Security in Microsoft Dynamics 365 and Power Platform

How secure is your data in Microsoft Dynamics 365 and Power Platform? Where is it stored? Who has access to it? In this blog article we answer these frequently asked questions from customers.

Microsoft Dynamics 365 and Power Platform are built on the Azure cloud platform and integrated with its built-in security model. This robust security model ensures that your data is secure, backed up, and compliant with data regulations.

In addition to universal security tools and features, Microsoft offers a range of additional security layers that can be configured. For example, Microsoft has introduced additional security layers of encryption and authentication, as well as additional security roles and privileges for accessing data in Dynamics 365 and Power Platform.

The physical location where Microsoft stores your data

Microsoft has a global network of more than 200 data centers located in 34 countries. These Microsoft Azure datacenters meet strict and advanced security and reliability requirements. Your data in Microsoft Dynamics 365 and Power Platform is also managed in an Azure datacenter. Precisely because these data centers have to meet strict security requirements, the security level is much higher than you can provide yourself with an on-premise environment.

As a customer you have control over your data and you can choose in which regional center you want to store your data. Your data remains your property and is controlled by you. You can trust where your data is stored and secured.

In May 2021, Microsoft started the new plan “EU Data Boundary for the Microsoft Cloud” to store and process all data from European customers within the European Union. This will apply to all European Azure, Microsoft 365 and Dynamics 365 customers.
Microsoft is the first major cloud provider to have such a plan and expects to have implemented all necessary technical changes by the end of 2022.

>> Read more

#didyouknow: In Europe, Microsoft has 14 regions with data centers: Ireland, Paris, Middenmeer, Marseille, London, Cardiff, Frankfurt, Magdeburg, Berlin, Zurich, Geneva, Stavanger and Oslo.

Security model in Dynamics 365 & Power Platform

In general, Dynamics 365 and Power Platform follow the same architecture as the Azure security platform. This platform consists of several layers of protection:

• encryption
• secure virtual network gateway
• key logs
• malware protection and threat detection
• access control through authentication and authorization

Below we explain 3 layers of protection in more detail.

1. Encryption

Microsoft uses encryption technology to encrypt customer data in Dynamics 365 and Power Platform so that others can’t just read this customer data. By default, the Dynamics 365 and Power Platform apps use SQL Server encryption for a set of standard fields on certain standard entities (tables) that contain sensitive information, such as usernames and e-mail passwords.

2. Access control via authentication

Only authenticated users with Dynamics 365 and Power Platform user rights can establish a connection. Dynamics 365 and Power Platform use Microsoft Azure Active Directory (Azure AD) to identify users. The Azure Active Directory provides single sign-on, conditional access, and multi-factor authentication.

One of the authentication steps that Microsoft uses is Multi-Factor Authentication (MFA), a two-step verification method and therefore excellent access security for your applications. Once activated, this prompts users for additional authentication to complete a login, such as a code sent to the user’s phone via SMS. It is widely believed that enabling MFA options blocks 99.9% of automated cyber attacks.

3. Access control through authorization

In Dynamics 365 and Power Platform, you can also set security roles and privileges to give users access.

A security role determines how different types of records are accessible to a particular category of users, such as salespeople, marketers, managers, etc. You can control access to data in Dynamics 365 by modifying existing security roles, creating new security roles, or giving users distinct security roles. In addition, users can cumulate multiple security roles.

Privileges are then the detailed access rights assigned to different security roles. You can make the exact access rights for data mandatory and ensure that users only have access to data when necessary. In this way, unnecessary and misuse of data can be prevented, thus guaranteeing better data confidentiality.

Each security role consists of record-level privileges (1) and task-based privileges (2).

• (1) Record-level privileges determine which tasks a user with access to the record can perform, such as Read, Create, Delete, Write, Assign, Share, Add, and Add to.
• (2) Task-based privileges give a user permissions to perform specific tasks, such as approving and publishing knowledge articles for example.

Different categories of security roles

Every user of Dynamics 365 and Power Platform must have a security role to sign in. There are several categories that determine what a user can access with their security role.

• Business units: the business unit is part of an organization and allows to set the same security level for everyone who is in that part of the organizational structure. Business units can be applied for departmentalization by geographical location, type of business function, product or service, target group or market.
• Role-based security: a group of permissions assigned to a user, based on the user’s job responsibilities.
• Teams: a collection of users, everyone on that team is associated with the security role. The user inherits the rights from the Team as long as they’re part of it.
• Hierarchy security: access rights for users based on their position in the corporate hierarchy.
• Record-based security: security of entities and what action can be taken on individual records by users or teams.

Extra security tips from Net IT

From our experience, we give 5 tips for a logical and maintenance-friendly management of security roles in Microsoft Dynamics 365.
>> Read more

Conclusion

The efficiency of a security model largely depends on its proper implementation. The Dynamics 365 and Power Platform security model provides the necessary features to build a strong and secure platform. But first, you need to fine-tune the different user roles within your organization to tailor the implementation of the security model to your needs. Get expert help from Net IT.