Hi All,
we have a client that did a test and found the below outputs and want us to fix them before going live, any D365FFO on-premises security expert may help us on the below output especially the Cross-Site Request Forgery
Finding
Severity
Cross-Site Request Forgery
Moderate
Missing or insecure "X-XSS-Protection" header
Low
Missing or insecure Cross-Frame Scripting Defense
Older TLS Version is Supported
SHA-1 cipher suites were detected
Did your customer share any more details about their analysis than this list? Perhaps if we could see how they came into that conclusion it would be easier to comment on it.
Thank you nikolaos,
no they only shared this table with us.
Regards,
Then I suggest asking them for more details. You want to know what the problem is before you start solving it.
Also please remember that you can't control the architecture of D365FO itself - so if these comments are related to the application itself, how it handles logins, sessions and security, there's not much you or your customer can do.
And if they have hard requirements on such areas, they should actually evaluate them before choosing the ERP system, not just before golive :)
Thank you Nikolaos,
i've asked the client for details and will revert back once i get them.
Thanks a lot.
Thanks Nikolaos,
The customer has agreed on it.
Thanks for your usual help.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Pallavi Phade as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
André Arnaud de Cal... 734 Super User 2025 Season 2
CA Neeraj Kumar 636
Martin Dráb 553 Most Valuable Professional
