Updated 26-06-2023. From Business Central v. 23, Azure Active Directive is replaced by Microsoft Entra Applications.

The setup is consisting of three parts :

Create an App Registration in Microsoft Entra Applications (Azure Active Directory)
Insert the APP registration information on the Intercompany Partner card
Create an Microsoft Entra Application User (Azure Active Direct Application user) in Business Central.

Same tenant >< different tenants:

If you are running both companies on the same tenant. The setup below can be used for both companies.

If you want to setup Intercompany between two tenants, the APP registration needs to be made in their respective Microsoft Entra Applications.
And the user and partner card, should be setup using the information from the OTHER tenants Microsoft Entra Applications. As these setups are users witch defines how they will be connecting into the companies in that tenant.

App Registration in Microsoft Entra ID (Azure Active Directory Authentication)

Go to https://portal.azure.com/ and login Search for Azure Active Directory
Open App registration from the overview
Click on New Registration
Specify App Name and Account Type Specify Platform Web Specify Redirect URI and set in https://businesscentral.dynamics.com/OAuthLanding.htm Click on Register when fields to the right are completed, to create the App registration.
Next step is to create a Certification Go to the Certificates and Secrets Add a new secret and copy value into a notepad as this information is needed in the Intercompany app in a later step. (Note this will be masked once you browse away from the certification and secrets!)
Next step is to add Permissions Open API Permissions Click on Add a permission
Select Dynamics 365 Business Central API and Application Permissions
Select Application Permissions
Select API.ReadWrite.All and Automation.ReadWrite.All Click on Add permissions to add the permissions
Click on Grant admin consent
Next step is to find the Application (Client) ID Find the Application Client ID in the overview. Copy the Application (client) ID into a notepad as this information is needed in the Intercompany app in a later step.

Business Central Intercompany Partner Setup

Now it is time to switch to Business Central, and update the Intercompany Partner with connection information.

Open the Intercompany Partner Card
Open the tab "Web Service"

OAuth setup
Make sure Web service Authentication type is set to OAuth2.0
Insert the Application Client ID into ADD Client AD, that you saved in Notepad
Insert Client Secret which was generated in an earlier step, and you saved as well in notepad.

Microsoft Entra Application Card

Last step is to set up Microsoft Entra Application Card. It's used to define what permission should be granted to the Registration App and to the Abakion Intercompany app.

Click on Microsoft Entra Application list under related.
Create a new Microsoft Entra application card, if it doesn't already exist Paste Application Client Id from Microsoft Entra Aplication ID in the Client Id field (same ID used in the Web service setup) Add the User groups that this user need to have acess to. ADD D365 BUS FULL Access user group for each company you are using intercompany Add SCB INTERCOMPANY, to give the user permissions to Intercompany App's functionality Add other relevant permissions that this users needs, in performing the Intercompany flow. Which is the same as users that would perform the task manually.
Click on Grant Consent
Login as an administrator to confirm access As the result following message should appear.
Verify your setup from the Intercompany partner card to check that Oauth2 is configured correctly