A Security Group is a way to group users together so that you can give access to all of them at once.For example, if everyone in the Finance team needs access to certain files or apps, you can add them to a group and give the group permission instead of doing it for each person. In Office 365, Security Groups are managed through Azure Active Directory, which handles sign-ins and user identities in Microsoft 365.  They help IT teams save time, stay organized, and keep company data safe. The same Security Groups you create in Azure Active Directory (AAD) can also be used in Dynamics 365 Business Central to manage user permissions. Instead of giving access to each user one by one in Business Central, you can connect a Security Group to a set of permissions. Then, anyone added to that group in Azure AD will automatically get the same permissions in Business Central. They’re also helpful when you want to control environment-level access, especially if your company uses different environments for testing and production. For example, only specific groups of users can be allowed into the production system. Security Groups aren’t just useful in Business Central; they can be used across many Microsoft 365 services. You can use them in tools like Power BI, Power Automate, and other Office 365 apps to manage who has access to certain reports, flows, or data. In Microsoft Entra (formerly Azure AD), these groups can be used in Conditional Access policies. This means you can set rules like “only users in this group can log in from trusted devices” or “users in this group must use multi-factor authentication.” References Compare types of groups in Microsoft 365 – Microsoft 365 admin | Microsoft Learn What is Conditional Access in Microsoft Entra ID? – Microsoft Entra ID | Microsoft Learn Simplify Conditional Access policy deployment with templates – Microsoft Entra ID | Microsoft Learn Usage Go to Home – Microsoft 365 admin center. Go to “Teams & Groups” > “Active Teams & Groups” > “Security Groups” Click on “Add a security group” to create a new group. Add a name and description for the group and click on Next and finish the process. Once the group is created, you can re-open it and click on “Members” tab to add Members. Click on “View all and manage members” > “Add Members” Select all the relevant Users and click on Add. Now, back in Business Central, search for Security Groups. Open it and click on New. Click on the drill down. You’ll see all the available security groups here, select the relevant one and click on OK. Mail groups are not considered in this list. You can change the Code it uses in Business Central if required.Once done, click on “Create” Select the new Security Group and click on Permissions. Assign the relevant permissions. Now, any User that will be added to this Security Group in Office 365 will have the D365 Banking Permission Set assigned to them. Further, these groups will also be visible in the Admin Center, from where you can define whether a particular group has access to a particular environment. To conclude, security Groups are a powerful way to manage user access across Microsoft 365 and Dynamics 365 Business Central. They save time, reduce manual effort, and help ensure that the right people have access to the right data and tools. By using Security Groups, IT teams can stay organized, manage permissions more consistently, and improve overall security. Whether you’re working with Business Central, Power BI, or setting up Conditional Access in Microsoft Entra, Security Groups provide a flexible and scalable solution for modern access management. If you need further assistance or have specific questions about your ERP setup, feel free to reach out for personalized guidance. I hope you found this blog useful, and if you would like to discuss anything, you can reach out to us at transform@cloudfronts.com.

  Have you ever encountered the error:“The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel”while deploying from Visual Studio to Finance and Operations. This error is often linked to an expired or invalid SSL certificate in your environment.  This also shows up as an expired SSL Certificate warning when you open your Finance and Operations environment from the browser. Certificates are critical for securing communication channels, and an expired certificate can disrupt services and integrations.In this blog, we’ll explore the cause of the error and provide steps to resolve it. References Eugene Dmytriienko – Onpremise Certificate Rotation Said Nikjou – Rotate Secrets via LCS MS Docs – Certificate Rotation Configuration In a new cloud hosted environment, the SSL Certificate stays valid for one year by default.Post that, it expires at which point it is essential to renew the SSL Certificate. For Cloud Hosted environments, it is really simple to do via the LCS. Go to LCS and open the environment which has the expired SSL. Click on Maintain and then “Rotate Secrets” In the pop-up menu, select the change type as “Rotate SSL Certificates” After that the environment will go into servicing and the status will reflect “Rotating Secrets” This entire process should take less than 15 minutes. The documentation suggests secrets rotation should show up in the enviroment history however in my attempt it didn’t so I’m not sure if that’s reliable or not or whether that is only for Tier 2 and above environments though that doesn’t make much sense. Anyways, once this is done we can see that the SSL error has been resolved. Conclusion SSL certificates are the backbone of secure communication in Dynamics 365 Finance and Operations environments.An expired certificate can disrupt critical functionalities, but with proper certificate management, such issues can be avoided.Regularly monitor your SSL certificate validity to ensure uninterrupted operations. We hope you found this article useful, and if you would like to discuss anything, you can reach out to us at transform@cloudfronts.com