Delegated Admins for Business Central Online
DELEGATE ADMINS “HOW-TO”
You need to access to your CSP O365 Portal and from there you can set delegated admin for your customer; you can create a delegated admin to your customer tenant (exactly like activating a new user for your customer).
There is more than one way to skin this cat, but in our case, our O365 admin logs into our O365 tenant (to which our CSP / Partner Center is associated), and from here, he goes to O365 Admin Users and then sets the users up as a customer admin (global admin will also do, but it also makes them admin for your tenant).
It can also be done from the Partner Center.
Once this is done, the user can navigate to one of your customers’ D365 BC tenant and log in with their O365 credentials (the one from your O365 tenant, i.e., their work O365 account) and it will slide them in as a delegated admin.
It will not count against the customer’s user licenses. The customer will start seeing the user in the Users list in Dynamics 365 Business Central after the first log in, and they can disable this account if they want to.
Business Central Admin Center and Administrators
Business Central Admin center provides a portal for administrators to do administrative tasks for a Business Central tenant.
Here, administrators can:
- View and work with production and sandbox environments for the tenant
- Set up upgrade notifications
- View telemetry for events on the tenant
Access to the administration center
The following users are authorized to access the Business Central administration center:
- Internal tenant administrators
- Admin agent (Applicable for Partners Only)
- Helpdesk agent (Applicable for Partners Only)
Internal administrators are users who are assigned the Global admin role or the Dynamics 365 Admin role in the Microsoft 365 admin center. These users are typically system administrators, IT professionals, or super users at the customer’s company.
The admin agent and helpdesk agent roles are assigned through the Microsoft Partner Center for the partner that is associated with the tenant. These roles can access the Business Central tenant as “delegated administrators”
With this release, we enable delegated administrators to perform more actions in the Business Central environment. These actions used to be only available to licensed customer users. This will enable partners to provide better support for their customers.
You must already have set up users in your own tenant in Partner Center so that the Assists your customers as field specifies the relevant role for this user to be able to login in to your customers’ Business Central environments as either Admin agent or Helpdesk agent. These roles are used when the customer accepts the relationship, so you can assign the right people to the customer’s Azure AD tenant.
When a customer grants the delegated administration privilege to a partner:
- The Admin Agent group is assigned to the Global Administrator role in the customer’s Azure AD tenant.
- The Helpdesk Agent group is assigned to the Helpdesk Administrator role in the customer’s Azure AD tenant.
Based on the roles assigned, members of both groups can sign in to the customer’s Azure AD tenant, Microsoft 365 services, Business Central administration center, and Business Central tenants by using their partner credentials.
For certain tasks, you can access the Business Central administration center, which is a powerful tool for you to manage your customers’ tenants. From the administration center, you can manage upgrades and access the tenants as the delegated administrator.
Restricted access to Business Central as delegated administrator
When you sign in to your customers’ Business Central as the delegated administrator from the Business Central administration center, you have access to all areas of their Business Central, tasks that you can do.
The following tasks are available to the delegated administrator:
- Set up jobs to run as scheduled tasks in the job queue
- Use the Edit in Excel action or interact with Business Central data in Excel using the Business Central add-in for Excel. You can still use the Open in Excel action to view data in Excel.
- Use the Invite External Accountant assisted setup guide Instead, you can add the external user in the Azure portal and assign this user the External Accountant license.
- Change the experience to Premium
- Use the Cloud Migration Setup assisted setup guide to migrate data from Business Central on-premises to Business Central online Instead, a user who is assigned the SUPER permission set in Business Central can run the assisted setup guide.
However, because you are not registered as a regular user, there are certain tasks that you cannot do.
The following tasks are not available to the delegated administrator:
- Run scheduled tasks in the job queue.
However, starting with 2021 release wave 1 (version 18), delegated administrators can test that the job queue can run without issues, before asking the customer to start it, by using Run once (forground) action on the Job Queue Entry card. This will create a temporary non-recurrent copy of this job and will run it once in the foreground. You can then call it as many times as you need before you hand it over to your customer so that they can start it as a recurrent job. After the job queue completes, it will be put in the on-hold status and can’t be rescheduled.
- Use the Edit in Excel action or interact with Business Central data in Excel using the Business Central add-in for Excel. You can still use the Open in Excel action to view data in Excel
- Use the Invite External Accountant assisted setup guide
Instead, you can add the external user in the Azure portal and assign this user the External Accountant license.
- Use the Cloud Migration Setup assisted setup guide to migrate data from Business Central on-premises to Business Central online
Instead, a licensed user who is assigned the SUPER permission set in Business Central can run the assisted setup guide.
- Access a web service by using a Web Service Access key
Caution – a license is required to login!
In order to log in, the local user (guests or native) must have a valid Business Central license assigned to them.