MB-820 Study Guide How to Pass the Dynamics 365 Business Central Developer Exam

The MB-820 is a genuinely technical exam. It does not ask whether you know that Business Central uses an extension model, or that AL is the development language. It asks you to read a code snippet and identify what is wrong with it, work through multi-step scenarios that require the decisions a developer makes on a real project, and select the correct AL syntax from a dropdown on a code completion question under time pressure.

Most Microsoft certifications in the Dynamics 365 family are scenario-based but functional. The MB-820 is different. If you cannot read AL code comfortably and quickly, the exam will be very hard. That is not a warning about difficulty for its own sake; it is just how the exam is built and what it is testing.

What is the MB-820 certification?

The MB-820 earns you the Microsoft Certified: Dynamics 365 Business Central Developer Associate certification. It validates your ability to design, develop, test, and maintain extensions for Business Central using AL, Visual Studio Code, and the broader toolchain around AppSource publishing, telemetry, and application lifecycle management.

The exam was last updated on 10 June 2025. The main change in that update was a significant revision to the APIs and integration section. The rest of the structure has been stable since mid-2024.

Who needs the MB-820?

Developers who build solutions for Business Central. If your work involves creating extensions, writing AL code, configuring event subscribers, designing report layouts, building APIs, or managing the deployment lifecycle of Business Central apps, this is the certification that covers that role.

It is also the certification Microsoft partners expect developers to hold when delivering Business Central projects. Whether you come from a C/AL and NAV background and are transitioning to the modern AL extension model, or you are a developer new to the platform entirely, the MB-820 defines what competent Business Central development looks like in practice.

Should I take the MB-800 first?

It is not a formal prerequisite, but working through the MB-800 material first is worth doing if you are primarily a developer with limited exposure to how Business Central works from a user perspective. The MB-820 includes case study questions where you are given business requirements and asked how to implement them in code. If you do not understand what a sales order posting does, or why customers and vendors live on separate tables, you will struggle to translate those requirements quickly enough under exam time pressure.

Self-directed learning or instructor-led training?

The official MB-820T00 course material is available on Microsoft Learn. For experienced AL developers, self-study is realistic. For developers newer to Business Central or the modern AL model, instructor-led training is worth it specifically because of the hands-on lab component. The exam includes code completion and sequencing questions that require you to have actually written these constructs, not just read about them.

What skills does the MB-820 test, and what is the weighting?

The exam covers six areas:

• Describe Business Central — 10–15%

• Install, develop, and deploy for Business Central — 10–15%

• Develop by using AL objects — 35–40%

• Develop by using AL — 15–20%

• Work with development tools — 10–15%

• Integrate Business Central with other applications — 10–15%

The AL objects domain is the core of the exam; over a third of the marks sit there. It covers tables, pages, reports, XMLports, codeunits, permission sets, and query objects. The AL domain adds another 15–20% on top, testing code-level knowledge across data types, access modifiers, error handling, events, and onboarding patterns. Between them, these two domains account for more than half the exam.

How hard is the MB-820?

Harder than the MB-800, and harder than candidates with a functional background typically expect. The case studies are the most demanding question type. You are given a detailed scenario with multiple requirements, some with dependencies between them, and you must answer a series of questions without being able to go back once you leave that section.

The code completion questions are time-consuming. You are shown a partial code block and must select the correct values from dropdowns. Getting one selection wrong can affect later questions in the same series. Reading AL code quickly and accurately under time pressure is the skill that separates candidates who pass comfortably from those who struggle.

What types of questions will you get?

• Case studies: Multi-requirement company scenarios with four to eight questions each, which cannot be revisited once you leave them. Read every detail before answering the first question.

• Drag-and-drop sequencing: You arrange the correct steps in order, most commonly for upgrade processes, deployment sequences, or permission configurations. Order matters; partial credit is not guaranteed.

• Code completion hotspots: A code block is shown with dropdowns at key points. You select the correct AL syntax, attribute, property, or data type. Most of the hardest questions in the exam fall into this category.

• Multi-select: Pick two or three correct answers from a list. Common for deployment options, architecture questions, and API configuration.

You have 100 minutes for between 40 and 60 questions. The pass mark is 700 out of 1000.

Does the exam come with instructor-led training?

No. The exam is booked separately through Pearson VUE. Training and assessment are separated across all Microsoft certifications.

The 8 things you need to know to pass the MB-820

1. The extension upgrade lifecycle is tested in specific detail

The exam tests exactly what happens to a per-tenant extension (PTE) when Microsoft upgrades a Business Central environment to a new major version. A new major version becomes generally available on the first working day of April and October each year.

