Removing Business Units from Security Role Assignments

In one of my previous blogs on Business Units you might have noted how the business units play an important role in designing the security model of an organization and how its pretty useful. If you have not, please check the same here. Now to make the security model more flexible, Microsoft has come up with a strategy to take out business unit from the security mode to simplify the whole security model from business unit perspective and for the ease of use. It is yet to be released as part of the 2021 wave 1 release plan. Official documentation can be found here or below is the details which is available in that page.

So what business value it brings to the table? This brings in ease of use and simplifies the business unit security model. By decoupling a user’s business unit from their security role’s business unit, they can be assigned security roles from different business units. This allows the user to access the respective business units without the need to create and join the owner team.