Breaking news from around the world
Get the Bing + MSN extension
Now Available in Community - MBAS 2019 Presentation Videos
Catch the most popular sessions on demand and learn how Dynamics 365, Power BI, Power Apps, Power Automate, and Excel are powering major transformations around the globe. | View Gallery
2019 release wave 2 Discover the latest updates and new features to Dynamics 365 planned through March 2020
Release overview guides and videos Release Plan | View virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Talent TechTalks | Upcoming TechTalks
I'm responsible for reviewing the Security implementation of D365 FinOps (Cloud) for a client and need a bit of assistance understanding where this configuration is located.
I've been reading much on the security configuration documentation as well as played around within both the System Admin and LCS web interfaces.
It appears to me that most of the security configuration is focused on User / Role segregation, which is all well and good but leaves me with a few questions:
Is there any built in DDOS protection, can this be configured?Is there any alerting mechanisms that can be setup to recognize web attacks taking place (SQL Injections, Brute forcing, login creds, etc)Is there any Web Application Firewall (WAF) Intrusion Detection / Prevention System (IDS / IPS) Are there any other security controls other than just User Role / Permission Segregation and timeout settings?If somebody could point me in the correct direction for the correct resources, it would be appreciated.
D365 security is all Role based which you already know and there is nothing to configured inside F&O application like DDoS protection or other things you mentioned. The only thing you can do with in F&O is create new roles based on existing roles in order to meet your requirement or try to use out of the box roles. Everything is Located under Module Sys Admin > Security > Security configuration form.
Production and UAT servers are Microsoft Managed and they are responsible for management of those servers , you can not do anything on those servers.
Any user to access D365fo needs to be authenticated by Azure Active Directory. So ddos protection, WAF etc. are taken care by AAD already.
Inside of D365fo, role based security is used to authorize the user to access the elements like menu items, buttons, web controls and so on.
Additionally, at data record level, D365of uses extensible data security framework to restrict the access of table records.
you can find more details here,
Valid questions! Microsoft Azure and AAD are taking care of DDOS attacks. Monitoring and reacting on it is done by Microsoft employees. That is one of the advantages of using cloud services.
Can you also explain what you expect with the last question? (Are there any other security controls other than just User Role / Permission Segregation and timeout settings?) This is a broad question. Are you looking for some specific features?
Business Applications communities