Apply resource exposure policy to DEV extensions

Important

This content is archived and is not being updated. For the latest documentation, go to What's new and planned for Dynamics 365 Business Central. For the latest release plans, go to Dynamics 365 and Microsoft Power Platform release plans.

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically Sep 1, 2022 Oct 1, 2022

Business value

When developing and deploying AL extensions from Visual Studio Code, the extensions are deployed to sandboxes as DEV extensions. Until now, these have been debuggable. Sometimes this might not be desirable—for example, when deploying only for test purposes in a sandbox environment shared by multiple partners. To address this, we have extended the resource exposure policy for extensions with the ability to override the default DEV handling and enforce the resource exposure policy for the DEV extension as well.

Feature details

The resourceExposurePolicy property in the app.json file now contains a new "applicableToDevExtension" flag. If this flag is set to true, the other resource exposure flags will be applied when deploying the extension from Visual Studio Code as a DEV extension. This allows, for example, blocking debugging DEV extensions.

As with the other resource exposure policy options, you can also control access dynamically via an Azure Key Vault secret for resource exposure policy. Here you set the "applicableToDevExtension" flag to the tenant environment Azure Active Directory (Azure AD) where the resource exposure policy will be applied to the DEV extension (not the Azure AD of the debugging user).

Because this setting is additive, you can dynamically enforce it for select environments if it's not enforced in the app.json file settings, but you can't turn it off (that is, allow debugging) for select environments if it's enforced by the app.json file settings. You can only dynamically reduce resource exposure.

Resource exposure policies, including that mentioned here, are not applied on-premises.

Tell us what you think

Help us improve Dynamics 365 Business Central by discussing ideas, providing suggestions, and giving feedback. Use the forum at https://aka.ms/bcideas.

See also

Resource Exposure Policy Setting (docs)