Dynamics 365 Business Central: the Dynamics 365 Business Central Administrator role for granular administration

One of the planned feature for Dynamics 365 Business Central 2023 Wave 2 release (v23) is an interesting change on the granular delegated administrator roles.

Until today, when a customer accepts a partner’s request for granular delegated administration privileges, the relevant members of the specified security group in the partner’s Microsoft Entra tenant get access as indicated in the following list:

• The Dynamics 365 Administrator role gives access to manage Dynamics 365 for the customer, including support requests
• The Service Support Administrator role gives access to manage support requests on the customer’s behalf
• The Helpdesk Administrator role gives access to the customer’s Microsoft Entra tenant.

Users with the following Microsoft Entra roles are authorized to access the Dynamics 365 Business Central administration center:

• Global Administrator
• Dynamics 365 Administrator
• Helpdesk Administrator (Delegated users only)

To date, the Dynamics 365 Administrator Microsoft Entra ID role was the most restricted role for internal and delegated users that still enables access to Business Central environments and admin center. But this role can give you also authorizations to access Power Platform or Dynamics 365 products on the customer’s tenant.

The 2023 Wave 2 release introduces a new Dynamics 365 Business Central Administrator role that grants access to Dynamics 365 Business Central without also giving rights to other Dynamics 365 or Power Platform products. In this way you can have a more granular control over what internal and delegated users can access and administer within a customer tenant.

Many of you asked why I cannot see this new role now and start raising alerts on possible problems on their tenants. Don’t worry, nothing about that…

The new Dynamics 365 Business Central Administrator role will not be immediatly available (you cannot find it now) but it will be available in the next months (probably a month or so).

Other important things to note related to this topic:

• The Dynamics 365 Administrator role will remain as it is today, no changes on it (so same permissions)
• After introducing the new Dynamics 365 Business Central Administrator role, delegated users who are assigned the Helpdesk Administrator role as part of the granular delegated admin privileges (GDAP) relationship with a customer will no longer have access to the Dynamics 365 Business Central Admin Center.