Once it is available, Microsoft begins the update process for existing tenants. If a PTE is incompatible with the new version, Microsoft notifies the reselling partner. If the extension remains incompatible for 90 days, Microsoft uninstalls it and forces the tenant upgrade. The data belonging to the extension is not deleted, but the extension stops working until a compatible version is deployed.

A real exam question describes a PTE that disappears from a tenant after a major version upgrade. From a list of five options, two are correct. The right answers are that the extension was not made compatible within the 90-day window, and that both the Platform and Runtime parameters in app.json were not updated. Selecting only one parameter as the cause, or choosing 60 days rather than 90, scores zero on those parts. This is not something you can reconstruct by reasoning on exam day; it needs to be studied specifically.

2. app.json and launch.json each control different things

Visual Studio Code uses two main configuration files for an AL project. app.json is the extension manifest; it defines the identity, version, dependencies, and IP protection policy for your extension. The resourceExposurePolicy section of app.json controls whether partners can debug your extension and whether they can download your source code. launch.json controls development-time behaviour: which sandbox the extension publishes to when you press F5, what object opens on startup via the startupObjectId property, and how the debugger connects.

The exam presents partial configurations and asks which file a specific setting belongs in, or asks you to complete a configuration for a specific requirement. A typical question: you want to allow partners to debug your extension in their own environment, but prevent them from downloading your source code.

The settings "allowDebugging": true and "allowDownloadingSource": false belong in app.json under resourceExposurePolicy, not in launch.json. The confusion arises because both files sit alongside each other in the project, and both affect how the extension behaves in VS Code. Without having created AL projects from scratch, the boundary between them is easy to get wrong.

3. Business events and integration events

The MB-820 tests event types in meaningful detail. There are four: trigger events, global events, business events, and integration events. Trigger events are raised automatically by the system on table and page operations; you subscribe to them without publishing them manually. Business and integration events must be explicitly published by a developer who creates an event publisher method and adds code to raise it.

The distinction the exam tests most precisely is between business and integration events. A business event represents a formal contract. It must not expose implementation details such as table or field names, it must reflect a state change in a business process, and it carries an implicit promise not to change in future releases. ISVs and Microsoft publish business events for other solutions to build stable integrations on top of. An integration event carries no such promise; it can expose implementation details and can be changed freely in future releases, making it suited to internal integration points within your own extension.

The exam will describe a scenario and ask which event type to use. If the requirement involves publishing an event that external partners or other ISVs will subscribe to as part of a long-term integration, the answer is a business event. If it is an internal hook within your own extension, an integration event is appropriate. Selecting the wrong type for the scenario loses marks, and treating them as equivalent because both are custom events raised by AL code is not a safe shortcut.

4. Install codeunits and upgrade codeunits

The MB-820 includes multiple questions about codeunits of type Install and Upgrade, both at the conceptual level and in code completion format. You need to know which triggers are available in each type, what ModuleInfo provides, and when each one fires.

An Install codeunit fires when the extension is installed for the first time, or when it is reinstalled after having been uninstalled.

The main per-company trigger is OnInstallAppPerCompany, which runs once per company in the tenant. An Upgrade codeunit fires when a newer version of the extension is published over an existing installed version. The main per-company trigger is OnUpgradePerCompany. The ModuleInfo data type is used inside these triggers to read the currently installed version, letting you determine whether specific upgrade steps need to run for this particular version transition.

A real exam question: your extension needs to automatically publish a custom API page as a web service the first time it is installed, so the API is available without manual configuration after deployment. Which approach meets this requirement? The answer is to include a codeunit of type Install that runs the publish logic in

OnInstallAppPerCompany. Enabling standard APIs for the environment does not help because a custom API page is not a standard API. Publishing via the Web Services page manually does not meet the requirement because it depends on someone doing it after deployment.

The Upgrade Tags pattern is a more advanced topic that appears in harder case study questions. It prevents upgrade code from running more than once across multiple version transitions, using a dedicated table that records which upgrade steps have already executed, checked at the start of each upgrade trigger before any data migration runs.

5. Permission sets and inherent permissions are tested at the code level

Business Central's permission model has two distinct layers in modern AL. Permission set objects defined using the permissionset keyword are composable: you build on existing sets using IncludedPermissionSets and subtract specific permissions using ExcludedPermissionSets. One specific rule the exam tests: excluded permissions always take precedence over included ones, regardless of the order they are declared.

Inherent permissions are applied directly on a codeunit, table, or page using the InherentPermissions attribute.

They grant automatic runtime access without requiring the calling user to hold an explicit permission set entry for that object. They are used when an event subscriber, background process, or install codeunit needs to operate on a table that the user running the session may not have direct access to.

A question that appears consistently across practice materials, and reflects real exam difficulty: your event subscriber inserts data into a custom table, and users report permission errors even though they can access the related page normally.

