web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Dynamic 365 finance an...
Finance | Project Operations, Human Resources, ...
Answered

Dynamic 365 finance and operation database encryption

(2) ShareShare
ReportReport
Posted on by MS-29011540-0 277
Hello all,
Hope you all are doing well,
Is there any way to encrypt on-premise D365FO database and the application can communicate normally but even if i use SSMS and wrote SQL queries i can't view data?
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Suggested answer
    Komi Siabi Profile Picture
    Komi Siabi 13,120 Most Valuable Professional on at
    Hello, 
     
    Please, note that Finance and Operations data are always ensure the business data is encrypted when written to the DB and when read from it using the Data Encryption certificate. 
     
    If you do not want some users to have access to the machine where the SQL DB is; simply do not give them access, as the data are stored in plain text in the tables on the database.
  • MS-29011540-0 Profile Picture
    MS-29011540-0 277 on at
    @Komi Siabi 
    Do you mean during communication between the two servers?
    If so, i need the data in the database itself to be encrypted, the data itself.
    Thanks for replying
  • Verified answer
    Komi Siabi Profile Picture
    Komi Siabi 13,120 Most Valuable Professional on at
    If you need to encrypt the data itself on the DB, I know you can use TDE which I have not had reason to try myself yet. 
    You can follow this Linkedin post as guide.
     
  • MS-29011540-0 Profile Picture
    MS-29011540-0 277 on at
    @Komi Siabi
    But TDE encrypts the data file and the log file, but the data itself isn't encrypted which means if i query through SSMS i would get the data as plaintext, but what i wanted if i query through SSMS the resulted data is encrypted so that i can't read it.
  • Martin Dráb Profile Picture
    Martin Dráb 237,990 Most Valuable Professional on at
    I don't understand. If you want someone not to be able to read any data in the database, why do you give him permissions to read the data?
     
    What is the actual problem that you're trying to solve?
  • MS-29011540-0 Profile Picture
    MS-29011540-0 277 on at
    @Martin Dráb
    The client asked if it's feasible because he's willing to prevent IT department itself from viewing the data, I know that has many issues like heavy performance, integration problems, ... 
    I think it's not a practical solution and there may be other ways to do so with encrypting the database itself, but my company would like to know if it's feasible or no?
  • Martin Dráb Profile Picture
    Martin Dráb 237,990 Most Valuable Professional on at
    The question is still the same: what's the goal? You can't design a solution without understanding what the people needs to be able to do and what they mustn't.
     
    They seem to say that IT department don't need access to any data inside the database. For example, maybe they need to do things like dealing with the storage of DB backups, which doesn't require access to the data inside. You mentioned a requirement to actually query the data in SSMS, but why? What's the point of querying data if they shouldn't have access to the data? There may be reasons, of course, but the current requirement ("to prevent IT department itself from viewing the data") doesn't include them.
     
    Also, who will manage the configuration, policies, encryption keys or so if not the IT department? For example, do you distinguish between application admins (not belonging to IT dept) and infrastructure admins?
  • MS-29011540-0 Profile Picture
    MS-29011540-0 277 on at
    @Martin Dráb
    You are totally right, but i was just asked to search and respond with if it's applicable or not? then i can talk about pros and cons  :)
     
  • Verified answer
    Martin Dráb Profile Picture
    Martin Dráb 237,990 Most Valuable Professional on at
    It really depends on what they actually need. There is no single answer valid for all possible requirements.
  • Verified answer
    Anton Venter Profile Picture
    Anton Venter 20,346 Super User 2025 Season 2 on at
    Hi,
     
    The short answer is no. Encrypting all the data in the database cannot be done out of the box and is not something that you would want to implement. It would be a monumental task and not worth it. Network / system / domain administrators will always be able to access all data in the IT landscape by either accessing the applications as users or through the database backups.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Abhilash Warrier Profile Picture

Abhilash Warrier 669 Super User 2025 Season 2

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 449 Super User 2025 Season 2

#3
Martin Dráb Profile Picture

Martin Dráb 384 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans