within Business Central. Security groups are created and managed within Microsoft Azure. If you want to use Security Groups, we advise you liaise with the people/company that deal with your IT support.
Below we have summarised the uses and benefits of utilising Security Groups in addition to providing links to Microsoft resources:
Purpose of Security Groups
Security groups in Business Central Online help control which users have access to specific environments. They can be used to limit access to certain environments, such as Sandbox or production, based on roles or departments.
Azure Active Directory (Azure AD)
Business Central Online integrates with Azure AD. Admins can use Azure AD security groups to define user access to different environments in Business Central. Only members of the designated security group can access the Business Central environment linked to that group.
Setting Up Security Groups
Admins can create and manage security groups directly in Azure AD.
Once a security group is set up in Azure AD, it can be linked to an environment in Business Central through the Business Central Admin Center.
Assigning Security Groups to Environments
In the Business Central Admin Center, under the Environments tab, admins can specify which security group can access each environment.
If no security group is assigned, all licensed Business Central users in the tenant can access the environment.
This setup is particularly useful for managing sandbox environments and ensuring only relevant users can access them.
Impact on User Access
Only users in the assigned security group (for a particular environment) will be able to log in and access that environment. This setup enhances security by restricting access based on group membership.
Best Practices
Microsoft recommends using security groups for better access control and to support data security and privacy within the organization.
These security group settings ensure that only the right people have access to specific Business Central environments, supporting better data governance and security for online environments.
Microsoft Article Link: Manage User Permissions using Security Groups