web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Out of the Box Securit...
Finance | Project Operations, Human Resources, ...
Answered

Out of the Box Security for D365 FinOps (Cloud)

(0) ShareShare
ReportReport
Posted on by jford89 5

Hi all

I'm responsible for reviewing the Security implementation of D365 FinOps (Cloud) for a client and need a bit of assistance understanding where this configuration is located.

I've been reading much on the security configuration documentation as well as played around within both the System Admin and LCS web interfaces.

It appears to me that most of the security configuration is focused on User / Role segregation, which is all well and good but leaves me with a few questions:

Is there any built in DDOS protection, can this be configured?
Is there any alerting mechanisms that can be setup to recognize web attacks taking place (SQL Injections, Brute forcing, login creds, etc)
Is there any Web Application Firewall (WAF) Intrusion Detection / Prevention System (IDS / IPS)
Are there any other security controls other than just User Role / Permission Segregation and timeout settings?
If somebody could point me in the correct direction for the correct resources, it would be appreciated.

Kind Regards

Jason

I have the same question (0)
  • Verified answer
    Sukrut Parab Profile Picture
    Sukrut Parab 71,710 Moderator on at

    D365 security is all Role based which you already know and there is nothing to configured inside  F&O application like DDoS protection or other things you mentioned. The only thing you can do with in F&O is create new roles based on existing roles in order to meet your requirement or try to use out of the box roles. Everything is Located under Module Sys Admin > Security > Security configuration form. 

    Production and UAT  servers are Microsoft Managed and they are responsible  for management of those servers , you can not do anything on those servers.

    In short

  • Verified answer
    Andrew Xu Profile Picture
    Andrew Xu 3,877 on at

    Any user to access D365fo needs to be authenticated by Azure Active Directory. So ddos protection, WAF etc. are taken care by AAD already.

    Inside of D365fo, role based security is used to authorize the user to access the elements like menu items, buttons, web controls and so on.

    Additionally, at data record level, D365of uses extensible data security framework to restrict the access of table records. 

    you can find more details here,

    docs.microsoft.com/.../security-architecture

  • Verified answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,170 Super User 2025 Season 2 on at

    Hi Jason,

    Valid questions! Microsoft Azure and AAD are taking care of DDOS attacks. Monitoring and reacting on it is done by Microsoft employees. That is one of the advantages of using cloud services.

    Can you also explain what you expect with the last question? (Are there any other security controls other than just User Role / Permission Segregation and timeout settings?) This is a broad question. Are you looking for some specific features?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 449 Super User 2025 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 422 Most Valuable Professional

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 239 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans