Microsoft Entra owners may exhibit reluctance in accepting GDAP relationships due to security apprehensions, notwithstanding the introduction of the new Microsoft Entra role, Dynamics 365 Business Central Administrator.
We are kindly requesting to both Microsoft Dynamics 365 Business Central Development and Partner Center teams to review access permissions to facilitate of a mechanism enabling the configuration of access to the D365 BC SaaS Admin portal and BC SaaS environments in read-only mode.
The idea is to restrict access for the delegated admin users to run actions on the Dynamics 365 Business Central Admin Center and BC environments. Following tasks should be included in read-only mode:
- Access in Read-only mode the Dynamics 365 BC SaaS Admin portal and Dynamics 365 Business Central SaaS environments.
- Monitor and inform customer Global Admin user about customer environments issues.
- Review upgrades of the D365 BC SaaS environments with no access to update settings.
- Read Microsoft 365 service health dashboards on BC Admin portal.
The request is initiated with the aim of enhancing trust and security, particularly concerning the access granted in read-only mode for the Delegated Admin users on the Microsoft Dynamics 365 Business Central SaaS.
Comments
Also it should be possible to seperate the Administration Access from Working inside a BC Environment.For Example: A Helpdesk User wants to assist the customer with for example a Posting Process in BC, but not be able to delete the environment.This also would have to be managed somehow upfront without huge Monkeywork.
Category: Tenant Administration
A separate role should be introduced for giving only read access to Business Central admin center. Maybe this can be added to an already existing role.
Category: Tenant Administration