Recently, my colleague found out that a new field had been added to the BC admin center and shared it with me. That seemed to be a new feature of the D365BC on 2021 Release Wave2. My colleague and I immediately looked into it. We can already use Azure AD group to grant access to each BC environment. The detail of this new feature is described in below Docs.
Manage access to environments using Azure Active Directory groups | Microsoft Docs
I’ve been waiting for this feature for a long time. With the current feature, to prohibit users from accessing environment X, it was necessary to either remove all Permission Sets in the user card or to set this user as Disable in the user card in environment X. However, in order to create a user card for user A in environment X, user A had to sign in to environment X or an administrator had to run the Get O365 User function. And we needed to do this in every environment that we did not want users to have access to. This process was so tedious… This new feature will save you a lot of time and effort. It will also be easier to manage, resulting in fewer security incidents.
1. preparation
I created 2 user like below. Then click Azure AD admin center in the left navigation pane.
I will create two new user group. Click +New group button.
Described group type, name and description, then click Create button.
I created another group as well.
Assign users to groups. Choose Japan Branch Group.
Assign a member.
Choose user01 and click Select button.
Then User01 assigned to Japan Branch user security group.
Do the same for assigning User02 to groups US Branch group.
2. Assign BC environment to User Group.
Looking at the Administration Center, you will see that the “Security Group” column has been added.
Enter a environment detail page, and Define button of Security Group.
Choose security group. In this case, I chose US Branch group for SanUSv19Prev environment.
Click Yes.
You can see US Branch group is assigned to this environment. Copy the URL of this environment.
3. Check security.
Sign in User01 who is NOT a member of US Branch group.
Paste URL on another browser tab, then this error message will be shown. This indicates that the function is working properly!!
User02 can accesses this environment.
What about in a different environment? SandJPv19Prev that has not yet been assigned a user group. User01 can access.
And User02 can access. If you have not assigned any user groups, basically everyone will have access.
It’s easy to operate. Just try it out.