Applies to Product - Dynamics 365 for Finance and Operations (on-premises)
What’s happening?
Customers are seeking options to apply data masking and encryption for sensitive data at both the application layer and database layer in Dynamics 365 Finance and Operations (D365 F&O). The goal is to restrict visibility of sensitive data, such as payroll information, to specific users while allowing IT support to access the application without seeing this data.
Reason:
The requirement for data masking and encryption arises from security compliance needs, particularly for digital banking operations, which are critical for going live with the application. The current product offerings do not fully support the requested encryption features at the application level.
Resolution:
- Role-Based Security Configuration:
- To restrict access to sensitive data, configure role-based security. For example, if a user should not see certain data, assign them a role that does not include access to that data.
- Navigate to the relevant form (e.g., Account Payable > Purchase Order > All Purchase Orders).
- Click on "Security Diagnostics" to view the list of roles, duties, and privileges.
- Assign or do not assign roles/duties/privileges based on the required access level.
- Extensible Data Security (XDS) Policies:
- Implement XDS policies to enforce record-level security. This allows specific users to see only certain records, such as vendor accounts, based on defined criteria.
- Documentation Links:
- Review the following Microsoft documentation for detailed guidance on implementing security measures:
- Feature Request:
- If the required encryption features are not available, it is recommended to submit a feature request through the Ideas Portal for future consideration by the engineering team.
- Next Steps:
- Await feedback from the customer regarding the provided information and any further questions they may have.
