Security in Microsoft Dynamics 365 Business Central Online and BC On-Premises

Security concept: Closed Padlock on digital background

This is part 2 in our series dedicated to the security of your ERP system, specifically Microsoft Dynamics 365 Business Central (fondly known as BC). In part 1 we looked at security measures that apply to Dynamics 365 in general. If you missed that article, you can catch up on it here:

The 3 “A”s of ERP Security = Authentication, Authorization, Auditing

But today we are delving deeper into BC security for each of the 2 BC versions, online and on-premises.

Security in Microsoft Dynamics 365 Business Central Online

Data isolation and encryption

Data belonging to a single tenant is stored in an isolated database and is never mixed with data from other tenants. This ensures complete isolation of data in day-to-day use as well as in backup-restore scenarios. Furthermore, Business Central Online uses encryption to help protect tenant data:

  • Data is encrypted at-rest by using Transparent Data Encryption (TDE) and backup encryption.

  • Data backups are always encrypted.

  • All network traffic inside the service is encrypted by using industry-standard encryption protocols.

Service integration

We recommend that you use encrypted network protocols to connect to the PowerBI server and Business Central web services. For more information, see the following articles:

Connect to Business Central with Power BI Using Security Certificates with Business Central On-Premises

Security in Microsoft Dynamics 365 Business Central On-Premises

Server Security

Business Central Server handles communication between clients and databases, controlling authentication, event logging, scheduled tasks, reporting, and more. The following articles explain how to improve the security of Business Central Server instances.

Hardening Business Central Server Security Locking Down Server Communication settings

Client Security

In order to improve the security of connections from the clients to the Business Central Server, you need to properly configure SSL and understand how to use security certificates. These articles will help:

Configuring SSL to Secure the Client Connections Using Security Certificates with Business Central On-Premises

Database Security

For a Business Central Server instance to connect to and access a database in SQL Server, the server instance must be authenticated by the database. As in SQL Server, Business Central supports two authentication modes for database communication: Windows Authentication and SQL Server Authentication. When you set up Business Central, you must ensure that database authentication is configured correctly on both the server instance and database, otherwise, the server instance will not be able to connect to the database.

This article discusses configurations that you can perform on the Business Central Server and also, how to create and import your own encryption key: