Blog
What's new in Business Central 2026 release wave 1 (v28)
Update 28 (2026 release wave 1) is the most agent-centric Business Central release so far, but the features that will quietly save the most money are unglamorous: a real home for document attachments, cleaner drop-shipment posting, and HTTP calls that are secure by default. Here is what stands out, and what we would prioritise for our clients.
Agents stop being a demo and start being managed
The headline theme is operational maturity for Copilot agents. You can now manage tasks from every agent in one dedicated task pane, review agent-generated content directly on the page before it commits, and stop all active tasks for an agent in one action. The Payables Agent can also show you which mailbox emails it has already processed.
Why it matters: the barrier to agents was never the AI — it was trust and oversight. A finance manager will not let an agent touch payables until they can see what it did, approve it in context, and pull the handbrake. Update 28 gives you that control surface. Our advice: pilot the Payables Agent on a single mailbox, keep a human reviewing every task for the first month, then widen scope once the audit trail proves itself.
External storage for document attachments
You can now store document attachments in external storage (such as Azure Blob or SharePoint) instead of inside the Business Central database.
Why it matters: attachments are the silent driver of database growth, and database size drives both performance and, on some plans, cost. Moving scanned invoices and signed PDFs out of the SQL tables keeps the environment lean without losing the links. For any client who attaches documents heavily — and most do — this is one of the highest-value, lowest-risk switches in the release.
Supply chain: the drop-shipment and matching fixes
Several long-standing irritations in purchasing and drop shipments are addressed at once:
- Create purchase orders directly from drop shipments, and post purchase invoices for drop shipments independently of the related sales invoice.
- Reverse drop shipments when the sales and purchase documents are not yet invoiced.
- Match a purchase invoice to multiple order and receipt lines, and filter receipt/shipment lines to find what you actually need to invoice.
- Approve requisition worksheets and item journals, and evaluate the quality of incoming goods.
Why it matters: these are the edge cases that used to force manual workarounds or custom code. Every one of them you can now do in standard BC is code you no longer have to build, test and carry through future upgrades. When we scope new work, this is the first list we check against.
Developer and platform: secure by default
For partners, three changes stand out: anti-SSRF validation on AL HttpClient calls so outgoing HTTP is more secure by default, running AL tests directly from Visual Studio Code, and downloading symbols from a NuGet feed. There is also per-company database index management so you can see and control indexing cost where it is actually incurred.
Why it matters: the SSRF hardening protects every integration you have already shipped, with no code change. The tooling improvements shorten the build-test loop, which is exactly where development budget leaks away.
What we would turn on first
If you take three things from update 28: move attachments to external storage, adopt the new drop-shipment posting if you do any drop shipping, and let the security defaults do their work. The agent features are genuinely useful — but start them small, with a human in the loop.
Planning your update to BC 28, or want to know which of these features removes custom code you are currently paying to maintain? Tell us your story and we will give you an honest, free assessment.