This is part 2 in our series dedicated to the security of your ERP system, specifically Microsoft Dynamics 365 Business Central (fondly known as BC). In part 1 we looked at security measures that apply to Dynamics 365 in general. If you missed that article, you can catch up on it here:
But today we are delving deeper into BC security for each of the 2 BC versions, online and on-premises.
Security in Microsoft Dynamics 365 Business Central Online
Data isolation and encryption
Data belonging to a single tenant is stored in an isolated database and is never mixed with data from other tenants. This ensures complete isolation of data in day-to-day use as well as in backup-restore scenarios. Furthermore, Business Central Online uses encryption to help protect tenant data:
Data is encrypted at-rest by using Transparent Data Encryption (TDE) and backup encryption.
Data backups are always encrypted.
All network traffic inside the service is encrypted by using industry-standard encryption protocols.
We recommend that you use encrypted network protocols to connect to the PowerBI server and Business Central web services. For more information, see the following articles:
Security in Microsoft Dynamics 365 Business Central On-Premises
Business Central Server handles communication between clients and databases, controlling authentication, event logging, scheduled tasks, reporting, and more. The following articles explain how to improve the security of Business Central Server instances.
In order to improve the security of connections from the clients to the Business Central Server, you need to properly configure SSL and understand how to use security certificates. These articles will help:
For a Business Central Server instance to connect to and access a database in SQL Server, the server instance must be authenticated by the database. As in SQL Server, Business Central supports two authentication modes for database communication: Windows Authentication and SQL Server Authentication. When you set up Business Central, you must ensure that database authentication is configured correctly on both the server instance and database, otherwise, the server instance will not be able to connect to the database.
This article discusses configurations that you can perform on the Business Central Server and also, how to create and import your own encryption key: