Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Business Central forum / Business Central for I...
Business Central forum
Suggested answer

Business Central for IWs trial license gives unlimited access to Production environment

(0) ShareShare
ReportReport
Posted on by Rob F. 481

I'm aware from past experience and other forum posts that there is a BC trial license in our tenant that enables users to use self-service sign-up without system admins being aware of their activity.  However, I was a bit shocked to discover that one of our staff who is not a BC user was able to use the self-service sign-up and as a result was provisioned the IWs license with SUPER permissions to our live production environment / company, which normally requires an internal approval process and proper security setup, including data security.  Does anyone know how we can disable and/or remove the IWs licenses from our tenant to prevent this from happening again?  This is a significant security and internal audit risk for our company.

Categories:
Other
Security
  • CU30061305-0 Profile Picture
    CU30061305-0 6 on at
    Business Central for IWs trial license gives unlimited access to Production environment
    Hello!

    To prevent this from happening again, you can:

    1. Disable Self-Service Sign-Up in Azure AD under 'User settings.'
    2. Remove Unauthorized Licenses by checking Azure AD and removing any incorrect IWs licenses.
    3. Set Up Conditional Access Policies for better control.

    Hope this helps)

  • Ratnesh Kumar Profile Picture
    Ratnesh Kumar 99 on at
    Business Central for IWs trial license gives unlimited access to Production environment
    Dynamics 365 Business Central is an integrated cloud-based ERP solution designed for small to medium-sized businesses, empowering Intelligent Workers (IWs) with tools for finance, sales, inventory, and more. It streamlines processes, enhances data-driven decision-making, and fosters collaboration, driving business growth and efficiency.
  • Rob F. Profile Picture
    Rob F. 481 on at
    RE: Business Central for IWs trial license gives unlimited access to Production environment

    Thank you everyone for the replies.

    Inge - This is BC SaaS and the user does not have any admin rights on the tenant.  They are a basic/standard user with an Office 365 E3 license.  I'll submit a ticket through our Partner to see what additional insight they or Microsoft can provide on this.

    MahGah - Thank you for the reminder about using AD groups on the environment.  I added one to our Production environment that includes all the authorized BC users.  I was aware of the AD power shell setting that you linked, but it would disable self-service to all applications and our IT department may still want to allow access to those.  We may need to use it though at least temporarily until we can remove the IWs licenses from the tenant (if that is possible).

    Zhu - Thank you for the reminder, I was aware of that as well but in this case the environment has been up and running since late December and so this wasn't a first-time login.  

  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 64,449 Super User on at
    RE: Business Central for IWs trial license gives unlimited access to Production environment

    Hi, Just to add a little information, if the user is the first to log into the Production environment, it will initialize the environment and automatically grant Super permissions. For example, they tried to login from Business Central Sign In | Microsoft Dynamics 365

    PS: Security Group

    https://yzhums.com/18304/

    Hope this will help.

    Thanks.

    ZHU

  • Suggested answer
    MahGah Profile Picture
    MahGah 15,409 on at
    RE: Business Central for IWs trial license gives unlimited access to Production environment

    Hi

    To add to Inge info 

    if you like to disable self service sign up for your Azure AD check this article https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-business-central-manage-selfservice-signups

    Also, in your Business Central Admin center look for Security Group (SaaS version) this way you can limit the access to your environment. 

    pastedimage1643662947218v1.png

  • Suggested answer
    Inge M. Bruvik Profile Picture
    Inge M. Bruvik 32,720 Super User on at
    RE: Business Central for IWs trial license gives unlimited access to Production environment

    I do not have the full solution or explanation for you. But if this is BC SaaS i would start by checking what permission this user are assigned in your Azure AD. And i would look for any kind of admin rights that might enable the users to assign them self licenses.

    If you are not able to figure it out i will recommend that you raise a support ticket with Microsoft through your CSP partner and maybe they can help you figure out what has been going on.

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .

more Community News

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 288,513 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 225,862 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans