Dynamics Business Central / NAV Developer Digest - Vol. 551

ArcherPoint by Cherry Bekaert’s Developer Digest focuses on Microsoft Dynamics 365 Business Central and Dynamics NAV development. This week’s volume includes security enhancements for AL’s Http Client, using Visual Studio Code to run AL tests, debugging AL code using the Troubleshooting MCP Server, and plan now for OData deprecation.

The Dynamics 365 Business Central community, comprising developers, project managers, and consultants, collaborates across platforms to share valuable insights. At ArcherPoint, we greatly value their dedication and expertise. To ensure widespread access to this technical knowledge, we created Developer Digest.

This issue of Dev Digest includes some changes in Business Central 2026 Wave 1 (v28) that will be of interest to developers.

Security enhancements for AL’s http client

With the release of Business Central 2026 Wave 1 (v28), Microsoft has introduced security when handling outgoing HTTP requests. This change is designed to prevent Server-Side Request Forgery (SSRF) attacks and protect internal network infrastructure. This means that, by default, Business Central will block HTTP requests that use AL’s HttpClient to connect to internal network addresses. The goal is to prevent a bad actor from gaining access to the system and making a request to a database or other system running on your internal network.

This enhancement affects cloud and on-premises deployments differently.

Stefano Demiliani discusses the impact of this change and steps for migration and troubleshooting in his blog, Dynamics 365 Business Central: new strict URI validation in AL Http Client.

Use Visual Studio Code to run AL tests

With BC v28, developers can run AL tests inside Visual Studio Code. According to Microsoft, “You can even use GitHub Copilot chat as well as a coding agent in Visual Studio Code to assist with setting up the testing framework for your project, generate test code, and fix failing tests.”

Yun Zhu provides a practical walkthrough of using the Test Explorer view in Visual Studio Code in his blog, Business Central 2026 release wave 1 (BC28): Run AL tests from Visual Studio Code (Test codeunits and test methods).

Debugging AL code using the Troubleshooting MCP Server

Also new in v28 is the Troubleshooting MCP Server, which gives Copilot the ability to inspect the execution of your AL code context while the debugger is paused. Copilot has access to the full call stack, can read variables across stack frames, and can help with breakpoints by object name or ID, type, and line number.

Stefan Šošić offers a useful demonstration of this tool in his blog, AL MCP Server for Debugging in Business Central.

Start planning now for OData deprecation

Tharanga Chandrasekara raises an interesting note that when BC v30 is released next year, Microsoft “will remove the ability to expose Microsoft-authored pages as OData endpoints entirely.” And SOAP endpoints will soon be going away as well.

While not a crisis, he provides a migration approach that will help developers manage the transition over the coming months.

Read his blog, OData Deprecation in Business Central: What Your Integration Architecture Needs Right Now, to learn more.

Are you interested in Dynamics NAV and Business Central development? Check out our collection of NAV/BC Development Blogs.

Read “How To” blogs from ArcherPoint by Cherry Bekaert for practical advice on using Microsoft Dynamics NAV and Dynamics 365 Business Central.

Trending Posts