Small and medium business | Business Central, N...

Security Groups based on Entra with onPrem installation

(6) Share

Report

Posted on by GW-11030928-0

Hi all,

is it possible to create security-groups based on Entra (AAD) with a BC365 25.3 onPrem installation. The used instance is based on AccessControlService. Trying it I get always the answer

It's interessing to see, that "normal" AD-Windows groups could also not be found (only with a indows-authetication).

KR GW

Categories:

Dynamics 365 Business Central

I have the same question (2)

All responses (4)

Answers (0)

Sort by

Suggested answer

Holly Huffman 6,554 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!
Hi there! Good morning, evening, or afternoon - depending on where you are :)

Hope you are well today!

here are some thoughts / suggestions & apologies if you've tried these already!

Entra (AAD) Security Groups with On-Premises BC

Compatibility: Business Central on-premises installations typically rely on Windows Authentication or Access Control Service (ACS) for user authentication. However, Entra (AAD) integration is more common in cloud-based deployments.

Limitation: Directly using Entra (AAD) security groups in an on-premises setup may not be supported out of the box, especially if ACS is being used instead of Azure AD Authentication.

Why "Normal" AD-Windows Groups Are Not Found

If you're unable to find Windows AD groups, it could be due to:

Authentication Mode: Ensure that the instance is configured to use Windows Authentication for group recognition.

Domain Trust Issues: Verify that the Business Central server is properly joined to the domain and can access the Active Directory.

Possible Workarounds

Hybrid Identity Setup:

Use Azure AD Connect to synchronize on-premises Active Directory groups with Entra (AAD). This allows you to manage groups in AD while making them available in Entra.

Ensure that the synchronized groups are accessible in your Business Central environment.

Switch to Azure AD Authentication:

If feasible, consider switching from ACS to Azure AD Authentication for your Business Central instance. This would enable better integration with Entra (AAD) security groups.

Custom Development:

If neither of the above options works, you may need to explore custom development to bridge the gap between Entra (AAD) and your on-premises Business Central installation.

Next Steps

Verify your current authentication setup in Business Central Administration.

Check if Azure AD Connect is configured for your environment.

Consider consulting with your partner or Microsoft Support to explore hybrid identity solutions.

Was this reply helpful? Yes No
Suggested answer

Khushbu Rajvi. 22,549 Super User 2026 Season 1 on at

Like (2)

Report
Copy link

Link copied!

Hope this helps: https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-aad-auth-onprem

https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups

Was this reply helpful? Yes No
Suggested answer

YUN ZHU 101,643 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!

Hi, hope the following helps.

https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups#business-central-online-and-on-premises

Thanks

ZHU

Was this reply helpful? Yes No
Suggested answer

Jainam M. Kothari 16,773 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!

May this can help : https://learn.microsoft.com/en-us/dynamics365/business-central/ui-security-groups

https://learn.microsoft.com/en-us/entra/architecture/4-secure-access-groups

https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-concept

Was this reply helpful? Yes No