Cyber security is something that all businesses are concerned about. No one wants to be in the headlines for a security breach. Let’s take a look at how secure your Dynamics 365 Finance & Operations or Business Central deployment is. We have compiled a shortlist of considerations to help improve system security.

How many of these Dynamics 365 security measures do you have in place?

If you are unsure about how secure your D365 install is, why not book a Dynamics 365 Health Check.

Dynamics 365 Security Best Practice

How to ensure your Dynamics 365 deployment is secure

Step 1: Keep D365 secure with regular updates and patch management

Ensure that your Dynamics environment is regularly updated with the latest security patches and updates provided by Microsoft to address known vulnerabilities.

Step 2: Dynamics 365 role-based access control

Implement role-based access to assign appropriate permissions to users based on their roles and responsibilities. Limit access to sensitive data and functionalities to only those who require it for their job duties.

Step 3: Set up strong authentication in Dynamics 365

Enforce strong authentication mechanisms such as multi-factor authentication (MFA) to add an extra layer of security beyond just passwords.

Step 4: Secure your Dynamics development environments

Ensure sensitive data is obfuscated or anonymised before using it for testing. Implement strong network access controls and disable public IP access. Use secure VPNs and MFA to further secure your dev environments.

Step 5: Regular security audits and monitoring

Conduct regular security audits and monitoring of your Dynamics environment to identify any suspicious activities or potential security threats. Set up alerts for unusual login attempts or unauthorised access.

Step 6: Secure Dynamics 365 configuration

Configure Dynamics settings securely, following Microsoft’s best practices and security guidelines. Disable unnecessary features and services that could pose security risks.

Step 7: Data backups and disaster recovery

Regularly back up your Dynamics data and implement a robust disaster recovery plan to ensure business continuity in the event of data loss or system failure.

Step 8: Dynamics 365 user training and cyber security awareness

Provide regular security training and awareness programs for employees to educate them about common security threats, phishing scams, and best practices for maintaining security.

Step 9: Vendor and third-party security

Ensure that any third-party integrations or add-ons used with Dynamics adhere to security best practices and comply with relevant security standards and regulations.

Step 10: Engage a Dynamics 365 specialist

Unsure about how secure your D365 Finance & Operations or Business Central deployment is, it maybe helpful to engage a Dynamics 365 specialist. Book a D365 Health Check today

Dynamics 365 security summary – the technical details

D365 F&O (Finance and Operations) is a Software-as-a-Service and security is standardised for the Microsoft-managed environments. It is PA-DSS 3.1 certified and only accepts TLS 1.2 with a restricted set of cipher suites for encryption in transit. Also, it leverages MS SQL Server TDE and Azure Storage encryption for real-time encryption of data at rest.

The biggest security gap in most enterprise application environments are the development environments.

By default, customer/Partner-managed/Tier-1 cloud-hosted environments, which are used as development environments, have remote desktop enabled and public IP assigned. Anyone with Environment Manager or above access within LCS can view and distribute the credentials for the remote desktops. Due to the complex nature of unit testing a monolithic application, clients typically restore production data into their development environment; however, they do not obfuscate the data or apply adequate network access controls to ensure no public access (if credentials are leaked).