We’ve heard from a number of customers who are looking to upgrade to Microsoft Dynamics 365 Business Central as a Software as a Service (SaaS) solution but are concerned about the security of the product. In this blog post, we aim to show you the various security measures that Microsoft have in place to ensure Business Central is a safe and secure SaaS solution.
Business Central SaaS is governed by Microsoft’s Modern Lifecycle Policy, this means that there are continuous service updates and a major update to the product every 6 months, in April and October.
Enterprise business solutions must have a built-in security system that helps protect your database and the information that it contains from unauthorised access. It must also allow you to specify what authorized users are allowed to do in the database—such as what data they can read and modify.
Microsoft’s ‘Application Security’ is in place to improve the security of your Business Central application regardless of where it is hosted. Business Central uses a layered approach to application security:
Authentication: Before users can sign-in to Business Central, they must be authenticated as a valid user in the system. Business Central SaaS uses Azure Active Directory (Azure AD) to ensure seamless, highly secure access.
Authorization: Once authenticated, authorisation determines which areas that a user can access, such as the pages and reports that they can open and the permissions they have on associated data.
Auditing: Business Central includes several auditing features that help you track information about who is signing-in, what their permissions are, what data they have changed, and more.
Data Encryption: You can encrypt data on the Business Central server by generating new or importing existing encryption keys that you enable on the Business Central server instance that connects to the database.
Security Development Lifecycle: Microsoft’s Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development.
Microsoft’s ‘Online Security’ is used to improve the security of your Dynamics 365 Business Central tenant.
Authentication: Business Central Online uses Azure AD as the authentication method, which is automatically set up and managed for you.
Encryption: Business Central Online uses encryption to help protect data:
- Data is encrypted at-rest by using Transparent Data Encryption (TDE) and backup encryption
- Data backups are always encrypted
- All network traffic inside the service is encrypted by using industry standard encryption protocols.
Service integration: We recommend that you use encrypted network protocols to connect to the PowerBI server and Business Central web services.
How your data is stored
When deploying Business Central SaaS, it will be deployed into a Microsoft Azure datacentre (also referred to as ‘regions’). These databases are protected by automatic backups. Full database backups are done weekly, differential database backups are done hourly and transaction log backups are done every five minutes. Automatic backups are retained for 14 days. When signing up for Business Central you will select a country that specifies the geography (also referred to as ‘geo’) where their customer data will be stored. There are two Azure regions in the UK:
- UK South (London)
- UK West (Cardiff, Durham)
No matter where customer data is stored, Microsoft does not control or limit the locations from which customers or their end-users may access customer data.
Microsoft may replicate customer data to other available regions within the same geography for data durability but will not transfer customer data outside the selected Azure geographic location (geo) for Dynamics 365 Business Central unless because of the exceptions named here.
We hope this blog post has cleared up any concerns you may be facing about the security of Business Central as a SaaS solution. You can view the official Microsoft documents about Application Security, Online Security and how your data is stored here. Feel free to get in touch with us if you’re interested in implementing Business Central for your business or, alternatively, download our comprehensive upgrade guide down below.