web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / BC on prem web client ...
Small and medium business | Business Central, N...
Unanswered

BC on prem web client security

(0) ShareShare
ReportReport
Posted on by EssexRocks 49

In light of the big increase in cyber crime I would like to ask what steps are being taken to ensure BC on prem is secure for users accessing over the internet.

I can see there appears to be no security other than a password if the BC is set to use NAVUserPassword. There is no failed login attempt lock out or password expiry policy. The same appears to be for Windows. I noticed that a brute force attack seems to slow the login refresh as more attempts are tried. There might be some process that delays the next login attempt based on the number of failed attempts but this would be crude. 

Therefore it looks to me that using AccessControl Service and linking this to AAD with MFA enabled is a possible route but I have not tried this to see how it works. There is an option to set the access to only allow known user ip addresses on the firewall but that is problematic given the remote working and non static ips in use.

Any guidance and comments on this would be appreciated.

I have the same question (0)
  • Andy Sather Profile Picture
    Andy Sather on at

    I am not an On Prem Engineer, but I did see we have a security doc for the on prem version

    docs.microsoft.com/.../security-onpremises

  • Marco Mels Profile Picture
    Marco Mels on at

    Hello,

    Correction: within later CU's, for NavUserPassword there is a failed login attempt lock build in. That was added to the product via hot fix. Partners just need to configure it. Part of security measurements means that partners upgrade their customer base to later / latest CU's and / or later / latest releases. The latter is preferred.

    Modern authentication is indeed way to go where this is all build in out of the box. To get all the rich features that are discussed here, these are included in latest release. Other supported releases will get these in a future CU if possible and as soon as possible (support for OAUTH, etc.):

    docs.microsoft.com/.../identity-management-best-practices

    We however still see a lot of customers raise requests for older CU's (even RTM) for older releases via their respective partners.

    Thanks.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,126

#2
Khushbu Rajvi. Profile Picture

Khushbu Rajvi. 744 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 674 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans