In the summer of 2018, the US Department of Homeland Security issued a warning via the US Computer Emergency Readiness Team (US-CERT), that ERP systems are being increasingly targeted by very dangerous threat actors, included nation states, hacktivists and cyber criminals.

ERP and other business management systems are very high value targets for attackers. They contain the “crown jewels” for many businesses. Not only financial and billing data but intellectual property, logistics data, human resources information and much more.

Starting today, the Business Central team will be posting a series of posts aimed at helping our partners and customers secure themselves better. This is part of the “1st is 3rd principle”, where whatever we learn as Microsoft, we seek to pass on to our partners and customers.

In this post I want to pass on some battle tested hardening advice for you to apply to you your on-premises NAV/Business Central installations and introduce our new Security documentation structure.

Security hardening on-​premises

My fellow blog authors Jens Møller-Pedersen and Kennie Nybo Pontoppidan presented a great session at both Directions North America 2018 and Directions EMEA 2018, titled “Security hardening on-​prem and the service”. It is hard to beat a live session, but the deck the team used in the session is jammed with great advice on how you can harden your environments. You can find a PDF of the presentation here.

Introducing our new Security documentation structure

We are currently overhauling the Security related documentation on docs.microsoft.com.

The Security and Protection section now has three new landing pages where we are grouping content related to Application, Online and On-premises security. This is to help you find more actionable guidance relevant to your circumstances.  

We are just starting this reorganization, so we would very much appreciate your candid feedback on the structure and content in the comments.

We are particularly interested in what’s missing, outdated or lacking sufficient depth. 

We would also be interested in hearing about what Security related topics are of most interest to you, so we can address them in future posts.

Finally, you can get a list of all posts in the Holiday count down series here:

https://community.dynamics.com/business/b/financials/archive/2018/11/28/counting-down-to-the-holidays-with-daily-blogs