How to implement resource exposer policy in ISV app key vaults for Business Central online?

(2) Share

Report

Posted on by CU24111138-0

We have created the Key Vault at Azure and provided the required access and user the Key Vault URL used in the app.json in Business Central, and then "BC-ResourceExposurePolicy-Overrides secret" the resource exposure policy to test the customer tenant as shown below, script run in PowerShell, but still not able to override ISV APP "ResourceExposurePolicy" in the dependent app

$json = '{
"allowDebugging": [
"9e2b6561-1ba6-4790-abcc-c84abf9a8961"
],
"allowDownloadingSource": [
"9e2b6561-1ba6-4790-abcc-c84abf9a8961"
],
"includeSourceInSymbolFile": [
"9e2b6561-1ba6-4790-abcc-c84abf9a8961"
]
}'
$Secret = ConvertTo-SecureString -String $json -AsPlainText -Force
Set-AzKeyVaultSecret -VaultName "YourKeyVaultName" -Name "BC-ResourceExposurePolicy-Overrides" -SecretValue $Secret

Categories:

Dynamics 365 Business Central

I have the same question (0)

All responses (1)

Answers (0)

Suggested answer

OussamaSabbouh 3,735 on at

Like (1)

Report

How to implement resource exposer policy in ISV app key vaults for Business Central online?

Hello,

Your override isn’t working because the GUIDs in your JSON must be the user’s own Microsoft Entra tenant ID, not the customer’s tenant ID or an app/environment ID.

This is the #1 reason overrides fail.

Also make sure:

The ISV app itself contains the Key Vault URL in its app.json

launch.json has tenant = <customer tenant>

You’re debugging as a delegated admin or guest

Secret name is exactly BC-ResourceExposurePolicy-Overrides

If any of those four elements is wrong, the policy won’t override.

Regards,

Oussama Sabbouh

1 people found this reply helpful.

Was this reply helpful? Yes No