The correct solution is to add [InherentPermissions(PermissionObjectType::TableData, Database::MyTable, 'I')] to the subscriber procedure, not to add the table to every user's permission set.

The reason is that the subscriber runs in the context of the calling user's session, so the fix needs to happen at the code level. The code completion version of this question requires you to know the exact attribute syntax, not just the concept.

6. Report layouts, report substitution, and the ProcessingOnly property

The reporting section of the MB-820 is more detailed than many candidates expect. You need to know the three report layout types (RDLC, Word, and Excel), what each is suited for, and how layouts are attached to a report object.

You also need to understand the difference between a report extension and a report substitution. A report extension adds fields to the dataset and layout of an existing report without replacing it. Report substitution replaces an existing base application report entirely with a different report object; it is used when the changes required are too significant for an extension approach.

The ProcessingOnly property is tested specifically. A processing-only report has no layout and produces no visual output; it executes AL code against the data items and is used for batch operations such as posting routines or data transformation jobs. It is a legitimate exam trap because the word "report" implies something a user sees, and it is easy to assume that all report objects output something.

The report request page is also testable as a configurable component, defining the filters and options the user sees before running the report. You can add fields to it using the requestpage section, and you can disable it entirely by setting UseRequestPage to false. Questions will describe a requirement and ask which property achieves it.

.

7. The APIs section was significantly revised in June 2025

The integration section now includes Read Scale-Out as a specific testable topic alongside API creation and OData actions. Read Scale-Out allows read-only API queries to be routed to a secondary database replica rather than the primary, reducing the performance impact of external integrations on transactional operations.

You configure it by setting the DataAccessIntent property to ReadOnly on the API page object, with Editable also set to false. One important nuance the exam tests: setting DataAccessIntent to ReadOnly is a hint to the server, not a guarantee. If no read replica is available, the query runs against the primary database. Sandbox environments do not support Read Scale-Out at all; the property compiles and runs in a sandbox, but always reads from the primary.

The exam also tests OData bound and unbound actions. A bound action is associated with a specific entity in the API and operates on a record. An unbound action is not tied to a specific entity and can be called independently of any particular record. The distinction affects how the action is declared in AL and how it is invoked from an external system.

JSON parsing is tested at the code level. You need to know the JsonObject, JsonToken, JsonArray, and JsonValue data types, and how to navigate a JSON response to extract specific values. A question will show you a JSON response and a partial code block, then ask you to select the correct data types and method calls to extract a specific field. Without having written this type of code in practice, the code completion questions here are easy to misread.

8. The test toolkit and telemetry sections are underestimated

Automated testing in AL uses dedicated handler types to intercept UI dialogs that would otherwise block test execution. The MessageHandler catches Message() calls. The ConfirmHandler intercepts Confirm() dialogs. The StrMenuHandler intercepts menu option selections, such as the Ship / Invoice / Ship & Invoice dialog when posting a sales order. The exam describes a test scenario and asks which handler type is required for a specific interaction. Getting this wrong is usually not about misunderstanding testing in general; it is about not knowing which handler maps to which dialog type specifically.

There is also a structural rule worth knowing precisely: handlers go in the test codeunit, not the test runner codeunit. The test runner manages execution flow across multiple test codeunits; each individual test codeunit contains both the test procedures and the handlers that those specific tests need.

Questions that describe unexpected errors during test execution often trace back to a handler being placed in the wrong object.

Questions that describe unexpected errors during test execution often trace back to a handler being placed in the wrong object.

On telemetry, the exam tests the setup sequence for Azure Application Insights on a SaaS tenant: create an Application Insights instance in Azure, copy the connection string, and paste it into the Business Central Admin Centre for the relevant environment.

There is also a specific isolation model tested: custom telemetry signals from a partner extension appear in the partner's own Application Insights instance, not the customer's. A partner can instrument their extension for their own monitoring without the customer seeing those signals, which is the intended behaviour for IP protection. Questions about whether a customer or a partner would see a specific signal hinge entirely on this model.

What to do after you pass

Your badge appears in your Microsoft Learn account within a few days and links to Credly for LinkedIn. The MB-820 renews annually through a free online assessment on Microsoft Learn, available from six months before the expiry date. The renewal covers current exam objectives and is not the same content as the original exam.

For Microsoft partner organisations, the MB-820 (Dynamics 365 Business Central Developer Associate) counts toward the Intermediate certifications metric in the skilling category for the Solutions Partner for Business Applications designation, alongside functional consultant certifications such as MB-800.

If your organisation is building toward that designation, each certified individual adds to your partner capability score.

Our MB-820 instructor-led course runs over four days on Microsoft Teams with sandbox access throughout. Small groups only, with time for technical questions specific to your development setup. https://www.d365training.com/instructor-led/certifications-businesscentral